CVE-2026-13579 - A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issu

CVE-2026-13578 - A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this

CVE-2026-13574 - A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCReloca

CVE-2026-13573 - A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringM

CVE-2026-13572 - A vulnerability has been found in itsourcecode Hospital Management System 1.0. The impacted element

CVE-2026-13571 - A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an

CVE-2026-56457 - HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability

CVE-2026-54371 - attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr ut

CVE-2026-54370 - acl before version 2.4.0 contains a time-of-check to time-of-use (TOCTOU) race condition vulnerabili

CVE-2026-54369 - acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based fun

CVE-2026-40524 - FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the get_gl_transactions() fu

CVE-2026-40523 - FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handl

CVE-2026-40522 - FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report ha

CVE-2026-40521 - FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handl

CVE-2026-13676 - fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTT

CVE-2026-13570 - A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unkno

CVE-2026-13569 - A security vulnerability has been detected in weng-xianhu EyouCMS up to 1.7.1. This issue affects so

CVE-2026-13568 - A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability

CVE-2026-13567 - A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown

CVE-2026-13566 - A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by

CVE-2026-13565 - A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/1.php. Affect

CVE-2026-13165 - SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Centr

CVE-2026-12856 - A flaw was found in the vscode-java extension, which provides Java language support for Visual Studi

CVE-2026-12616 - The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature ve

CVE-2026-11979 - libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when runnin

CVE-2026-41992 - GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by im

CVE-2026-41991 - GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling.

CVE-2026-13564 - A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the

CVE-2026-13563 - A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of

CVE-2026-13562 - A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the

CVE-2026-13561 - A vulnerability was detected in Edimax EW-7478APC 1.04. The impacted element is the function formiNI

CVE-2026-13560 - A security vulnerability has been detected in Edimax EW-7478APC 1.04. The affected element is the fu

CVE-2026-13559 - A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown func

CVE-2026-13558 - A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects

CVE-2026-57346 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epip

CVE-2026-25707 - A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10

CVE-2026-13601 - A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation pr

CVE-2026-13557 - A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerabilit

CVE-2026-13556 - A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an u

CVE-2026-13555 - A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue

CVE-2026-13554 - A vulnerability has been found in itsourcecode Online Hotel Management System 1.0. Affected by this

CVE-2026-13553 - A flaw has been found in itsourcecode Online Hotel Management System 1.0. Affected is an unknown fun

CVE-2026-13552 - A vulnerability was detected in itsourcecode Online Hotel Management System 1.0. This impacts an unk

CVE-2026-9267 - Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds re

CVE-2026-57966 - A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromis

CVE-2026-57965 - A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer over

CVE-2026-57676 - Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar al

CVE-2026-22078 - Because O+ Connect's IPC service does not authenticate clients, external applications can escalate p

CVE-2026-13595 - A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Mi

CVE-2026-13551 - A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0

CVE-2026-13550 - A weakness has been identified in itsourcecode Baptism Information Management System 1.0. The impact

CVE-2026-13549 - A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected eleme

CVE-2026-13548 - A vulnerability was identified in itsourcecode Hospital Management System 1.0. Impacted is an unknow

CVE-2026-13547 - A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue aff

CVE-2026-13546 - A vulnerability was found in Feehi CMS up to 2.1.1. This vulnerability affects unknown code of the f

CVE-2026-13545 - A vulnerability has been found in D-Link DCS-935L 1.10.01. This affects the function sub_400E40 of t

CVE-2026-9676 - The F4 Post Tree WordPress plugin before 2.0.5 does not perform capability checks or CSRF/nonce veri

CVE-2026-13544 - A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality

CVE-2026-13543 - A vulnerability was detected in Documenso up to 2.11.0. Affected by this vulnerability is an unknown

CVE-2026-13542 - A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected

CVE-2026-13541 - A weakness has been identified in itsourcecode Hospital Management System 1.0. This impacts an unkno

CVE-2026-13540 - A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRe

CVE-2026-13539 - A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the fu

CVE-2026-10083 - The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before renderi

