CVEinfo

CVE is an industry standard to provide a naming convention and unique identifier for disclosed security vulnerabilities.

2026

CVEDescriptionSubmissionModerationEntry
CVE-2026-6272A client holding only a read JWT scope can still register itself as a signal provider through the pr ...04/24/202604/24/2026359332
CVE-2026-21728Tempo queries with large limits can cause large memory allocations which can impact the availability ...04/24/202604/24/2026359331
CVE-2026-4078The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes ...04/24/202604/24/2026359328
CVE-2026-3569The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions u ...04/24/202604/24/2026359329
CVE-2026-3565The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a ...04/24/202604/24/2026359330
CVE-2026-1952Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.04/24/202604/24/2026359325
CVE-2026-1951Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulne ...04/24/202604/24/2026359324
CVE-2026-1950Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerabili ...04/24/202604/24/2026359323
CVE-2026-6810The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Refer ...04/24/202604/24/2026359312
CVE-2026-5428The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ima ...04/24/202604/24/2026359314
CVE-2026-5364The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary fil ...04/24/202604/24/2026359307
CVE-2026-5347The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to a ...04/24/202604/24/2026359310
CVE-2026-1949Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT re ...04/24/202604/24/2026359313
CVE-2026-6947DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, al ...04/24/202604/24/2026359268
CVE-2026-41317Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace ...04/24/202604/24/2026359274
CVE-2026-41316ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) int ...04/24/202604/24/2026359267
CVE-2026-6393The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and inc ...04/24/202604/24/2026359259
CVE-2026-5488The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to ...04/24/202604/24/2026359257
CVE-2026-41485Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1 ...04/24/202604/24/2026359260
CVE-2026-41430Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace ...04/24/202604/24/2026359266
CVE-2026-41324basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service ...04/24/202604/24/2026359261
CVE-2026-41323Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1 ...04/24/202604/24/2026359264
CVE-2026-41319MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injecti ...04/24/202604/24/2026359263
CVE-2026-41318AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe ...04/24/202604/24/2026359265
CVE-2026-41068Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2 ...04/24/202604/24/2026359262
CVE-2026-2028The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to in ...04/24/202604/24/2026359258
CVE-2026-41309Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versio ...04/24/202604/24/2026359248
CVE-2026-41305PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rul ...04/24/202604/24/2026359256
CVE-2026-40254FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an of ...04/24/202604/24/2026359253
CVE-2026-33318Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (incl ...04/24/202604/24/2026359255
CVE-2026-33317OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel r ...04/24/202604/24/2026359249
CVE-2026-33208Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers ...04/24/202604/24/2026359250
CVE-2026-33078Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prio ...04/24/202604/24/2026359247
CVE-2026-33077Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers ...04/24/202604/24/2026359252
CVE-2026-33076Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers ...04/24/202604/24/2026359251
CVE-2026-32952go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0 ...04/24/202604/24/2026359254
CVE-2026-41325Kirby is an open-source content management system. Kirby's user permissions control which user role ...04/24/202604/24/2026359273
CVE-2026-40099Kirby is an open-source content management system. Kirby's user permissions control which user role ...04/24/202604/24/2026359272
CVE-2026-34587Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user p ...04/24/202604/24/2026359271
CVE-2026-32870Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handlin ...04/24/202604/24/2026359270
CVE-2026-31956Xibo is an open source digital signage platform with a web content management system and Windows dis ...04/24/202604/24/2026359269
CVE-2026-31955Xibo is an open source digital signage platform with a web content management system and Windows dis ...04/24/202604/24/2026359276
CVE-2026-31953Xibo is an open source digital signage platform with a web content management system and Windows dis ...04/24/202604/24/2026359275
CVE-2026-40630A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to ce ...04/24/202604/24/2026359283
CVE-2026-40623A vulnerability in SenseLive X3050's web management interface allows critical system and network c ...04/24/202604/24/2026359277
CVE-2026-40620A vulnerability in SenseLive X3050’s embedded management service allows full administrative cont ...04/24/202604/24/2026359280
CVE-2026-29197In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the end ...04/24/202604/24/2026359286
CVE-2026-25720A vulnerability exists in SenseLive X3050’s web management interface due to improper session lif ...04/24/202604/24/2026359282
CVE-2026-1789A vulnerability in the browser-based remote management interface may allow an administrator to acces ...04/24/202604/24/2026359281
CVE-2026-40431A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unen ...04/24/202604/24/2026359238
CVE-2026-39462A vulnerability exists in SenseLive X3050’s web management interface in which password updates ar ...04/24/202604/24/2026359243
CVE-2026-35503A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be p ...04/24/202604/24/2026359246
CVE-2026-35064A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of de ...04/24/202604/24/2026359242
CVE-2026-31952Xibo is an open source digital signage platform with a web content management system and Windows dis ...04/24/202604/24/2026359244
CVE-2026-29051melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 a ...04/24/202604/24/2026359240
CVE-2026-29050melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 a ...04/24/202604/24/2026359237
CVE-2026-27843A vulnerability exists in SenseLive X3050's web management interface that allows critical configura ...04/24/202604/24/2026359245
CVE-2026-27841A vulnerability in SenseLive X3050's web management interface allows state-changing operations to ...04/24/202604/24/2026359241
CVE-2026-25775A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and upd ...04/24/202604/24/2026359239
CVE-2026-6732A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafte ...04/24/202604/24/2026359284
CVE-2026-41361OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 ...04/24/202604/24/2026359317
CVE-2026-41360OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind ...04/24/202604/24/2026359318
CVE-2026-41359OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated opera ...04/24/202604/24/2026359311
CVE-2026-41358OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allo ...04/24/202604/24/2026359316
CVE-2026-41357OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbo ...04/24/202604/24/2026359308
CVE-2026-41356OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. ...04/24/202604/24/2026359315
CVE-2026-41355OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that co ...04/24/202604/24/2026359309
CVE-2026-41354OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe ...04/24/202604/24/2026359304
CVE-2026-41353OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles featu ...04/24/202604/24/2026359297
CVE-2026-41352OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node ...04/24/202604/24/2026359293
CVE-2026-41351OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature hand ...04/24/202604/24/2026359303
CVE-2026-41350OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_statu ...04/24/202604/24/2026359299
CVE-2026-41349OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to si ...04/24/202604/24/2026359292
CVE-2026-41348OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command an ...04/24/202604/24/2026359291
CVE-2026-41347OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating ...04/24/202604/24/2026359301
CVE-2026-41346OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead o ...04/24/202604/24/2026359287
CVE-2026-41345OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionali ...04/24/202604/24/2026359296
CVE-2026-41344OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint th ...04/24/202604/24/2026359300
CVE-2026-41343OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path ...04/24/202604/24/2026359290
CVE-2026-41342OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding c ...04/24/202604/24/2026359289
CVE-2026-41341OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that miscl ...04/24/202604/24/2026359288
CVE-2026-41340OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy al ...04/24/202604/24/2026359302
CVE-2026-41339OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapsho ...04/24/202604/24/2026359306
CVE-2026-41338OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operati ...04/24/202604/24/2026359295
CVE-2026-41337OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call repl ...04/24/202604/24/2026359305
CVE-2026-41336OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR env ...04/24/202604/24/2026359298
CVE-2026-41335OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface ...04/24/202604/24/2026359294
CVE-2026-41334OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails ...04/24/202604/24/2026359279
CVE-2026-41333OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows ...04/24/202604/24/2026359278
CVE-2026-41332OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMP ...04/24/202604/24/2026359285
CVE-2026-41274Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/24/202604/24/2026359235
CVE-2026-26210KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve ba ...04/24/202604/24/2026359234
CVE-2026-35431Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthoriz ...04/24/202604/24/2026359231
CVE-2026-33819Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code ...04/24/202604/24/2026359230
CVE-2026-33102Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker ...04/24/202604/24/2026359236
CVE-2026-32210Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacke ...04/24/202604/24/2026359233
CVE-2026-32172Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute ...04/24/202604/24/2026359228
CVE-2026-2708A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_ ...04/24/202604/24/2026347007
CVE-2026-26150Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p ...04/24/202604/24/2026359232
CVE-2026-24303Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privile ...04/24/202604/24/2026359229
CVE-2026-6942radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows rem ...04/23/202604/23/2026359227
CVE-2026-28525SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_mult ...04/23/202604/23/2026359226
CVE-2026-6941radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that al ...04/23/202604/23/2026359218
CVE-2026-6940radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local ...04/23/202604/23/2026359225
CVE-2026-6376A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to b ...04/23/202604/23/2026359221
CVE-2026-6375A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name rec ...04/23/202604/23/2026359224
CVE-2026-41275Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359217
CVE-2026-41279Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359223
CVE-2026-41278Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359222
CVE-2026-41277Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359220
CVE-2026-41276Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359216
CVE-2026-41265Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359215
CVE-2026-41264Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359214
CVE-2026-25874LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where pickl ...04/23/202604/23/2026359219
CVE-2026-41273Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359210
CVE-2026-41272Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359213
CVE-2026-41271Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359212
CVE-2026-41270Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359211
CVE-2026-41269Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359209
CVE-2026-41268Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359205
CVE-2026-41267Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359208
CVE-2026-41266Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359207
CVE-2026-41138Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359204
CVE-2026-41137Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/23/202604/23/2026359206
CVE-2026-6074A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing ne ...04/23/202604/23/2026359203
CVE-2026-41241pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backen ...04/23/202604/23/2026359202
CVE-2026-41213@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchan ...04/23/202604/23/2026359199
CVE-2026-41173The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from A ...04/23/202604/23/2026359200
CVE-2026-41078OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Expor ...04/23/202604/23/2026359201
CVE-2026-41259Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16 ...04/23/202604/23/2026359198
CVE-2026-41247elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1 ...04/23/202604/23/2026359197
CVE-2026-41246Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32. ...04/23/202604/23/2026359196
CVE-2026-41205Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vuln ...04/23/202604/23/2026359195
CVE-2026-40894OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 an ...04/23/202604/23/2026359187
CVE-2026-40886Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on ...04/23/202604/23/2026359186
CVE-2026-33694This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files ...04/23/202604/23/2026359185
CVE-2026-31173An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359193
CVE-2026-31169An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359192
CVE-2026-31168An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359194
CVE-2026-31167An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359191
CVE-2026-31166An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359190
CVE-2026-31163An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359189
CVE-2026-31162An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359188
CVE-2026-41909OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing ...04/23/202604/23/2026359178
CVE-2026-41908OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media r ...04/23/202604/23/2026359177
CVE-2026-40891OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting t ...04/23/202604/23/2026359180
CVE-2026-40182OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting t ...04/23/202604/23/2026359179
CVE-2026-31175An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359184
CVE-2026-31174An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359183
CVE-2026-31172An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359182
CVE-2026-31171An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359181
CVE-2026-6921Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potenti ...04/23/202604/23/2026359169
CVE-2026-31165An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359171
CVE-2026-31164An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359172
CVE-2026-31160An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359170
CVE-2026-6920Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attac ...04/23/202604/23/2026359159
CVE-2026-6919Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who ha ...04/23/202604/23/2026359166
CVE-2026-5039TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key ...04/23/202604/23/2026359163
CVE-2026-31533In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in ...04/23/202604/23/2026359162
CVE-2026-31179An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359165
CVE-2026-31181An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359164
CVE-2026-31178An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359168
CVE-2026-31177An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359161
CVE-2026-31176An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359167
CVE-2026-31159An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/23/202604/23/2026359160
CVE-2026-41240DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to ...04/23/202604/23/2026359153
CVE-2026-41239DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in versio ...04/23/202604/23/2026359156
CVE-2026-41238DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 thr ...04/23/202604/23/2026359062
CVE-2026-40472In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes ...04/23/202604/23/2026359158
CVE-2026-40471hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on ...04/23/202604/23/2026359155
CVE-2026-40470A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript f ...04/23/202604/23/2026359152
CVE-2026-39087An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the pa ...04/23/202604/23/2026359154
CVE-2026-34003A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could se ...04/23/202604/23/2026359151
CVE-2026-34001A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence ...04/23/202604/23/2026359149
CVE-2026-33999A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XK ...04/23/202604/23/2026359150
CVE-2026-23751Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) ...04/23/202604/23/2026359148
CVE-2026-41461SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in t ...04/23/202604/23/2026359145
CVE-2026-41460SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/g ...04/23/202604/23/2026359143
CVE-2026-35225An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS E ...04/23/202604/23/2026359144
CVE-2026-39440Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFor ...04/23/202604/23/2026359141
CVE-2026-31532In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-afte ...04/23/202604/23/2026359131
CVE-2026-31531In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dyn ...04/23/202604/23/2026359129
CVE-2026-28040Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...04/23/202604/23/2026359138
CVE-2026-6903The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in ...04/23/202604/23/2026359130
CVE-2026-6887Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vu ...04/23/202604/23/2026359136
CVE-2026-6886Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication B ...04/23/202604/23/2026359135
CVE-2026-6885Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File U ...04/23/202604/23/2026359134
CVE-2026-5464The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for Word ...04/23/202604/23/2026359132
CVE-2026-3960A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/I ...04/23/202604/23/2026359128
CVE-2026-3259A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized Vie ...04/23/202604/23/2026359133
CVE-2026-41564CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Cry ...04/23/202604/23/2026359125
CVE-2026-41040GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a ...04/23/202604/23/2026359127
CVE-2026-4512The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key se ...04/23/202604/23/2026359122
CVE-2026-4106The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX act ...04/23/202604/23/2026359121
CVE-2026-34488IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading ...04/23/202604/23/2026359123
CVE-2026-41990Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check b ...04/23/202604/23/2026359120
CVE-2026-41989Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via craf ...04/23/202604/23/2026359119
CVE-2026-41988uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID ve ...04/23/202604/23/2026359111
CVE-2026-41233Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, t ...04/23/202604/23/2026359109
CVE-2026-41232Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add( ...04/23/202604/23/2026359115
CVE-2026-40529CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in ...04/23/202604/23/2026359114
CVE-2026-41231Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` cons ...04/23/202604/23/2026359098
CVE-2026-41230Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` ...04/23/202604/23/2026359104
CVE-2026-41229Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArra ...04/23/202604/23/2026359066
CVE-2026-41228Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpo ...04/23/202604/23/2026359065
CVE-2026-3361The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl ...04/23/202604/23/2026359110
CVE-2026-3007Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attack ...04/23/202604/23/2026359118
CVE-2026-3844The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file ty ...04/23/202604/23/2026359090
CVE-2026-2951The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vuln ...04/23/202604/23/2026359095
CVE-2026-41679Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. ...04/23/202604/23/2026359106
CVE-2026-41243OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0 ...04/23/202604/23/2026359105
CVE-2026-41211Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `download ...04/23/202604/23/2026359107
CVE-2026-41208Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. ...04/23/202604/23/2026359093
CVE-2026-41206PySpector is a static analysis security testing (SAST) Framework engineered for modern Python develo ...04/23/202604/23/2026359089
CVE-2026-41200STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) ...04/23/202604/23/2026359097
CVE-2026-41197Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compat ...04/23/202604/23/2026359092
CVE-2026-41196Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 ...04/23/202604/23/2026359094
CVE-2026-41182LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0. ...04/23/202604/23/2026359072
CVE-2026-41180PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload ...04/23/202604/23/2026359091
CVE-2026-1923The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site ...04/23/202604/23/2026359096
CVE-2026-6874A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function ...04/23/202604/23/2026359039
CVE-2026-5935IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow ...04/23/202604/23/2026359101
CVE-2026-5926IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 ...04/23/202604/23/2026359100
CVE-2026-4919IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows a ...04/23/202604/23/2026359103
CVE-2026-4918IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability a ...04/23/202604/23/2026359102
CVE-2026-4917IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the ...04/23/202604/23/2026359099
CVE-2026-3621IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Serve ...04/23/202604/23/2026359064
CVE-2026-29198In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injec ...04/23/202604/23/2026359117
CVE-2026-1726IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.104/23/202604/23/2026359086
CVE-2026-1352IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 C ...04/23/202604/23/2026359063
CVE-2026-1274IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerabi ...04/23/202604/23/2026359085
CVE-2026-1272IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnera ...04/23/202604/23/2026359083
CVE-2026-6878A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of ...04/23/202604/23/2026359040
CVE-2026-41179Rclone is a command-line program to sync files and directories to and from different cloud storage p ...04/23/202604/23/2026359082
CVE-2026-41176Rclone is a command-line program to sync files and directories to and from different cloud storage p ...04/23/202604/23/2026359084
CVE-2026-40062A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated ...04/23/202604/23/2026359088
CVE-2026-32679The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerF ...04/23/202604/23/2026359087
CVE-2026-4049Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.04/23/202604/23/2026
 
CVE-2026-41177Squidex is an open source headless content management system and content management hub. Prior to ve ...04/23/202604/23/2026359116
CVE-2026-41175Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and ...04/23/202604/23/2026359113
CVE-2026-41172Squidex is an open source headless content management system and content management hub. Prior to ve ...04/23/202604/23/2026359112
CVE-2026-40517radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() ...04/23/202604/23/2026359108
CVE-2026-41168pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen ...04/22/202604/23/2026359070
CVE-2026-41167Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple A ...04/22/202604/23/2026359081
CVE-2026-41455WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL h ...04/22/202604/23/2026359076
CVE-2026-41454WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoi ...04/22/202604/23/2026359074
CVE-2026-41314pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen ...04/22/202604/23/2026359069
CVE-2026-41313pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen ...04/22/202604/23/2026359068
CVE-2026-41312pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen ...04/22/202604/23/2026359067
CVE-2026-41171Squidex is an open source headless content management system and content management hub. Versions pr ...04/22/202604/23/2026359077
CVE-2026-41170Squidex is an open source headless content management system and content management hub. Prior to ve ...04/22/202604/23/2026359075
CVE-2026-41166OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `w ...04/22/202604/23/2026359080
CVE-2026-41134Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a cod ...04/22/202604/23/2026359073
CVE-2026-40937RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notif ...04/22/202604/23/2026359078
CVE-2026-40882OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset ...04/22/202604/23/2026359079
CVE-2026-3837An authenticated attacker can persist crafted values in multiple field types and trigger client-side ...04/22/202604/22/2026359061
CVE-2026-34068nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prio ...04/22/202604/22/2026359058
CVE-2026-34067nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prio ...04/22/202604/22/2026359057
CVE-2026-33733EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the ...04/22/202604/22/2026359056
CVE-2026-33656EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, Espo ...04/22/202604/22/2026359055
CVE-2026-6019http.cookies.Morsel.js_output() returns an inline snippet and only escapes " for JavaScript string ...04/22/202604/22/2026359054
CVE-2026-3673An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript executi ...04/22/202604/22/2026359060
CVE-2026-34066nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version ...04/22/202604/22/2026359050
CVE-2026-34065nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust ...04/22/202604/22/2026359053
CVE-2026-34064nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to versio ...04/22/202604/22/2026359052
CVE-2026-34063Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `n ...04/22/202604/22/2026359047
CVE-2026-34062nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCode ...04/22/202604/22/2026359051
CVE-2026-41459Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that ...04/22/202604/22/2026359046
CVE-2026-34415Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability ...04/22/202604/22/2026359049
CVE-2026-34414Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in t ...04/22/202604/22/2026359048
CVE-2026-34413Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in th ...04/22/202604/22/2026359045
CVE-2026-33471nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the A ...04/22/202604/22/2026359059
CVE-2026-41469Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loadin ...04/22/202604/22/2026359041
CVE-2026-41468Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbo ...04/22/202604/22/2026359042
CVE-2026-28950A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iP ...04/22/202604/22/2026359044
CVE-2026-26354Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1 ...04/22/202604/22/2026359043
CVE-2026-32885DDEV is an open-source tool for running local web development environments for PHP and Node.js. Vers ...04/22/202604/22/2026359038
CVE-2026-4922GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 ...04/22/202604/22/2026359034
CVE-2026-3254GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that ...04/22/202604/22/2026359027
CVE-2026-6515GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 ...04/22/202604/22/2026359026
CVE-2026-5816GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and ...04/22/202604/22/2026359025
CVE-2026-5377GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that ...04/22/202604/22/2026359024
CVE-2026-5262GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18. ...04/22/202604/22/2026359023
CVE-2026-35382Voluntarily withdrawn04/22/202604/22/2026
 
