CVEinfo

CVE is an industry standard to provide a naming convention and unique identifier for disclosed security vulnerabilities.

2026

CVEDescriptionSubmissionModerationEntry
CVE-2026-32146Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows a ...04/11/2026
 
CVE-2026-23900Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0 ...04/11/2026
 
CVE-2026-5809The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and ...04/11/202604/11/2026356980
CVE-2026-34621Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Control ...04/11/202604/11/2026356962
CVE-2026-5496Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability ...04/11/202604/11/2026355609
CVE-2026-5495Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerab ...04/11/202604/11/2026355610
CVE-2026-5494Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerab ...04/11/202604/11/2026355607
CVE-2026-5493Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerab ...04/11/202604/11/2026355608
CVE-2026-5059aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability all ...04/11/202604/11/2026354290
CVE-2026-5058aws-mcp-server Command Injection Remote Code Execution Vulnerability. This vulnerability allows remo ...04/11/202604/11/2026354289
CVE-2026-5055NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerabil ...04/11/202604/11/2026354329
CVE-2026-5054NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability ...04/11/202604/11/2026354328
CVE-2026-5053NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability al ...04/11/202604/11/2026354327
CVE-2026-4158KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerab ...04/11/202604/11/2026351349
CVE-2026-4157ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vul ...04/11/202604/11/2026351348
CVE-2026-4156ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. ...04/11/202604/11/2026351347
CVE-2026-4155ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulne ...04/11/202604/11/2026351346
CVE-2026-5226The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross- ...04/11/202604/11/2026356960
CVE-2026-5217The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin ...04/11/202604/11/2026356952
CVE-2026-5207The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all v ...04/11/202604/11/2026356956
CVE-2026-5144The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions ...04/11/202604/11/2026356954
CVE-2026-4979The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for ...04/11/202604/11/2026356951
CVE-2026-4895The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cros ...04/11/202604/11/2026356950
CVE-2026-3498The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clien ...04/11/202604/11/2026356959
CVE-2026-3371The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecur ...04/11/202604/11/2026356953
CVE-2026-3358The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unautho ...04/11/202604/11/2026356955
CVE-2026-4154GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allow ...04/11/202604/11/2026352002
CVE-2026-4153GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi ...04/11/202604/11/2026352001
CVE-2026-4152GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerabi ...04/11/202604/11/2026351998
CVE-2026-4151GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allow ...04/11/202604/11/2026352003
CVE-2026-4150GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allow ...04/11/202604/11/2026351999
CVE-2026-4149Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerabil ...04/11/202604/11/2026351345
CVE-2026-40354Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash an ...04/11/202604/11/2026356961
CVE-2026-3691OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote ...04/11/202604/11/2026354231
CVE-2026-3690OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to b ...04/11/202604/11/2026354230
CVE-2026-3689OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remot ...04/11/202604/11/2026354229
CVE-2026-40199Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow ...04/11/202604/11/2026356958
CVE-2026-40198Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ...04/11/202604/11/2026356957
CVE-2026-40242Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17. ...04/10/202604/10/2026356949
CVE-2026-40194phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net ...04/10/202604/10/2026356945
CVE-2026-40252FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (I ...04/10/202604/10/2026356948
CVE-2026-5724The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor ...04/10/202604/10/2026356946
CVE-2026-33119User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all ...04/10/202604/10/2026356947
CVE-2026-33118Microsoft Edge (Chromium-based) Spoofing Vulnerability04/10/202604/10/2026356944
CVE-2026-40191ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. ...04/10/202604/10/2026356941
CVE-2026-40190LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, th ...04/10/202604/10/2026356928
CVE-2026-40189goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per- ...04/10/202604/10/2026356927
CVE-2026-40188goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command renam ...04/10/202604/10/2026356922
CVE-2026-40185TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the ...04/10/202604/10/2026356943
CVE-2026-40184TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requirin ...04/10/202604/10/2026356942
CVE-2026-40180Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs gen ...04/10/202604/10/2026356936
CVE-2026-39922GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnera ...04/10/202604/10/2026356940
CVE-2026-39921GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnera ...04/10/202604/10/2026356937
CVE-2026-40178ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.1 ...04/10/202604/10/2026356935
CVE-2026-40177ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.1 ...04/10/202604/10/2026356933
CVE-2026-40175Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library ...04/10/202604/10/2026356921
CVE-2026-40168Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vu ...04/10/202604/10/2026356926
CVE-2026-32252Chartbrew is an open-source web application that can connect directly to databases and APIs and use ...04/10/202604/10/2026356925
CVE-2026-30232Chartbrew is an open-source web application that can connect directly to databases and APIs and use ...04/10/202604/10/2026356938
CVE-2026-33705Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /mai ...04/10/202604/10/2026356932
CVE-2026-33704Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including stu ...04/10/202604/10/2026356920
CVE-2026-33737Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use sim ...04/10/202604/10/2026356939
CVE-2026-33736Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ...04/10/202604/10/2026356931
CVE-2026-33710Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are gene ...04/10/202604/10/2026356924
CVE-2026-33708Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST ...04/10/202604/10/2026356934
CVE-2026-33707Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password r ...04/10/202604/10/2026356923
CVE-2026-33706Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST AP ...04/10/202604/10/2026356930
CVE-2026-27460Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. ...04/10/202604/10/2026356929
CVE-2026-3446When calling base64.b64decode() or related functions the decoding process would stop after encounter ...04/10/202604/10/2026356919
CVE-2026-33703Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Referenc ...04/10/202604/10/2026356918
CVE-2026-33702Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a ...04/10/202604/10/2026356917
CVE-2026-33698Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise ...04/10/202604/10/2026356916
CVE-2026-33618Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController ...04/10/202604/10/2026356915
CVE-2026-33141Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Referenc ...04/10/202604/10/2026356904
CVE-2026-32932Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulne ...04/10/202604/10/2026356903
CVE-2026-32931Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file u ...04/10/202604/10/2026356865
CVE-2026-32930Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Obj ...04/10/202604/10/2026356902
CVE-2026-32892Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a ...04/10/202604/10/2026356866
CVE-2026-1502CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.04/10/202604/10/2026356914
CVE-2026-5483A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` ...04/10/202604/10/2026356852
CVE-2026-32894Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Obj ...04/10/202604/10/2026356901
CVE-2026-32893Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting ( ...04/10/202604/10/2026356913
CVE-2026-31941Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a ...04/10/202604/10/2026356908
CVE-2026-31940Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.p ...04/10/202604/10/2026356846
CVE-2026-31939Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exe ...04/10/202604/10/2026356849
CVE-2026-40163Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, ...04/10/202604/10/2026356882
CVE-2026-40162Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability wa ...04/10/202604/10/2026356897
CVE-2026-40200An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur d ...04/10/202604/10/2026356863
CVE-2026-40103Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API ...04/10/202604/10/2026356883
CVE-2026-40086Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the ...04/10/202604/10/2026356862
CVE-2026-35670OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to r ...04/10/202604/10/2026356900
CVE-2026-35669OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plu ...04/10/202604/10/2026356905
CVE-2026-35668OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sa ...04/10/202604/10/2026356906
CVE-2026-35667OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command ...04/10/202604/10/2026347304
CVE-2026-35666OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fa ...04/10/202604/10/2026356899
CVE-2026-35665OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook han ...04/10/202604/10/2026351914
CVE-2026-35664OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface t ...04/10/202604/10/2026356896
CVE-2026-40160PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path pas ...04/10/202604/10/2026356909
CVE-2026-40159PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol ...04/10/202604/10/2026356850
CVE-2026-40158PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can ...04/10/202604/10/2026356847
CVE-2026-40157PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .pr ...04/10/202604/10/2026356895
CVE-2026-40156PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file name ...04/10/202604/10/2026356859
CVE-2026-40100FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool end ...04/10/202604/10/2026356881
CVE-2026-40097Step CA is an online certificate authority for secure, automated certificate management for DevOps. ...04/10/202604/10/2026356894
CVE-2026-40074SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Pr ...04/10/202604/10/2026356893
CVE-2026-40073SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Pr ...04/10/202604/10/2026356858
CVE-2026-22560An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected ...04/10/202604/10/2026356912
CVE-2026-35663OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators ...04/10/202604/10/2026356880
CVE-2026-35662OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing le ...04/10/202604/10/2026356879
CVE-2026-35661OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query ...04/10/202604/10/2026356876
CVE-2026-35660OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent ...04/10/202604/10/2026356877
CVE-2026-35659OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour ...04/10/202604/10/2026356875
CVE-2026-35658OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that ...04/10/202604/10/2026356892
CVE-2026-35657OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sess ...04/10/202604/10/2026356878
CVE-2026-35656OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For hea ...04/10/202604/10/2026356857
CVE-2026-35655OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution t ...04/10/202604/10/2026356891
CVE-2026-35654OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback ...04/10/202604/10/2026356848
CVE-2026-35653OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profi ...04/10/202604/10/2026356874