CVE-2025-7386 - Information exposure vulnerability in Hitachi Storage Navigator. This issue affects Hitachi Virtual

CVE-2025-2902 - Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. Th

CVE-2025-0824 - Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24,

CVE-2026-53325 - In the Linux kernel, the following vulnerability has been resolved: agp/amd64: Fix broken error pro

CVE-2026-13538 - A vulnerability was determined in Wavlink WL-NU516U1-A M16U1_V240425. The affected element is the fu

CVE-2026-13537 - A vulnerability was found in CodeAstro Human Resource Management System 1.0. Impacted is an unknown

CVE-2026-13536 - A vulnerability has been found in GotoHTTP up to 10.2. This issue affects some unknown processing of

CVE-2026-13535 - A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects

CVE-2026-13534 - A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256

CVE-2026-13533 - A security vulnerability has been detected in agentejo Cockpit CMS up to 0.12.2. Affected by this is

CVE-2026-13532 - A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this vuln

CVE-2026-13531 - A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected is an u

CVE-2026-13530 - A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unkno

CVE-2026-13529 - A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /ap

CVE-2026-13528 - A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026.04-jdk8-SNAPSHOT. The imp

CVE-2026-13527 - A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0. The affected

CVE-2026-13526 - A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknow

CVE-2026-13525 - A vulnerability was detected in CodeAstro Human Resource Management System 1.0. This issue affects t

CVE-2026-13524 - A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability

CVE-2026-13523 - A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/u

CVE-2026-13522 - A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this iss

CVE-2026-13521 - A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affect

CVE-2026-13520 - A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknow

CVE-2026-13519 - A vulnerability was found in Tenda JD12L 16.03.53.23. This impacts the function fromNatStaticSetting

CVE-2026-13518 - A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function fromAddressNat

CVE-2026-13517 - A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasic

CVE-2026-13516 - A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSe

CVE-2026-13515 - A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function form

CVE-2026-13514 - A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affec

CVE-2026-13513 - A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the

CVE-2026-13512 - A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSe

CVE-2026-13511 - A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function han

CVE-2026-13510 - A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unkn

CVE-2026-13509 - A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_fi

CVE-2026-13508 - A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the f

CVE-2026-13507 - A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to

CVE-2026-5829 - A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element

CVE-2026-5828 - A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is a

CVE-2026-4326 - The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all v

CVE-2026-5827 - A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unkno

CVE-2026-5826 - A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unkno

CVE-2026-5825 - A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects

CVE-2026-5824 - A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects

CVE-2026-5823 - A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this

CVE-2026-5815 - A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_ma

CVE-2026-5814 - A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue

CVE-2026-5813 - A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affe

CVE-2026-5812 - A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This a

CVE-2026-5811 - A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this i

CVE-2026-5173 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.

CVE-2026-4916 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9

CVE-2026-4398 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-4332 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 bef

CVE-2026-3438 - A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 th

CVE-2026-3199 - A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 throug

CVE-2026-2619 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 bef

CVE-2026-2104 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9

CVE-2026-1752 - GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 bef

CVE-2026-1516 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 b

CVE-2026-1101 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 bef

CVE-2026-1092 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9

CVE-2025-9484 - GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 bef

CVE-2025-12664 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9

CVE-2026-5919 - Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 all

CVE-2026-5918 - Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote

CVE-2026-5915 - Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed

CVE-2026-5914 - Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a us

CVE-2026-5913 - Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to per

CVE-2026-5912 - Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perf

CVE-2026-5911 - Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to

CVE-2026-5910 - Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten

CVE-2026-5909 - Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten

CVE-2026-5908 - Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten

CVE-2026-5907 - Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attac

CVE-2026-5906 - Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote

CVE-2026-5905 - Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a re

CVE-2026-5904 - Rejected reason: Determined a bug and not a vulnerability

CVE-2026-5903 - Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who

CVE-2026-5902 - Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had c

CVE-2026-5901 - Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attac

CVE-2026-5900 - Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypa

CVE-2026-5899 - Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowe

CVE-2026-5898 - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att

CVE-2026-5897 - Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5896 - Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinc

CVE-2026-5895 - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att

CVE-2026-5894 - Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacke

CVE-2026-5893 - Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit

CVE-2026-5892 - Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote att

CVE-2026-5891 - Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo

CVE-2026-5890 - Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potent

CVE-2026-5889 - Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read pot

CVE-2026-5888 - Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to

CVE-2026-5887 - Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7

CVE-2026-5886 - Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attac

CVE-2026-5885 - Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.

