CVE-2026-49048 - The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by

CVE-2026-13504 - A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability af

CVE-2026-13503 - A vulnerability was detected in antlr ANTLR4 up to 4.13.2. Affected by this issue is the function ge

CVE-2026-13502 - A flaw has been found in antlr ANTLR4 up to 4.13.2. This affects the function ObjectInputStream.read

CVE-2026-13501 - A security vulnerability has been detected in antlr ANTLR4 up to 4.13.2. Affected by this vulnerabil

CVE-2026-13500 - A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the

CVE-2026-13499 - A security flaw has been discovered in yashpokharna2555 restaurent-management-system. This impacts a

CVE-2026-13498 - A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an unk

CVE-2026-13497 - A vulnerability was determined in itsourcecode Hospital Management System 1.0. The impacted element

CVE-2026-13496 - A vulnerability was found in itsourcecode Hospital Management System 1.0. The affected element is an

CVE-2026-13495 - A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknow

CVE-2026-13493 - A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown proce

CVE-2026-13491 - A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the functio

CVE-2026-13490 - A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects t

CVE-2026-13489 - A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the functi

CVE-2026-13488 - A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. A

CVE-2026-13487 - A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected is

CVE-2026-13486 - A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This i

CVE-2026-13485 - A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an u

CVE-2026-13484 - A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacte

CVE-2026-13483 - A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_cr

CVE-2026-13482 - A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function usernam

CVE-2026-10646 - Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a po

CVE-2026-10644 - The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH S

CVE-2026-10593 - The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE

CVE-2026-58058 - Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_ge

CVE-2026-58057 - Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a cas

CVE-2026-58056 - RustDesk gates incoming control messages on per-capability flags rather than on the session's author

CVE-2026-58055 - nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Cont

CVE-2026-58054 - MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when cre

CVE-2026-58053 - Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options

CVE-2026-58052 - 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5

CVE-2026-58051 - libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new e

CVE-2026-58050 - libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsyste

CVE-2026-58049 - FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at t

CVE-2026-8095 - The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File

CVE-2026-10643 - Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()

CVE-2026-49416 - The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large valu

CVE-2026-49414 - The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code

CVE-2026-49417 - Second, the audio buffer backing a mapping could be freed when the device was closed even though the

CVE-2026-49413 - The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID

CVE-2026-49412 - The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter l

CVE-2026-45259 - sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, bu

CVE-2026-45258 - dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset an

CVE-2026-9242 - The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin

CVE-2026-9233 - The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to

CVE-2026-3462 - The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missi

CVE-2026-13295 - The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-12471 - The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check

CVE-2026-12432 - The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up t

CVE-2026-12399 - The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to

CVE-2026-11987 - The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Et

CVE-2026-11783 - The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Et

CVE-2026-11773 - The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to

CVE-2026-11597 - The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scriptin

CVE-2026-11364 - The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modifi

CVE-2026-9677 - The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape th

CVE-2026-13245 - The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting

CVE-2026-12404 - The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorizat

CVE-2026-10820 - The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict C

CVE-2026-12415 - The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing ca

CVE-2026-13422 - The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.

CVE-2026-13335 - The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scri

CVE-2026-13333 - The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to ge

CVE-2026-13331 - The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to ge

CVE-2026-11356 - The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site S

CVE-2025-59868 - HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability

CVE-2023-37524 - HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.

CVE-2026-56414 - A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticate

CVE-2026-55975 - A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanit

CVE-2026-33560 - The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are expos

CVE-2026-31928 - The DMP-5000 devices are shipped with a default administrative web account with weak authentication

CVE-2026-28701 - Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated rem

CVE-2026-55069 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability e

CVE-2026-53577 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previ

CVE-2026-53576 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the authe

CVE-2026-50767 - A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Libra

CVE-2026-50766 - A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Manag

CVE-2026-50765 - Cross-Site Scripting (XSS) vulnerability in the patron restriction type administration page of Koha

CVE-2026-49984 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.23, the local

CVE-2026-49869 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, Authentic

CVE-2026-45807 - Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.43 and 1.3.19, several K

CVE-2026-38571 - Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory r

CVE-2026-36908 - A stack overflow in the AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity component of axiomatic-system

CVE-2026-36907 - A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component of axiomatic-systems Bento4 before v1.8

CVE-2026-36478 - An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of se

CVE-2026-54353 - Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation p

CVE-2026-54352 - Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packag

CVE-2026-54351 - Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budib

CVE-2026-54350 - Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any p

CVE-2026-52885 - Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the

CVE-2026-52884 - Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory() does NOT

CVE-2026-50137 - Budibase is an open-source low-code platform. Prior to 3.39.0, an anonymous attacker who knows or ca

CVE-2026-50136 - Budibase is an open-source low-code platform. Prior to 3.39.3, the application server exposes an una

CVE-2026-50132 - Budibase is an open-source low-code platform. Prior to 3.39.0, `GET /api/chat-links/:instance/:token

CVE-2026-48800 - Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <Command> tag text con

CVE-2026-48778 - Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the <GUIConfig name="comma

CVE-2026-48770 - Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the sam

CVE-2026-46710 - Notepad++ is a free and open-source source code editor. From 8.9.4 until 8.9.6, Notepad++ contains a

CVE-2026-46604 - The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.

CVE-2026-39031 - Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key ar

CVE-2026-38641 - An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Deni

CVE-2026-38639 - An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to

CVE-2024-23581 - The HCL Traveler for Microsoft Outlook libraries are being flagged as potentially malicious software

CVE-2026-55838 - RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-t

CVE-2026-55189 - RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9,

CVE-2026-55188 - RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9,

CVE-2026-53324 - In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for d

CVE-2026-53323 - In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netd

CVE-2026-53322 - In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs befo

CVE-2026-53321 - In the Linux kernel, the following vulnerability has been resolved: io_uring/napi: cap busy_poll_to

CVE-2026-53320 - In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bd_oblocknr

CVE-2026-53319 - In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE fr

CVE-2026-53318 - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NUL

CVE-2026-53317 - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper

CVE-2026-53316 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in

CVE-2026-53315 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in

CVE-2026-53314 - In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callbac

CVE-2026-53313 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL der

CVE-2026-53312 - In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows o

CVE-2026-53311 - In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fuse_

CVE-2026-53310 - In the Linux kernel, the following vulnerability has been resolved: soc/tegra: cbb: Fix cross-fabri

CVE-2026-53309 - In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dl

CVE-2026-53308 - In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free a

CVE-2026-53307 - In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully

CVE-2026-53306 - In the Linux kernel, the following vulnerability has been resolved: tty: hvc_iucv: fix off-by-one i

CVE-2026-53305 - In the Linux kernel, the following vulnerability has been resolved: usb: typec: ps883x: Fix Oops at

CVE-2026-53304 - In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup i

CVE-2026-53303 - In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extension_list re

CVE-2026-53302 - In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey

CVE-2026-53301 - In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null re

CVE-2026-53300 - In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix NTMP DMA use-af

CVE-2026-53299 - In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initial

CVE-2026-53298 - In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initial

CVE-2026-53297 - In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana_remove ag

CVE-2026-53296 - In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free cha

CVE-2026-53295 - In the Linux kernel, the following vulnerability has been resolved: mailbox: add sanity check for c

CVE-2026-53294 - In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't fr

CVE-2026-53293 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPU_INFO_REA

CVE-2026-53292 - In the Linux kernel, the following vulnerability has been resolved: net: phonet: do not BUG_ON() in

CVE-2026-53291 - In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing

CVE-2026-53290 - In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drm_dev_put

CVE-2026-53289 - In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereferen

CVE-2026-53288 - In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page fo

CVE-2026-53287 - In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritabl

CVE-2026-53286 - In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-a

CVE-2026-53285 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 pha

CVE-2026-53284 - In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty p

CVE-2026-53283 - In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid i

CVE-2026-53282 - In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Push kjump return ad

CVE-2026-53281 - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer

CVE-2026-53280 - In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group->domain d

CVE-2026-53279 - In the Linux kernel, the following vulnerability has been resolved: drm/gma500/oaktrail_lvds: fix h

CVE-2026-53278 - In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Check whether the con

CVE-2026-52785 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there

CVE-2026-52784 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there

CVE-2026-52783 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenP

CVE-2026-52782 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there

CVE-2026-52781 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the H

CVE-2026-52780 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache

CVE-2026-52779 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cro

CVE-2026-49991 - RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users wi

CVE-2026-49355 - OpenProject is open-source, web-based project management software. Prior to 17.4.0, `GET /api/v3/mee

CVE-2026-47193 - OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the j

CVE-2026-46386 - OpenProject is open-source, web-based project management software. Prior to , the official openproje

CVE-2026-44736 - OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/

CVE-2026-44735 - OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the G

CVE-2026-44734 - OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Mis

CVE-2026-44733 - OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Busin

CVE-2026-44732 - OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, OpenP

CVE-2026-44731 - OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the w

CVE-2026-44696 - OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's ri

CVE-2026-32833 - Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerabili

CVE-2026-29509 - Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patool

CVE-2026-54753 - Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0

CVE-2026-48090 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 u

CVE-2026-47220 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 u

CVE-2026-47205 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 u

CVE-2026-13372 - Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote

CVE-2026-56876 - extract-zip does not validate symlink targets when extracting zip archives. When processing a malici

CVE-2026-55448 - mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise

CVE-2026-55441 - mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feat

CVE-2026-54557 - mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP bac

CVE-2026-54341 - Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a craf

CVE-2026-48743 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35

CVE-2026-48706 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 u

CVE-2026-48497 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35

CVE-2026-48044 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 u

CVE-2026-48042 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35

CVE-2026-47778 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35

CVE-2026-47775 - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35

CVE-2026-47692 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 u

CVE-2026-47221 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 u

CVE-2026-47207 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.34.0 u

CVE-2026-47206 - Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragon

CVE-2026-47204 - Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.26.0 u

CVE-2026-33646 - mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .

CVE-2026-57518 - Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users wit

CVE-2026-57231 - Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image tha

CVE-2026-56823 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2026-56663 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2026-55686 - Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious c

CVE-2026-55677 - Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagre

CVE-2026-54636 - Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json f

CVE-2026-48529 - GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mod

CVE-2026-45408 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$

CVE-2026-45407 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc usi

CVE-2026-45406 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an ap

CVE-2026-45405 - Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract

CVE-2026-28385 - In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery (SSRF) vulnerability in th

CVE-2026-13434 - A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineI

CVE-2026-11779 - An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient acce

CVE-2025-32423 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2025-32394 - AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificia

CVE-2026-9640 - A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.

CVE-2026-9639 - Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux a

CVE-2026-5757 - Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine al

CVE-2026-47214 - Docling simplifies document processing by parsing diverse formats and providing integrations with th

CVE-2026-45195 - Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmwar

CVE-2026-44018 - Docling simplifies document processing by parsing diverse formats and providing integrations with th

CVE-2026-21734 - A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can tri

CVE-2026-12411 - Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrust

CVE-2026-0828 - Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11

CVE-2026-0685 - Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine

CVE-2025-11919 - The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` o

CVE-2023-20572 - An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-for

CVE-2023-20540 - An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-for

CVE-2026-9699 - Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from th

CVE-2026-57667 - Sales Representative SQL Injection in Groundhogg <= 4.5 versions.

CVE-2026-57665 - Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.

CVE-2026-57664 - Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versio

CVE-2026-57663 - Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.

CVE-2026-57662 - Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.

CVE-2026-57661 - Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.

CVE-2026-57660 - Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.

CVE-2026-57659 - Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <=

CVE-2026-57658 - Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.

CVE-2026-57657 - Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.

CVE-2026-57656 - Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.

CVE-2026-57655 - Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

CVE-2026-57654 - Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.

CVE-2026-57653 - Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.

CVE-2026-57652 - Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.

CVE-2026-57651 - Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.

CVE-2026-57650 - Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.

CVE-2026-57649 - Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.

CVE-2026-57648 - Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.

CVE-2026-57647 - Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versi

CVE-2026-57646 - Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.

CVE-2026-57645 - newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.