CVE-2026-35652OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dis ...04/10/202604/10/2026356889
CVE-2026-35651OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerabilit ...04/10/202604/10/2026356890
CVE-2026-35650OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allo ...04/10/202604/10/2026356888
CVE-2026-35649OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to ...04/10/202604/10/2026356887
CVE-2026-35648OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not r ...04/10/202604/10/2026356886
CVE-2026-35647OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass ...04/10/202604/10/2026356885
CVE-2026-35643OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing ...04/10/202604/10/2026356884
CVE-2026-35641OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hoo ...04/10/202604/10/2026356910
CVE-2026-35621OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command ...04/10/202604/10/2026356873
CVE-2026-35620OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist ...04/10/202604/10/2026356856
CVE-2026-35619OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endp ...04/10/202604/10/2026356845
CVE-2026-35602Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file imp ...04/10/202604/10/2026356855
CVE-2026-35601Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output ge ...04/10/202604/10/2026356872
CVE-2026-35600Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embe ...04/10/202604/10/2026356871
CVE-2026-35599Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatInterva ...04/10/202604/10/2026356870
CVE-2026-35598Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResour ...04/10/202604/10/2026356869
CVE-2026-35597Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-atte ...04/10/202604/10/2026356854
CVE-2026-35596Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel ...04/10/202604/10/2026356853
CVE-2026-35595Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check ...04/10/202604/10/2026356868
CVE-2026-40228In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users ...04/10/202604/10/2026356911
CVE-2026-40023Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayou ...04/10/202604/10/2026356841
CVE-2026-40021Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#lay ...04/10/202604/10/2026356840
CVE-2026-35594Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share ...04/10/202604/10/2026356867
CVE-2026-34727Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback ha ...04/10/202604/10/2026356907
CVE-2026-34481Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout. ...04/10/202604/10/2026356839
CVE-2026-34480Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , ...04/10/202604/10/2026356844
CVE-2026-34479The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden b ...04/10/202604/10/2026356838
CVE-2026-34478Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424L ...04/10/202604/10/2026356843
CVE-2026-34477The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: ...04/10/202604/10/2026356842
CVE-2026-29043HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file ...04/10/202604/10/2026356851
CVE-2026-23781An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user cred ...04/10/202604/10/2026356864
CVE-2026-40227In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with ...04/10/202604/10/2026356837
CVE-2026-40226In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted op ...04/10/202604/10/2026356835
CVE-2026-40225In udev in systemd before 260, local root execution can occur via malicious hardware devices and uns ...04/10/202604/10/2026356836
CVE-2026-40224In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink c ...04/10/202604/10/2026356833
CVE-2026-40223In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and U ...04/10/202604/10/2026356834
CVE-2026-29002CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users t ...04/10/202604/10/2026356832
CVE-2026-36236SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php vi ...04/10/202604/10/2026356827
CVE-2026-36233A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Onl ...04/10/202604/10/2026356828
CVE-2026-36232A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Stu ...04/10/202604/10/2026356826
CVE-2026-31262Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remo ...04/10/202604/10/2026356830
CVE-2026-29861PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the use ...04/10/202604/10/2026356823
CVE-2026-36235A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Stude ...04/10/202604/10/2026356822
CVE-2026-36234itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php v ...04/10/202604/10/2026356824
CVE-2026-23782An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allow ...04/10/202604/10/2026356829
CVE-2026-23780An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in ...04/10/202604/10/2026356825
CVE-2026-40217LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting ...04/10/202604/10/2026356821
CVE-2026-6069NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output ...04/10/202604/10/2026356818
CVE-2026-6068NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling ...04/10/202604/10/2026356817
CVE-2026-6067A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds ...04/10/202604/10/2026356816
CVE-2026-33092Local privilege escalation due to improper handling of environment variables. The following products ...04/10/202604/10/2026356819
CVE-2026-5412In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. ...04/10/202604/10/2026356813
CVE-2026-5774Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, ...04/10/202604/10/2026356811
CVE-2026-5777This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bri ...04/10/202604/10/2026356815
CVE-2026-39304Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, ...04/10/202604/10/2026356557
CVE-2026-31412In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fi ...04/10/202604/10/2026356808
CVE-2026-6057FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload A ...04/10/202604/10/2026356810
CVE-2026-4162The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and ...04/10/202604/10/2026356812
CVE-2026-6042A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the ...04/10/202604/10/2026356620
CVE-2026-6038A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts ...04/10/202604/10/2026356619