CVE-2026-5884 - Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed

CVE-2026-5883 - Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute

CVE-2026-5882 - Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacke

CVE-2026-5881 - Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacke

CVE-2026-5880 - Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo

CVE-2026-5879 - Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 a

CVE-2026-5878 - Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to

CVE-2026-5877 - Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ex

CVE-2026-5876 - Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a rem

CVE-2026-5875 - Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform

CVE-2026-5874 - Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who co

CVE-2026-5873 - Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5872 - Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute

CVE-2026-5871 - Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar

CVE-2026-5870 - Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut

CVE-2026-5869 - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o

CVE-2026-5868 - Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attack

CVE-2026-5867 - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o

CVE-2026-5866 - Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute

CVE-2026-5865 - Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar

CVE-2026-5864 - Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker t

CVE-2026-5863 - Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5862 - Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker

CVE-2026-5861 - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar

CVE-2026-5860 - Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut

CVE-2026-5859 - Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten

CVE-2026-5858 - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to e

CVE-2026-5810 - A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown funct

CVE-2026-5808 - A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae63405933

CVE-2026-5806 - A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unkn

CVE-2026-5711 - The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 's

CVE-2026-40037 - OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetc

CVE-2026-40036 - Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py

CVE-2026-40035 - Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that en

CVE-2026-40032 - UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in t

CVE-2026-40031 - MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-l

CVE-2026-40030 - parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path ar

CVE-2026-40029 - parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file p

CVE-2026-40028 - Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML repo

CVE-2026-40027 - ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerabili

CVE-2026-40026 - The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem

CVE-2026-40025 - The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem ke

CVE-2026-40024 - The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an

CVE-2026-39901 - monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a tra

CVE-2026-5805 - A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an

CVE-2026-5803 - A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f38934

CVE-2026-5451 - The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-5436 - The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to

CVE-2026-39892 - cryptography is a package designed to expose cryptographic primitives and recipes to Python develope

CVE-2026-39891 - PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function

CVE-2026-39890 - PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method

CVE-2026-39889 - PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream serv

CVE-2026-39888 - PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.p

CVE-2026-39885 - FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the m

CVE-2026-39883 - OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2

CVE-2026-39882 - OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters

CVE-2026-39881 - Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerabilit

CVE-2026-39860 - Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allow

CVE-2026-39844 - NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward

CVE-2026-39429 - kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and containe

CVE-2026-39416 - AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. P

CVE-2026-39415 - Frappe Learning Management System (LMS) is a learning system that helps users structure their conten

CVE-2026-39414 - MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEA

CVE-2026-5802 - A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of

CVE-2026-39880 - Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.

CVE-2026-39864 - Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an ou

CVE-2026-39863 - Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.

CVE-2026-39862 - Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code e

CVE-2026-39859 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3

CVE-2026-39413 - LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API

CVE-2026-39412 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4

CVE-2026-39411 - LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow

CVE-2026-39362 - InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DO

CVE-2026-35525 - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3

CVE-2026-35479 - InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who hav

CVE-2026-35478 - InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authentica

CVE-2026-35477 - InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-2

CVE-2026-35476 - InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authe

CVE-2026-23869 - A denial of service vulnerability exists in React Server Components, affecting the following package

CVE-2026-39851 - Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, th

CVE-2026-35455 - immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStore

CVE-2026-35446 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35407 - Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a

CVE-2026-35403 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35401 - Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a m

CVE-2026-35400 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35169 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-35165 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-34985 - LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid

CVE-2026-34837 - Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint