CVE-2026-45205 - Uncontrolled Recursion vulnerability in Apache Commons. When processing an untrusted configuration

CVE-2026-8468 - Allocation of Resources Without Limits or Throttling vulnerability in plug_project plug allows denia

CVE-2026-8295 - An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size

CVE-2025-68421 - Comarch ERP Optima client makes use of a hard-coded password for a database user. These credentials

CVE-2025-68420 - Comarch ERP Optima client connects to a database using a high privileged account regardless of an ap

CVE-2026-2347 - Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technolog

CVE-2025-11024 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability i

CVE-2026-6514 - The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,

CVE-2026-6512 - The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to,

CVE-2026-6504 - The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scr

CVE-2026-6206 - The MW WP Form plugin for WordPress is vulnerable to Information Exposure in all versions up to, and

CVE-2026-6174 - The CC Child Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'more'

CVE-2026-6145 - The User Registration & Membership plugin for WordPress is vulnerable to Missing Authorization in al

CVE-2026-6670 - The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and inclu

CVE-2026-6510 - The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorizat

CVE-2026-6506 - The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to,

CVE-2026-6271 - The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to

CVE-2026-6252 - The Meta Field Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tagN

CVE-2026-6225 - The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress i

CVE-2026-5395 - The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin fo

CVE-2026-5365 - The LatePoint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to

CVE-2026-5193 - The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is v

CVE-2026-3892 - The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbit

CVE-2026-3718 - The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-K

CVE-2026-3694 - The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tex

CVE-2026-8280 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10

CVE-2026-8181 - The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin fo

CVE-2026-8144 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10

CVE-2026-7481 - GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 be

CVE-2026-7471 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.9.7, 18.10 be

CVE-2026-7377 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 be

CVE-2026-6883 - GitLab has remediated an issue in GitLab EE affecting all versions from 15.7 before 18.9.7, 18.10 be

CVE-2026-6417 - The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scriptin

CVE-2026-6335 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that

CVE-2026-6073 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 be

CVE-2026-6063 - GitLab has remediated an issue in GitLab EE affecting all versions from 11.10 before 18.9.7, 18.10 b

CVE-2026-5396 - The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled

CVE-2026-5243 - The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCom

CVE-2026-4527 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.1

CVE-2026-4524 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9.1 before 18.9.7, 18.

CVE-2026-3829 - The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan plugi

CVE-2026-3607 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.3 before 18.9.7, 18.10

CVE-2026-3160 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 before 18.9.7, 18.10

CVE-2026-3074 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.9.7, 18.10

CVE-2026-3073 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.6 before 18.9.7, 18.10

CVE-2026-2900 - GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.9.7, 18.10 b

CVE-2026-1659 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10

CVE-2026-1338 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.9.7, 18.1

CVE-2026-1322 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.0 before 18.9.7, 18.10

CVE-2026-1184 - GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 be

CVE-2025-15345 - The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripti

CVE-2025-14870 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10

CVE-2025-14869 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10

CVE-2025-13874 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10

CVE-2025-12669 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.9.7, 18.1

CVE-2026-7648 - The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vul

CVE-2026-7525 - The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to authorization bypas

CVE-2026-5361 - The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RE

CVE-2026-5486 - The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'da

CVE-2026-46446 - SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows S

CVE-2026-46445 - SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.

CVE-2026-46419 - Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a funct

CVE-2026-44919 - In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum

CVE-2026-41281 - Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensi

CVE-2026-8500 - Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI applica

CVE-2026-32991 - Improper authorization checks of team members privileges allow a team member to escalate privileges

CVE-2026-29206 - Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections

CVE-2026-45158 - OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input i

CVE-2026-44478 - hoppscotch is an open source API development ecosystem. The fix for CVE-2026-28215 in version 2026.2

CVE-2026-44471 - gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be const

CVE-2026-44448 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0,

CVE-2026-44447 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints

CVE-2026-44446 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0,

CVE-2026-44445 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0,

CVE-2026-44442 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoi

CVE-2026-44441 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0,

CVE-2026-44440 - ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.101.1 and 16.10.0,

CVE-2026-44439 - PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCa

CVE-2026-44437 - The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to befo

CVE-2026-44426 - ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full

CVE-2026-44425 - ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-contro

CVE-2026-44424 - ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full devic

CVE-2026-44423 - ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full sess

CVE-2026-44369 - CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 t

CVE-2026-44195 - OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, a logic flaw in the OPNs

CVE-2026-44194 - OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote

CVE-2026-44193 - OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsen

CVE-2026-42463 - SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0,

CVE-2026-40328 - Rejected reason: This CVE is a duplicate of another CVE.

CVE-2026-40327 - Rejected reason: This CVE is a duplicate of another CVE.

CVE-2026-32993 - Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allo

CVE-2026-32992 - SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to m

CVE-2026-29205 - Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the

CVE-2026-8328 - The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv(

CVE-2026-45714 - CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template In

CVE-2026-45708 - CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission

CVE-2026-45229 - Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that

CVE-2026-45228 - Quark Drive before 0.8.5 contains a stored cross-site scripting vulnerability in the System Configur

CVE-2026-45055 - CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_U

CVE-2026-45054 - CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing pa

CVE-2026-45053 - CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload v

CVE-2026-44418 - EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput() functio

CVE-2026-44381 - MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vu

CVE-2026-44380 - MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access

CVE-2026-44379 - MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections d

CVE-2026-44377 - CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template In

CVE-2026-44376 - CubeCart is an ecommerce software solution. Prior to 6.7.0, an unauthenticated Reflected XSS vulnera

CVE-2026-44373 - Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could bypass a prox

CVE-2026-44372 - Nitro is a next generation server toolkit. Prior to 3.0.260429-beta, an attacker could turn a redire

CVE-2026-44368 - PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mul_m

CVE-2026-42602 - azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side auth

CVE-2026-42561 - Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a

CVE-2026-42304 - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4

CVE-2026-39428 - CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting (XSS) vuln

CVE-2026-39358 - CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injec

CVE-2026-21821 - The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x lib

CVE-2025-27853 - The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows its authentication to be

CVE-2025-27852 - The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a reflected cross site sc

CVE-2025-27851 - The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a cross-site origin WebSo

CVE-2025-27850 - The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a ma

CVE-2026-44364 - MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and e

CVE-2026-44363 - MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7

CVE-2026-44351 - fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.4, a critical authenticatio

CVE-2026-42552 - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::

CVE-2026-42551 - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditional

CVE-2026-42550 - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert(), SimplePdo::up

CVE-2026-42549 - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command ca

CVE-2026-42548 - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp() concatenates the ?

CVE-2026-33381 - When a user's access to mint tokens for a service account is revoked, it is sometimes still possible

CVE-2026-33380 - A vulnerability in SQL Expressions allows an authenticated attacker to read arbitrary files from the

CVE-2026-33378 - Using the $__timeGroup macro, one can achieve an OOM by overloading the server. This requires a SQL

CVE-2026-33377 - An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. T

CVE-2026-33376 - When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses sp

CVE-2026-28383 - A request to the Grafana plugin resources endpoint can cause unbounded memory allocation by reading

CVE-2026-28380 - Any Editor could delete any snapshot, even if they have no access to read or write them.

CVE-2026-28379 - A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server cra

CVE-2026-28376 - The Grafana Live push endpoint can be exploited to cause unbounded memory allocation by sending a la

CVE-2026-28374 - Editors could delete any annotation, even those they do not have read access to. The editor user can

CVE-2026-0243 - A denial of service (DoS) vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an u

CVE-2026-8496 - A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously cra

CVE-2026-8466 - Allocation of Resources Without Limits or Throttling vulnerability in ninenines cowboy allows denial

CVE-2026-44248 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-43970 - Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in ninenines cowlib a

CVE-2026-42587 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42586 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42585 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42584 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42583 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42582 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when de

CVE-2026-42581 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42580 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42579 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42578 - Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.

CVE-2026-42577 - Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Fin

CVE-2026-42032 - CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior t

CVE-2026-42031 - CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior t

CVE-2026-41410 - Rejected reason: REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-40520. Reason: Thi

CVE-2026-41255 - CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior t

CVE-2026-41132 - CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior t

CVE-2026-33585 - Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platfor

CVE-2026-33584 - Exposed Keycloak management service in the Arqit Symmetric Key Agreement Platform enables unauthori

CVE-2026-33583 - Exposure of the QKEY (used as input into the ‘OTA-Quantum’ device registration process) and interna

CVE-2026-30906 - Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an

CVE-2026-30905 - External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer b

CVE-2026-30904 - Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticat

CVE-2026-22677 - Hermes WebUI prior to 0.51.44 - Release T contains a path traversal vulnerability in the session imp

CVE-2026-0262 - Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthent

CVE-2026-0261 - Multiple command injection vulnerabilities in Palo Alto Networks PAN-OS® software enable an authenti

CVE-2026-0259 - An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B

CVE-2026-0258 - A server-side request forgery (SSRF) vulnerability in the IKEv2 implementation of Palo Alto Networks

CVE-2026-0257 - Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks

CVE-2026-0256 - A stored cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a m

CVE-2026-0251 - Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app all

CVE-2026-0250 - A buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect™ app that enables a m

CVE-2026-0249 - Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ ap

CVE-2026-0248 - An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome

CVE-2026-0247 - Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent®

CVE-2026-0246 - A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent®

CVE-2026-0245 - Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access

CVE-2026-0244 - An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables

CVE-2026-0242 - A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to exe

CVE-2026-0241 - Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass acc

CVE-2026-0240 - An information disclosure vulnerability in Trust Protection Foundation enables an authenticated atta

CVE-2026-0239 - An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticat

CVE-2026-0238 - A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbi

CVE-2026-0236 - A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly rest

CVE-2026-0235 - A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated

CVE-2026-45411 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host except

CVE-2026-45109 - Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18

CVE-2026-44582 - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16

CVE-2026-44581 - Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16

CVE-2026-44580 - Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16

CVE-2026-44579 - Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 1

CVE-2026-44578 - Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.1

CVE-2026-44009 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.

CVE-2026-44008 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, the new method neutralizeArraySpecies

CVE-2026-44007 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.1, when a NodeVM is created with nesting

CVE-2026-44006 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, It is possible to reach BaseHandler.g

CVE-2026-44005 - vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable pro

CVE-2026-44004 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc(

CVE-2026-44003 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performa

CVE-2026-44002 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class (intende

CVE-2026-44001 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2

CVE-2026-44000 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 a

CVE-2026-43999 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, NodeVM's builtin allowlist can be byp

CVE-2026-43998 - vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can

CVE-2026-43997 - vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Obj

CVE-2026-0265 - An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthentic

CVE-2026-0264 - A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-O

CVE-2026-0263 - A buffer overflow vulnerability in the IKEv2 processing of Palo Alto Networks PAN-OS® software allow

CVE-2026-0237 - An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macO

CVE-2026-44577 - Next.js is a React framework for building full-stack web applications. From 10.0.0 to before 15.5.16

CVE-2026-44576 - Next.js is a React framework for building full-stack web applications. From 14.2.0 to before 15.5.16

CVE-2026-44575 - Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.16

CVE-2026-44574 - Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16

CVE-2026-44573 - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16

CVE-2026-2695 - A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises (former 1E D

CVE-2024-48519 - Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 a

CVE-2026-8367 - aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compro

CVE-2026-6282 - A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud S

CVE-2026-6281 - A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allo

CVE-2026-45740 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, p

CVE-2026-45033 - GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.4

CVE-2026-45028 - Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the conf

CVE-2026-44665 - fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute va

CVE-2026-44664 - fast-xml-builder builds XML from JSON. In 1.1.5, the fix for CVE-2026-41650 in fast-xml-parser sanit

CVE-2026-44572 - Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16

CVE-2026-44479 - Vercel’s AI Cloud is a unified platform for building modern applications. From 50.16.0 to 52.0.0, h

CVE-2026-44470 - The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple s

CVE-2026-44467 - The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple s

CVE-2026-44459 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-44458 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-44457 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-44456 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-44455 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.

CVE-2026-44432 - urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress t

CVE-2026-44431 - urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects foll

CVE-2026-44295 - protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static cod

CVE-2026-44294 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44293 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44292 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44291 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44290 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44289 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-44288 - protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, p

CVE-2026-43489 - In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember

CVE-2026-43488 - In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt st

CVE-2026-43487 - In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM o

CVE-2026-43486 - In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_

CVE-2026-43485 - In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in AC