CVE-2026-35381A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delim ...04/22/202604/22/2026358988
CVE-2026-35380A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the ...04/22/202604/22/2026359016
CVE-2026-35379A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:g ...04/22/202604/22/2026358992
CVE-2026-35378A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized s ...04/22/202604/22/2026358987
CVE-2026-35377A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-lin ...04/22/202604/22/2026358997
CVE-2026-35376A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutil ...04/22/202604/22/2026359031
CVE-2026-35375A logic error in the split utility of uutils coreutils causes the corruption of output filenames whe ...04/22/202604/22/2026358991
CVE-2026-35374A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutil ...04/22/202604/22/2026359037
CVE-2026-35373A logic error in the ln utility of uutils coreutils causes the program to reject source paths contai ...04/22/202604/22/2026358995
CVE-2026-35372A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic lin ...04/22/202604/22/2026359030
CVE-2026-35371The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the ...04/22/202604/22/2026359022
CVE-2026-35370The id utility in uutils coreutils miscalculates the groups= section of its output. The implementati ...04/22/202604/22/2026358986
CVE-2026-35369An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as ...04/22/202604/22/2026358984
CVE-2026-35368A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. T ...04/22/202604/22/2026359015
CVE-2026-35367The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying ...04/22/202604/22/2026358990
CVE-2026-35366The printenv utility in uutils coreutils fails to display environment variables containing invalid U ...04/22/202604/22/2026359014
CVE-2026-35365The mv utility in uutils coreutils improperly handles directory trees containing symbolic links duri ...04/22/202604/22/2026359012
CVE-2026-35364A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils ...04/22/202604/22/2026359029
CVE-2026-35363A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms inte ...04/22/202604/22/2026359017
CVE-2026-35362The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Ti ...04/22/202604/22/2026358985
CVE-2026-35361The mknod utility in uutils coreutils fails to handle security labels atomically by creating device ...04/22/202604/22/2026359013
CVE-2026-35360The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race ...04/22/202604/22/2026359018
CVE-2026-35359A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows a ...04/22/202604/22/2026359011
CVE-2026-35358The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats charac ...04/22/202604/22/2026359010
CVE-2026-35357The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destin ...04/22/202604/22/2026359035
CVE-2026-35356A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreut ...04/22/202604/22/2026359009
CVE-2026-35355The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) rac ...04/22/202604/22/2026359033
CVE-2026-35354A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils d ...04/22/202604/22/2026359028
CVE-2026-35353The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by crea ...04/22/202604/22/2026359019
CVE-2026-35352A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreut ...04/22/202604/22/2026359032
CVE-2026-35351The mv utility in uutils coreutils fails to preserve file ownership during moves across different fi ...04/22/202604/22/2026358998
CVE-2026-35350The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership pr ...04/22/202604/22/2026358994
CVE-2026-35349A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protect ...04/22/202604/22/2026359007
CVE-2026-35348The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from o ...04/22/202604/22/2026358996
CVE-2026-35347The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before p ...04/22/202604/22/2026359008
CVE-2026-35346The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on ...04/22/202604/22/2026358989
CVE-2026-35345A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive fil ...04/22/202604/22/2026358993
CVE-2026-35344The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditio ...04/22/202604/22/2026358983
CVE-2026-35343The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newlin ...04/22/202604/22/2026359006
CVE-2026-35342The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable ...04/22/202604/22/2026358982
CVE-2026-35341A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions o ...04/22/202604/22/2026359005
CVE-2026-35340A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return ...04/22/202604/22/2026359004
CVE-2026-35339The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when ...04/22/202604/22/2026359003
CVE-2026-35338A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root ...04/22/202604/22/2026359002
CVE-2026-1660GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 ...04/22/202604/22/2026359021
CVE-2026-30139A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpe ...04/22/202604/22/2026358981
CVE-2026-35548An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 ...04/22/202604/22/2026358953
CVE-2026-6862A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fai ...04/22/202604/22/2026358961
CVE-2026-6861A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs proc ...04/22/202604/22/2026358952
CVE-2026-33611An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS ...04/22/202604/22/2026358958
CVE-2026-33610A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when ...04/22/202604/22/2026358966
CVE-2026-33609Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queri ...04/22/202604/22/2026358967
CVE-2026-33608An attacker can send a notify request that causes a new secondary domain to be added to the bind bac ...04/22/202604/22/2026358957
CVE-2026-33602A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum co ...04/22/202604/22/2026358964
CVE-2026-33599A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, whe ...04/22/202604/22/2026358956
CVE-2026-33598A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAd ...04/22/202604/22/2026358965
CVE-2026-33597PRSD detection denial of service04/22/202604/22/2026358963
CVE-2026-33596A client might theoretically be able to cause a mismatch between queries sent to a backend and the r ...04/22/202604/22/2026358960
CVE-2026-33595A client can trigger excessive memory allocation by generating a lot of errors responses over a sing ...04/22/202604/22/2026358955
CVE-2026-33594A client can trigger excessive memory allocation by generating a lot of queries that are routed to a ...04/22/202604/22/2026358959
CVE-2026-33593A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.04/22/202604/22/2026358962
CVE-2026-33254An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memor ...04/22/202604/22/2026358954
CVE-2026-31530In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of ...04/22/202604/22/2026358861
CVE-2026-31529In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __co ...04/22/202604/22/2026358903
CVE-2026-31528In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx- ...04/22/202604/22/2026358944
CVE-2026-31527In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gene ...04/22/202604/22/2026358941
CVE-2026-31526In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock ch ...04/22/202604/22/2026358901
CVE-2026-31525In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in ...04/22/202604/22/2026358873
CVE-2026-31524In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in ...04/22/202604/22/2026358900
CVE-2026-31523In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling ...04/22/202604/22/2026358945
CVE-2026-31522In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory l ...04/22/202604/22/2026358899
CVE-2026-31521In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a ...04/22/202604/22/2026358898
CVE-2026-31520In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak i ...04/22/202604/22/2026358859
CVE-2026-31519In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFS_ROOT_ORPHAN_CL ...04/22/202604/22/2026358872
CVE-2026-31518In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp ...04/22/202604/22/2026358948
CVE-2026-31517In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() pani ...04/22/202604/22/2026358950
CVE-2026-31516In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.wo ...04/22/202604/22/2026358939
CVE-2026-31515In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pf ...04/22/202604/22/2026358946
CVE-2026-31514In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in ...04/22/202604/22/2026358897
CVE-2026-31513In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out ...04/22/202604/22/2026358942
CVE-2026-31512In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU ...04/22/202604/22/2026358937
CVE-2026-31511In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling p ...04/22/202604/22/2026358932
CVE-2026-31510In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr- ...04/22/202604/22/2026358896
CVE-2026-31509In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking ...04/22/202604/22/2026358934
CVE-2026-31508In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasi ...04/22/202604/22/2026358871
CVE-2026-31507In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc ...04/22/202604/22/2026358895
CVE-2026-31506In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of ...04/22/202604/22/2026358930
CVE-2026-31505In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes ...04/22/202604/22/2026358864
CVE-2026-31504In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_r ...04/22/202604/22/2026321044
CVE-2026-31503In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict ...04/22/202604/22/2026358947
CVE-2026-31502In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confu ...04/22/202604/22/2026358870
CVE-2026-31501In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use- ...04/22/202604/22/2026358936
CVE-2026-31500In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize b ...04/22/202604/22/2026358933
CVE-2026-31499In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock ...04/22/202604/22/2026358931
CVE-2026-31498In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-i ...04/22/202604/22/2026358869
CVE-2026-31497In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO alt ...04/22/202604/22/2026358935
CVE-2026-31496In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: ...04/22/202604/22/2026358894
CVE-2026-31495In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netli ...04/22/202604/22/2026358929
CVE-2026-31494In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queu ...04/22/202604/22/2026358951
CVE-2026-31493In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ...04/22/202604/22/2026358928
CVE-2026-31492In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp ...04/22/202604/22/2026358927
CVE-2026-31491In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calcul ...04/22/202604/22/2026358926
CVE-2026-31490In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free i ...04/22/202604/22/2026358868
CVE-2026-31489In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-pu ...04/22/202604/22/2026358925
CVE-2026-31488In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip un ...04/22/202604/22/2026358866
CVE-2026-31487In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_overrid ...04/22/202604/22/2026358893
CVE-2026-31486In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect reg ...04/22/202604/22/2026358892
CVE-2026-31485In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardow ...04/22/202604/22/2026358924
CVE-2026-31484In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read i ...04/22/202604/22/2026358922
CVE-2026-31483In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre boun ...04/22/202604/22/2026358923
CVE-2026-31482In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register ...04/22/202604/22/2026358891
CVE-2026-31481In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger ...04/22/202604/22/2026358921
CVE-2026-31480In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock ...04/22/202604/22/2026358920
CVE-2026-31479In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of re ...04/22/202604/22/2026358890
CVE-2026-31478In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_l ...04/22/202604/22/2026358889
CVE-2026-31477In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NUL ...04/22/202604/22/2026358919
CVE-2026-31476In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on ...04/22/202604/22/2026358887
CVE-2026-31475In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free ...04/22/202604/22/2026358882
CVE-2026-31474In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-afte ...04/22/202604/22/2026358884
CVE-2026-31473In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REIN ...04/22/202604/22/2026358918
CVE-2026-31472In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv ...04/22/202604/22/2026358917
CVE-2026-31471In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_ ...04/22/202604/22/2026358916
CVE-2026-31470In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling o ...04/22/202604/22/2026358943
CVE-2026-31469In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops ...04/22/202604/22/2026358867
CVE-2026-31468In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dm ...04/22/202604/22/2026358915
CVE-2026-31467In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio ...04/22/202604/22/2026358885
CVE-2026-31466In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't ...04/22/202604/22/2026358862
CVE-2026-31465In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for ...04/22/202604/22/2026358883
CVE-2026-31464In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ...04/22/202604/22/2026358860
CVE-2026-31463In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access ...04/22/202604/22/2026358888
CVE-2026-31462In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate P ...04/22/202604/22/2026358886
CVE-2026-31461In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid l ...04/22/202604/22/2026358879
CVE-2026-31460In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_c ...04/22/202604/22/2026358880
CVE-2026-31459In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx l ...04/22/202604/22/2026358881
CVE-2026-31458In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts- ...04/22/202604/22/2026358914
CVE-2026-31457In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts- ...04/22/202604/22/2026358913
CVE-2026-31456In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between c ...04/22/202604/22/2026358878
CVE-2026-31455In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushin ...04/22/202604/22/2026358912
CVE-2026-31454In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping ...04/22/202604/22/2026358949
CVE-2026-31453In the Linux kernel, the following vulnerability has been resolved: xfs: avoid dereferencing log it ...04/22/202604/22/2026358911
CVE-2026-31452In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to ex ...04/22/202604/22/2026358865
CVE-2026-31451In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with prope ...04/22/202604/22/2026358910
CVE-2026-31450In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after init ...04/22/202604/22/2026358863
CVE-2026-31449In the Linux kernel, the following vulnerability has been resolved: ext4: validate p_idx bounds in ...04/22/202604/22/2026358909
CVE-2026-31448In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caus ...04/22/202604/22/2026358940
CVE-2026-31447In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc ...04/22/202604/22/2026358908
CVE-2026-31446In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in upd ...04/22/202604/22/2026358877
CVE-2026-31445In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of hal ...04/22/202604/22/2026358876
CVE-2026-31444In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and N ...04/22/202604/22/2026358907
CVE-2026-31443In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when ...04/22/202604/22/2026358906
CVE-2026-31442In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible i ...04/22/202604/22/2026358905
CVE-2026-31441In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory lea ...04/22/202604/22/2026358875
CVE-2026-31440In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking ev ...04/22/202604/22/2026358904
CVE-2026-31439In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix re ...04/22/202604/22/2026358902
CVE-2026-31438In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_ ...04/22/202604/22/2026358874
CVE-2026-31437In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer derefer ...04/22/202604/22/2026358857
CVE-2026-31436In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible w ...04/22/202604/22/2026358858
CVE-2026-31435In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment dur ...04/22/202604/22/2026358855
CVE-2026-31434In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name ...04/22/202604/22/2026358854
CVE-2026-31192Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6. ...04/22/202604/22/2026358856
CVE-2026-6859A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when ...04/22/202604/22/2026358847
CVE-2026-6356A vulnerability in the web application allows standard users to escalate their privileges to those o ...04/22/202604/22/2026358851
CVE-2026-6355A vulnerability in the web application allows unauthorized users to access and manipulate sensitive ...04/22/202604/22/2026358850
CVE-2026-5750An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process all ...04/22/202604/22/2026358849
CVE-2026-5749Inadequate access control in the registration process in Fullstep V5, which could allow unauthentica ...04/22/202604/22/2026358848
CVE-2026-41651PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way us ...04/22/202604/22/2026358852
CVE-2026-0539Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local att ...04/22/202604/22/2026358853
CVE-2026-6857A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the Prot ...04/22/202604/22/2026358845
CVE-2026-6855A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th ...04/22/202604/22/2026358846
CVE-2026-33601If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zo ...04/22/202604/22/2026358837
CVE-2026-33262An attacker can send replies that result in a null pointer dereference, caused by a missing consiste ...04/22/202604/22/2026358844
CVE-2026-33261A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of s ...04/22/202604/22/2026358843
CVE-2026-33260An attacker can send a web request that causes unlimited memory allocation in the internal web serve ...04/22/202604/22/2026358840
CVE-2026-33259Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free a ...04/22/202604/22/2026358836
CVE-2026-33258By publishing and querying a crafted zone an attacker can cause allocation of large entries in the n ...04/22/202604/22/2026358842
CVE-2026-33257An attacker can send a web request that causes unlimited memory allocation in the internal web serve ...04/22/202604/22/2026358839
CVE-2026-33256An attacker can send a web request that causes unlimited memory allocation in the internal web serve ...04/22/202604/22/2026358838
CVE-2026-6848A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive ...04/22/202604/22/2026358833
CVE-2026-33600An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by ...04/22/202604/22/2026358841
CVE-2026-1930The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missi ...04/22/202604/22/2026358831
CVE-2026-1913The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t ...04/22/202604/22/2026358835
CVE-2026-1395The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider ...04/22/202604/22/2026358834
CVE-2026-6845A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a ...04/22/202604/22/2026358830
CVE-2026-6396The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in v ...04/22/202604/22/2026358829
CVE-2026-6294The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers ...04/22/202604/22/2026358832
CVE-2026-6246The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...04/22/202604/22/2026358828
CVE-2026-6236The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' short ...04/22/202604/22/2026358827
CVE-2026-6235The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma ...04/22/202604/22/2026358826
CVE-2026-6041The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom ...04/22/202604/22/2026358816
CVE-2026-5820The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table o ...04/22/202604/22/2026358819
CVE-2026-5767The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin ...04/22/202604/22/2026358818
CVE-2026-5748The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ...04/22/202604/22/2026358820
CVE-2026-4353The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' ...04/22/202604/22/2026358821
CVE-2026-4280The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up t ...04/22/202604/22/2026358825
CVE-2026-4279The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadb ...04/22/202604/22/2026358817
CVE-2026-6846A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a speciall ...04/22/202604/22/2026358823
CVE-2026-6844A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit tw ...04/22/202604/22/2026358822
CVE-2026-6843A flaw was found in nano. A local user could exploit a format string vulnerability in the `statuslin ...04/22/202604/22/2026358824
CVE-2026-4142The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cr ...04/22/202604/22/2026358812
CVE-2026-4140The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in ...04/22/202604/22/2026358809
CVE-2026-4139The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t ...04/22/202604/22/2026358814
CVE-2026-4138The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v ...04/22/202604/22/2026358808
CVE-2026-4133The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v ...04/22/202604/22/2026358815
CVE-2026-4132The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading ...04/22/202604/22/2026358783
CVE-2026-4131The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in ...04/22/202604/22/2026358806
CVE-2026-4128The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization ...04/22/202604/22/2026358804
CVE-2026-4126The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio ...04/22/202604/22/2026358807
CVE-2026-4125The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' sho ...04/22/202604/22/2026358813
CVE-2026-4121The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to ...04/22/202604/22/2026358790
CVE-2026-4119The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t ...04/22/202604/22/2026358795
CVE-2026-4118The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve ...04/22/202604/22/2026358803
CVE-2026-4117The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and incl ...04/22/202604/22/2026358785
CVE-2026-4090The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up ...04/22/202604/22/2026358805
CVE-2026-4089The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id ...04/22/202604/22/2026358811
CVE-2026-4088The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_c ...04/22/202604/22/2026358810
CVE-2026-4085The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...04/22/202604/22/2026358798
CVE-2026-4082The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swif ...04/22/202604/22/2026358800
CVE-2026-4076The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...04/22/202604/22/2026358801
CVE-2026-4074The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t ...04/22/202604/22/2026358789
CVE-2026-3362The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' ...04/22/202604/22/2026358797
CVE-2026-31433In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get ...04/22/202604/22/2026358788
CVE-2026-31432In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_I ...04/22/202604/22/2026358787
CVE-2026-31431In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to ...04/22/202604/22/2026358784
CVE-2026-2719The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exce ...04/22/202604/22/2026358796
CVE-2026-2717The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and inc ...04/22/202604/22/2026358782
CVE-2026-2714The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' ...04/22/202604/22/2026358799
CVE-2026-1845The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin sett ...04/22/202604/22/2026358793
CVE-2026-1379The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setting ...04/22/202604/22/2026358802
CVE-2026-6842A flaw was found in nano. In environments with permissive umask settings, a local attacker can explo ...04/22/202604/22/2026358794
CVE-2026-6023In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control i ...04/22/202604/22/2026358791
CVE-2026-6022In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled res ...04/22/202604/22/2026358792
CVE-2026-40542Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the cli ...04/22/202604/22/2026358786
CVE-2026-6840Missing bounds validation for operator could allow out of range operator-code lookup during model l ...04/22/202604/22/2026358781
CVE-2026-6839Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out o ...04/22/202604/22/2026358776
CVE-2026-41667Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause inc ...04/22/202604/22/2026358775
CVE-2026-41666Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bou ...04/22/202604/22/2026358774
CVE-2026-41665Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause ...04/22/202604/22/2026358773
CVE-2026-41664Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid me ...04/22/202604/22/2026358769
CVE-2026-40450Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incor ...04/22/202604/22/2026358772
CVE-2026-40449Integer overflow in buffer size calculation could result in out of bounds memory access when handlin ...04/22/202604/22/2026358771
CVE-2026-40448Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory a ...04/22/202604/22/2026358770
CVE-2026-22754Vulnerability in Spring Spring Security. If an application uses  to define the servlet path for co ...04/22/202604/22/2026358777
CVE-2026-22753Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a ...04/22/202604/22/2026358768
CVE-2026-22748Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwt ...04/22/202604/22/2026358780
CVE-2026-22747Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle c ...04/22/202604/22/2026358779
CVE-2026-22746Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #is ...04/22/202604/22/2026358778
CVE-2026-40451DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vuln ...04/22/202604/22/2026358757
CVE-2026-6416Tanium addressed an uncontrolled resource consumption vulnerability in Interact.04/22/202604/22/2026358764
CVE-2026-6408Tanium addressed an information disclosure vulnerability in Tanium Server.04/22/202604/22/2026358763
CVE-2026-6392Tanium addressed an information disclosure vulnerability in Threat Response.04/22/202604/22/2026358767
CVE-2026-6386In order to apply a particular protection key to an address range, the kernel must update the corres ...04/22/202604/22/2026358762
CVE-2026-5398The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the c ...04/22/202604/22/2026358766
CVE-2026-41458OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login h ...04/22/202604/22/2026358758
CVE-2026-41457OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and fi ...04/22/202604/22/2026358761
CVE-2026-6835The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated ...04/22/202604/22/2026358759
CVE-2026-6834The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated rem ...04/22/202604/22/2026358760
CVE-2026-6833The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote atta ...04/22/202604/22/2026358765
CVE-2026-41304WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php` ...04/22/202604/22/2026358619
CVE-2026-41064WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fi ...04/22/202604/22/2026358618
CVE-2026-41059OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 ...04/22/202604/22/2026358622
CVE-2026-40575OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 ...04/22/202604/22/2026358624
CVE-2026-41130Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the ...04/22/202604/22/2026358626
CVE-2026-41129Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5. ...04/22/202604/22/2026358627
CVE-2026-41128Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePer ...04/22/202604/22/2026358625
CVE-2026-41127BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authoriza ...04/22/202604/22/2026358623
CVE-2026-41126BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect th ...04/22/202604/22/2026358616
CVE-2026-41135free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th gene ...04/22/202604/22/2026358612
CVE-2026-41133pyLoad is a free and open-source download manager written in Python. Versions up to and including 0. ...04/22/202604/22/2026358608
CVE-2026-41131OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in spec ...04/22/202604/22/2026358617
CVE-2026-40343free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generat ...04/22/202604/22/2026358615
CVE-2026-41144F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedd ...04/22/202604/22/2026358613
CVE-2026-41136free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source proj ...04/22/202604/22/2026358614
CVE-2026-41145MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio ...04/22/202604/22/2026358610
CVE-2026-40344MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio ...04/22/202604/22/2026358609
CVE-2026-41146facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a9 ...04/22/202604/22/2026358611
CVE-2026-5921A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that a ...04/22/202604/22/2026358754
CVE-2026-5512An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an a ...04/22/202604/22/2026358741
CVE-2026-4872Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.04/22/202604/22/2026
 
CVE-2026-4821An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Ser ...04/22/202604/22/2026358742
CVE-2026-4296An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowe ...04/22/202604/22/2026358740
CVE-2026-41063WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete XSS fix in ...04/22/202604/22/2026358751
CVE-2026-41062WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fi ...04/22/202604/22/2026358621
CVE-2026-41061WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` re ...04/22/202604/22/2026358620
CVE-2026-41055WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in ...04/22/202604/22/2026358732
CVE-2026-6832Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint t ...04/22/202604/22/2026358744
CVE-2026-6830nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching ...04/22/202604/22/2026358747
CVE-2026-6829nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated atta ...04/22/202604/22/2026358735
CVE-2026-6799A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unkno ...04/22/202604/22/2026358492
CVE-2026-41527KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra u ...04/22/202604/22/2026358755
CVE-2026-40946Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider ...04/22/202604/22/2026358746
CVE-2026-40945Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, t ...04/22/202604/22/2026358745
CVE-2026-40944Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in ...04/22/202604/22/2026358734
CVE-2026-40943Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session ...04/22/202604/22/2026358750
CVE-2026-40942The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and F ...04/22/202604/22/2026358752
CVE-2026-40939The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and F ...04/22/202604/22/2026358748
CVE-2026-40933Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...04/22/202604/22/2026358753
CVE-2026-40931Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch fo ...04/22/202604/22/2026344438
CVE-2026-40706In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix ...04/22/202604/22/2026358544
CVE-2026-1354Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with t ...04/22/202604/22/2026358733
CVE-2026-6823HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerabil ...04/22/202604/22/2026358731
CVE-2026-6797A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability ...04/22/202604/22/2026358491
CVE-2026-40938Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0. ...04/22/202604/22/2026358743
CVE-2026-40927Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving ...04/22/202604/22/2026358739
CVE-2026-40924Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to ...04/22/202604/22/2026358730
CVE-2026-40923Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to ...04/22/202604/22/2026358737
CVE-2026-35252Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracl ...04/22/202604/22/2026358689
CVE-2026-35251Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...04/22/202604/22/2026358720
CVE-2026-35250Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...04/22/202604/22/2026358728
CVE-2026-35249Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...04/22/202604/22/2026358725
CVE-2026-35248Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...04/22/202604/22/2026358722
CVE-2026-35247Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...04/22/202604/22/2026358721
CVE-2026-35246Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...04/22/202604/22/2026358719
CVE-2026-35245Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...04/22/202604/22/2026358703
CVE-2026-35244Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component ...04/22/202604/22/2026358723
CVE-2026-35243Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middlew ...04/22/202604/22/2026358718
CVE-2026-35242Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...04/22/202604/22/2026358717
CVE-2026-35241Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (componen ...04/22/202604/22/2026358691
CVE-2026-35240Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...04/22/202604/22/2026358702
CVE-2026-35239Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versi ...04/22/202604/22/2026358699
CVE-2026-35238Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t ...04/22/202604/22/2026358701
CVE-2026-35237Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t ...04/22/202604/22/2026358700
CVE-2026-35236Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t ...04/22/202604/22/2026358698
CVE-2026-35235Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versi ...04/22/202604/22/2026358706
CVE-2026-35234Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported ...04/22/202604/22/2026358697
CVE-2026-35232Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versio ...04/22/202604/22/2026358692
CVE-2026-35231Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Ser ...04/22/202604/22/2026358695
CVE-2026-35230Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...04/22/202604/22/2026358716
CVE-2026-35229Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec ...04/22/202604/22/2026358688
CVE-2026-34325Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...04/22/202604/22/2026358729
CVE-2026-34324Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (compon ...04/22/202604/22/2026358714
CVE-2026-34323Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (compon ...04/22/202604/22/2026358715
CVE-2026-34321Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...04/22/202604/22/2026358713
CVE-2026-34320Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Servic ...04/22/202604/22/2026358696
CVE-2026-34319Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported ...04/22/202604/22/2026358727
CVE-2026-34318Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported ...04/22/202604/22/2026358694
CVE-2026-34317Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported ...04/22/202604/22/2026358724
CVE-2026-34315Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv ...04/22/202604/22/2026358653
CVE-2026-34314Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...04/22/202604/22/2026358693
CVE-2026-34313Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...04/22/202604/22/2026358690
CVE-2026-34312Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affecte ...04/22/202604/22/2026358726
CVE-2026-34310Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...04/22/202604/22/2026358687
CVE-2026-34309Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Secu ...04/22/202604/22/2026358646
CVE-2026-34308Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported vers ...04/22/202604/22/2026358685
CVE-2026-34307Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Work ...04/22/202604/22/2026358652
CVE-2026-34306Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (compone ...04/22/202604/22/2026358645
CVE-2026-34305Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv ...04/22/202604/22/2026358644
CVE-2026-34304Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t ...04/22/202604/22/2026358684
CVE-2026-34303Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...04/22/202604/22/2026358686
CVE-2026-34302Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader) ...04/22/202604/22/2026358665
CVE-2026-34301Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft ( ...04/22/202604/22/2026358642
CVE-2026-34300Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Co ...04/22/202604/22/2026358641
CVE-2026-34299Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft ( ...04/22/202604/22/2026358643
CVE-2026-34298Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Pe ...04/22/202604/22/2026358664
CVE-2026-34297Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: K ...04/22/202604/22/2026358662
CVE-2026-34296Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply ...04/22/202604/22/2026358712
CVE-2026-34295Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: P ...04/22/202604/22/2026358639
CVE-2026-34294Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...04/22/202604/22/2026358649
CVE-2026-34293Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versi ...04/22/202604/22/2026358682
CVE-2026-34292Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ...04/22/202604/22/2026358637
CVE-2026-34291Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supp ...04/22/202604/22/2026358663
CVE-2026-34290Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...04/22/202604/22/2026358681
CVE-2026-34289Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...04/22/202604/22/2026358659
CVE-2026-34288Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...04/22/202604/22/2026358660
CVE-2026-34287Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...04/22/202604/22/2026358661
CVE-2026-34286Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...04/22/202604/22/2026358658
CVE-2026-34285Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...04/22/202604/22/2026358657
CVE-2026-34284Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (c ...04/22/202604/22/2026358670
CVE-2026-34283Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identit ...04/22/202604/22/2026358669
CVE-2026-34282Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...04/22/202604/22/2026358632
CVE-2026-34281Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported v ...04/22/202604/22/2026358710
CVE-2026-34280Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (compone ...04/22/202604/22/2026358636
CVE-2026-34279Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (c ...04/22/202604/22/2026358655
CVE-2026-34278Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...04/22/202604/22/2026358683
CVE-2026-34277Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Flui ...04/22/202604/22/2026358640
CVE-2026-34276Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug ...04/22/202604/22/2026358709
CVE-2026-34275Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component ...04/22/202604/22/2026358654
CVE-2026-34274Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interfa ...04/22/202604/22/2026358668
CVE-2026-34273Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are ...04/22/202604/22/2026358711
CVE-2026-34272Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...04/22/202604/22/2026358679
CVE-2026-34271Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug ...04/22/202604/22/2026358708
CVE-2026-34270Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug ...04/22/202604/22/2026358704
CVE-2026-34269Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port ...04/22/202604/22/2026358651
CVE-2026-34268Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...04/22/202604/22/2026358634
CVE-2026-34267Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...04/22/202604/22/2026358680
CVE-2026-34266Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (comp ...04/22/202604/22/2026358638
CVE-2026-33519An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Win ...04/22/202604/22/2026358738
CVE-2026-33518An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and ...04/22/202604/22/2026358736
CVE-2026-22021Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...04/22/202604/22/2026358628
CVE-2026-22019Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (compo ...04/22/202604/22/2026358650
CVE-2026-22018Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...04/22/202604/22/2026358630
CVE-2026-22017Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...04/22/202604/22/2026358678
CVE-2026-22016Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...04/22/202604/22/2026358629
CVE-2026-22015Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). ...04/22/202604/22/2026358705
CVE-2026-22014Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow ...04/22/202604/22/2026358656
CVE-2026-22013Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...04/22/202604/22/2026358631
CVE-2026-22011Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch) ...04/22/202604/22/2026358666
CVE-2026-22010Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...04/22/202604/22/2026358677
CVE-2026-22009Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...04/22/202604/22/2026358676
CVE-2026-22008Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is ...04/22/202604/22/2026358647
CVE-2026-22007Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...04/22/202604/22/2026358633
CVE-2026-22006Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (compone ...04/22/202604/22/2026358648
CVE-2026-22005Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...04/22/202604/22/2026358675
CVE-2026-22004Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t ...04/22/202604/22/2026358674
CVE-2026-22003Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co ...04/22/202604/22/2026358635
CVE-2026-22002Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...04/22/202604/22/2026358671
CVE-2026-22001Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). ...04/22/202604/22/2026358707
CVE-2026-21999Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are ...04/22/202604/22/2026358667
CVE-2026-21998Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...04/22/202604/22/2026358673
CVE-2026-21997Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Application ...04/22/202604/22/2026358672
CVE-2026-40935WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` a ...04/22/202604/22/2026358601
CVE-2026-40929WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.jso ...04/22/202604/22/2026358603
CVE-2026-40928WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpo ...04/22/202604/22/2026358602
CVE-2026-40926WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endp ...04/22/202604/22/2026358604
CVE-2026-3307An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an att ...04/22/202604/22/2026358607
CVE-2026-5845An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHu ...04/22/202604/22/2026358606
CVE-2026-41060WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` func ...04/22/202604/22/2026358599
CVE-2026-41058WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVi ...04/22/202604/22/2026358605
CVE-2026-41057WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation ...04/22/202604/22/2026358600
CVE-2026-41056WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll ...04/22/202604/22/2026358598
CVE-2026-6796A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_l ...04/21/202604/21/2026358490
CVE-2026-40925WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpda ...04/21/202604/21/2026358575
CVE-2026-40911WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's Web ...04/21/202604/21/2026358592
CVE-2026-40910frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTT ...04/21/202604/21/2026358588
CVE-2026-40906Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the Elect ...04/21/202604/21/2026358576
CVE-2026-40905LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisonin ...04/21/202604/21/2026358580
CVE-2026-40895follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that a ...04/21/202604/21/2026358584
CVE-2026-40892PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, ...04/21/202604/21/2026358583
CVE-2026-6819HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin i ...04/21/202604/21/2026358593
CVE-2026-41320Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 an ...04/21/202604/21/2026358577
CVE-2026-40888Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 an ...04/21/202604/21/2026358590
CVE-2026-40887Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to version ...04/21/202604/21/2026358581
CVE-2026-40881ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network vers ...04/21/202604/21/2026358191
CVE-2026-40880ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus ve ...04/21/202604/21/2026358192
CVE-2026-40879Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when a ...04/21/202604/21/2026358591
CVE-2026-40878mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20 ...04/21/202604/21/2026358586
CVE-2026-40875mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20 ...04/21/202604/21/2026358594
CVE-2026-40874mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20 ...04/21/202604/21/2026358589
CVE-2026-40873mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20 ...04/21/202604/21/2026358587
CVE-2026-40872mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20 ...04/21/202604/21/2026358579
CVE-2026-40871mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026- ...04/21/202604/21/2026358585
CVE-2026-40870Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30 ...04/21/202604/21/2026358578
CVE-2026-40869Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.3 ...04/21/202604/21/2026358582
CVE-2026-40372Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to ...04/21/202604/21/2026358597
CVE-2026-33813Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.04/21/202604/21/2026358596
CVE-2026-33812Parsing a malicious font file can cause excessive memory allocation.04/21/202604/21/2026358595
CVE-2026-40909WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint ( ...04/21/202604/21/2026358567
CVE-2026-40908WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at ...04/21/202604/21/2026358565
CVE-2026-40907WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/ ...04/21/202604/21/2026358566
CVE-2026-40903goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerabil ...04/21/202604/21/2026358572
CVE-2026-40890The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering ...04/21/202604/21/2026358570
CVE-2026-40889Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 an ...04/21/202604/21/2026358568
CVE-2026-40885goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ...04/21/202604/21/2026358571
CVE-2026-40884goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authenticat ...04/21/202604/21/2026358573
CVE-2026-40883goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross ...04/21/202604/21/2026358574
CVE-2026-40876goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape ...04/21/202604/21/2026358569
CVE-2026-6745A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown ...04/21/202604/21/2026358436
CVE-2026-6744A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Do ...04/21/202604/21/2026358435
CVE-2026-41456Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the se ...04/21/202604/21/2026358564
CVE-2026-40868Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, ky ...04/21/202604/21/2026358561
CVE-2026-40867Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access ...04/21/202604/21/2026358558
CVE-2026-40866Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure dir ...04/21/202604/21/2026358557
CVE-2026-40865Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure dir ...04/21/202604/21/2026358556
CVE-2026-40614PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, ...04/21/202604/21/2026358555
CVE-2026-40613Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN ...04/21/202604/21/2026358551
CVE-2026-22751Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login ...04/21/202604/21/2026358560
CVE-2026-40611Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 cha ...04/21/202604/21/2026358553
CVE-2026-40608Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. ...04/21/202604/21/2026358552
CVE-2026-40606mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software ...04/21/202604/21/2026358549
CVE-2026-40604ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. ...04/21/202604/21/2026358548
CVE-2026-40602The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up t ...04/21/202604/21/2026358547
CVE-2026-40599ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. ...04/21/202604/21/2026358545
CVE-2026-41194FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox ...04/21/202604/21/2026358562
CVE-2026-41193FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's ...04/21/202604/21/2026358559
CVE-2026-41192FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply an ...04/21/202604/21/2026358554
CVE-2026-40594pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set ...04/21/202604/21/2026358546
CVE-2026-40588blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at ...04/21/202604/21/2026358563
CVE-2026-40587blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their pa ...04/21/202604/21/2026358550
CVE-2026-41191FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesCo ...04/21/202604/21/2026358543
CVE-2026-41190FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SH ...04/21/202604/21/2026358542
CVE-2026-41189FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thr ...04/21/202604/21/2026358540
CVE-2026-41183FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned ...04/21/202604/21/2026358539
CVE-2026-40592FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-sen ...04/21/202604/21/2026358541
CVE-2026-40591FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-co ...04/21/202604/21/2026358537
CVE-2026-40590FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change C ...04/21/202604/21/2026358538
CVE-2026-40589FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privil ...04/21/202604/21/2026358536
CVE-2026-40586blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler perfo ...04/21/202604/21/2026358531
CVE-2026-40585blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is ini ...04/21/202604/21/2026358535
CVE-2026-40584RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1. ...04/21/202604/21/2026358530
CVE-2026-40583UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit ...04/21/202604/21/2026358529
CVE-2026-40570FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_cu ...04/21/202604/21/2026358534
CVE-2026-40569FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass ...04/21/202604/21/2026358526
CVE-2026-40050CrowdStrike has released security updates to address a critical unauthenticated path traversal vulne ...04/21/202604/21/2026358528
CVE-2026-38835Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSB ...04/21/202604/21/2026358533
CVE-2026-38834Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_ac ...04/21/202604/21/2026358532
CVE-2026-21571This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, ...04/21/202604/21/2026358527
CVE-2026-40568FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a store ...04/21/202604/21/2026358517
CVE-2026-40567FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthent ...04/21/202604/21/2026358524
CVE-2026-6743A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the ...04/21/202604/21/2026358434
CVE-2026-5652An insecure direct object reference vulnerability in the Users API component of Crafty Controller al ...04/21/202604/21/2026358523
CVE-2026-40576excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vu ...04/21/202604/21/2026358521
CVE-2026-40574OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2 ...04/21/202604/21/2026358522
CVE-2026-40279BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, ...04/21/202604/21/2026358520
CVE-2026-40161Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0. ...04/21/202604/21/2026358519
CVE-2026-35451Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exi ...04/21/202604/21/2026358525
CVE-2026-30452Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management syste ...04/21/202604/21/2026358518
CVE-2026-40566FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Serve ...04/21/202604/21/2026358507
CVE-2026-29179October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grai ...04/21/202604/21/2026358508
CVE-2026-27937October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflect ...04/21/202604/21/2026358516
CVE-2026-26274October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnera ...04/21/202604/21/2026358509
CVE-2026-26067October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a server- ...04/21/202604/21/2026358515
CVE-2026-25542Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 0.43 ...04/21/202604/21/2026358513
CVE-2026-24189NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause ...04/21/202604/21/2026358512
CVE-2026-24177NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without a ...04/21/202604/21/2026358511
CVE-2026-24176NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization t ...04/21/202604/21/2026358514
CVE-2026-40565FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's ...04/21/202604/21/2026358506
CVE-2026-37748Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adm ...04/21/202604/21/2026358503
CVE-2026-40498FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthent ...04/21/202604/21/2026358497
CVE-2026-5789Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a loca ...04/21/202604/21/2026358500
CVE-2026-3298The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a bounda ...04/21/202604/21/2026358499
CVE-2026-31019In the Website module of Dolibarr ERP & CRM 22.0.4 and below, the application uses blacklist-based f ...04/21/202604/21/2026358493
CVE-2026-31014Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The ...04/21/202604/21/2026358502
CVE-2026-31013Dovestones Softwares ADPhonebook <4.0.1.1 has a reflected cross-site scripting (XSS) vulnerability i ...04/21/202604/21/2026358501
CVE-2026-31018In Dolibarr ERP & CRM <= 22.0.4, PHP code detection and editing permission enforcement in the Websit ...04/21/202604/21/2026358481
CVE-2026-29644XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c21 ...04/21/202604/21/2026358487
CVE-2026-1089User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to ...04/21/202604/21/2026358484
CVE-2026-0972The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if t ...04/21/202604/21/2026358482
CVE-2026-0971An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML ...04/21/202604/21/2026358486
CVE-2026-6786Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird ...04/21/202604/21/2026358460
CVE-2026-6785Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox ...04/21/202604/21/2026358459
CVE-2026-6784Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of ...04/21/202604/21/2026358458
CVE-2026-6783Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnera ...04/21/202604/21/2026358479
CVE-2026-6782Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150.04/21/202604/21/2026358465
CVE-2026-6781Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15 ...04/21/202604/21/2026358478
CVE-2026-6780Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 15 ...04/21/202604/21/2026358477
CVE-2026-6779Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.04/21/202604/21/2026358476
CVE-2026-6778Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150.04/21/202604/21/2026358475
CVE-2026-6777Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150.04/21/202604/21/2026358474
CVE-2026-6776Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in F ...04/21/202604/21/2026358473
CVE-2026-6775Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150.04/21/202604/21/2026358472
CVE-2026-6774Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150.04/21/202604/21/2026358464
CVE-2026-6773Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was ...04/21/202604/21/2026358471
CVE-2026-6772Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Fir ...04/21/202604/21/2026358469
CVE-2026-6771Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Fi ...04/21/202604/21/2026358463
CVE-2026-6770Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150 and Fir ...04/21/202604/21/2026358470
CVE-2026-6769Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150 and Fire ...04/21/202604/21/2026358468
CVE-2026-6768Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150.04/21/202604/21/2026358462
CVE-2026-6767Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ...04/21/202604/21/2026358467
CVE-2026-6766Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Fir ...04/21/202604/21/2026358466
CVE-2026-6765Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150 a ...04/21/202604/21/2026358461
CVE-2026-6764Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed ...04/21/202604/21/2026358456
CVE-2026-6763Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150 and Fi ...04/21/202604/21/2026358442
CVE-2026-6762Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef ...04/21/202604/21/2026358455
CVE-2026-6761Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150 and Fi ...04/21/202604/21/2026358454
CVE-2026-6760Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150.04/21/202604/21/2026358441
CVE-2026-6759Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150 and Firef ...04/21/202604/21/2026358453
CVE-2026-6758Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 ...04/21/202604/21/2026358452
CVE-2026-6757Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 15 ...04/21/202604/21/2026358451
CVE-2026-6756Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.04/21/202604/21/2026358457
CVE-2026-6755Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150.04/21/202604/21/2026358440
CVE-2026-6754Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Fire ...04/21/202604/21/2026358450
CVE-2026-6753Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 a ...04/21/202604/21/2026358449
CVE-2026-6752Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, ...04/21/202604/21/2026358448
CVE-2026-6751Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firef ...04/21/202604/21/2026358447
CVE-2026-6750Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 1 ...04/21/202604/21/2026358446
CVE-2026-6749Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnera ...04/21/202604/21/2026358439
CVE-2026-6748Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firef ...04/21/202604/21/2026358445
CVE-2026-6747Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150 and Firefox ESR ...04/21/202604/21/2026358444
CVE-2026-6746Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firef ...04/21/202604/21/2026358443
CVE-2026-40520FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiat ...04/21/202604/21/2026358437
CVE-2026-32147Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erla ...04/21/202604/21/2026358438
CVE-2026-41039This vulnerability exists in Quantum Networks router due to improper access control and insecure def ...04/21/202604/21/2026358432
CVE-2026-41038This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password p ...04/21/202604/21/2026358429
CVE-2026-6553Changing backend users' passwords via the user settings module results in storing the cleartext pass ...04/21/202604/21/2026358430
CVE-2026-41037This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protec ...04/21/202604/21/2026358428
CVE-2026-41036This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied ...04/21/202604/21/2026358427
CVE-2026-3317Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulner ...04/21/202604/21/2026358433
CVE-2026-39467Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows ...04/21/202604/21/2026358431

2025

CVEDescriptionSubmissionModerationEntry
CVE-2025-11762The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Se ...04/24/202604/24/2026359327
CVE-2025-62373Pipecat is an open-source Python framework for building real-time voice and multimodal conversationa ...04/23/202604/23/2026359147
CVE-2025-50229Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.04/23/202604/23/2026359157
CVE-2025-70994Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism ...04/23/202604/23/2026359146
CVE-2025-66286An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform ...04/23/202604/23/2026359142
CVE-2025-13763Multiple uses of uninitialized variables were found in libopensc that may lead to information disclo ...04/23/202604/23/2026359140
CVE-2025-62110Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...04/23/202604/23/2026359139
CVE-2025-62104Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly C ...04/23/202604/23/2026359137
CVE-2025-10549EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder p ...04/23/202604/23/2026359126
CVE-2025-36074IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory coul ...04/23/202604/23/2026359071
CVE-2025-9957GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 ...04/22/202604/22/2026359020
CVE-2025-6016GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 ...04/22/202604/22/2026359001
CVE-2025-3922GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 ...04/22/202604/22/2026359000
CVE-2025-0186GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 ...04/22/202604/22/2026358999
CVE-2025-58922Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forge ...04/22/202604/22/2026359036
CVE-2025-70420A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated at ...04/22/202604/22/2026358749
CVE-2025-15638Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Drop ...04/21/202604/21/2026358505
CVE-2025-41029SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an at ...04/21/202604/21/2026358494
CVE-2025-41011HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to re ...04/21/202604/21/2026358496
CVE-2025-31981HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 ( ...04/21/202604/21/2026358498
CVE-2025-10354Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows ...04/21/202604/21/2026358495
CVE-2025-31958HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling vul ...04/21/202604/21/2026358485
CVE-2025-1241Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to v ...04/21/202604/21/2026358483
CVE-2025-14362The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if t ...04/21/202604/21/2026358480

2024

CVEDescriptionSubmissionModerationEntry
CVE-2024-58344Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticate ...04/22/202604/22/2026358980

2019

CVEDescriptionSubmissionModerationEntry
CVE-2019-25714Seeyon OA A8 contains an unauthenticated arbitrary file write vulnerability in the /seeyon/htmloffic ...04/21/202604/21/2026358510

2018

CVEDescriptionSubmissionModerationEntry
CVE-2018-25272ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database ...04/22/202604/22/2026358969
CVE-2018-25271Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the ap ...04/22/202604/22/2026358979
CVE-2018-25270ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers ...04/22/202604/22/2026358968
CVE-2018-25269ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malic ...04/22/202604/22/2026358978
CVE-2018-25268LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite t ...04/22/202604/22/2026358974
CVE-2018-25267UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of t ...04/22/202604/22/2026358977
CVE-2018-25266Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allow ...04/22/202604/22/2026358976
CVE-2018-25265LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows loca ...04/22/202604/22/2026358973
CVE-2018-25262Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attack ...04/22/202604/22/2026358972
CVE-2018-25261Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception hand ...04/22/202604/22/2026358971
CVE-2018-25260MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog t ...04/22/202604/22/2026358970
CVE-2018-25259Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer n ...04/22/202604/22/2026358975

2017

CVEDescriptionSubmissionModerationEntry
CVE-2017-20230Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the ...04/21/202604/21/2026358504

2014

CVEDescriptionSubmissionModerationEntry
CVE-2014-125120Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 

2013

CVEDescriptionSubmissionModerationEntry
CVE-2013-10056Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 
CVE-2013-10045Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 
CVE-2013-10041Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 

2011

CVEDescriptionSubmissionModerationEntry
CVE-2011-10031Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 

2010

CVEDescriptionSubmissionModerationEntry
CVE-2010-20124Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 
CVE-2010-20118Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 
CVE-2010-20117Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 
CVE-2010-20116Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 
CVE-2010-20110Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 

2009

CVEDescriptionSubmissionModerationEntry
CVE-2009-20012Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 

2008

CVEDescriptionSubmissionModerationEntry
CVE-2008-20003Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 
CVE-2008-20002Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 

2005

CVEDescriptionSubmissionModerationEntry
CVE-2005-20001Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 

2000

CVEDescriptionSubmissionModerationEntry
CVE-2000-5001Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.04/22/202604/22/2026
 

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!