CVE-2026-6037A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects ...04/10/202604/10/2026356618
CVE-2026-6036A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted elem ...04/10/202604/10/2026356617
CVE-2026-33457Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allo ...04/10/202604/10/2026356806
CVE-2026-33456Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authe ...04/10/202604/10/2026356805
CVE-2026-33455Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attac ...04/10/202604/10/2026356807
CVE-2026-6035A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected ...04/10/202604/10/2026356616
CVE-2026-6034A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknow ...04/10/202604/10/2026356615
CVE-2026-6033A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of ...04/10/202604/10/2026356609
CVE-2026-5525A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handl ...04/10/202604/10/2026356803
CVE-2026-40212OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerab ...04/10/202604/10/2026356804
CVE-2026-22750When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl ...04/10/202604/10/2026356802
CVE-2026-6032A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown functi ...04/10/202604/10/2026356608
CVE-2026-6031A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unkn ...04/10/202604/10/2026356607
CVE-2026-6030A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an ...04/10/202604/10/2026356606
CVE-2026-6029A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the f ...04/10/202604/10/2026356605
CVE-2026-6028A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the ...04/10/202604/10/2026356604
CVE-2026-1115A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/l ...04/10/202604/10/2026356801
CVE-2026-6027A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the func ...04/10/202604/10/2026356603
CVE-2026-6026A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability aff ...04/10/202604/10/2026356602
CVE-2026-4432The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist own ...04/10/202604/10/2026356798
CVE-2026-28704Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same ...04/10/202604/10/2026356799
CVE-2026-6025A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function s ...04/10/202604/10/2026356601
CVE-2026-6024A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7W ...04/10/202604/10/2026356600
CVE-2026-6016A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd o ...04/10/202604/10/2026356572
CVE-2026-6015A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of ...04/10/202604/10/2026356571
CVE-2026-5477An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge C ...04/10/202604/10/2026356797
CVE-2026-6014A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of th ...04/10/202604/10/2026356570
CVE-2026-6013A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSet ...04/10/202604/10/2026356569
CVE-2026-6012A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSet ...04/10/202604/10/2026356568
CVE-2026-6011A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown f ...04/10/202604/10/2026356567
CVE-2026-4482The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricte ...04/10/202604/10/2026356796
CVE-2026-6004A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown ...04/10/202604/10/2026356560
CVE-2026-6003A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This iss ...04/10/202604/10/2026356559
CVE-2026-6000A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unkn ...04/10/202604/10/2026356554
CVE-2026-5999A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the com ...04/10/202604/10/2026356553
CVE-2026-33551An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0. ...04/10/202604/10/2026356015
CVE-2026-6010A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulner ...04/10/202604/10/2026356566
CVE-2026-6007A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknow ...04/10/202604/10/2026356563
CVE-2026-6006A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted e ...04/10/202604/10/2026356562
CVE-2026-6005A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is ...04/10/202604/10/2026356561
CVE-2026-5501wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the ...04/10/202604/10/2026356690
CVE-2026-5500wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication t ...04/10/202604/10/2026356721
CVE-2026-5479In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and r ...04/10/202604/10/2026356720
CVE-2026-5466wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the sig ...04/10/202604/10/2026356719
CVE-2026-5188An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extensi ...04/10/202604/10/2026356710
CVE-2026-2305The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...04/10/202604/10/2026356718
CVE-2026-5998A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function ...04/10/202604/10/2026356552
CVE-2026-5997A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the f ...04/10/202604/10/2026356551
CVE-2026-5996A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected el ...04/10/202604/10/2026356550
CVE-2026-5995A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function se ...04/10/202604/10/2026356549
CVE-2026-5994A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the ...04/10/202604/10/2026356548
CVE-2026-5993A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects ...04/10/202604/10/2026356547
CVE-2026-5992A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of ...04/10/202604/10/2026356546
CVE-2026-5991A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtra ...04/10/202604/10/2026356545
CVE-2026-5990A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function ...04/10/202604/10/2026356544
CVE-2026-5989A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /g ...04/10/202604/10/2026356543
CVE-2026-5460A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare pr ...04/10/202604/10/2026356759
CVE-2026-5448X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may ...04/10/202604/10/2026356760
CVE-2026-5393Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVer ...04/10/202604/10/2026356776
CVE-2026-5392Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the hea ...04/10/202604/10/2026356775
CVE-2026-4977The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for ...04/10/202604/10/2026356708
CVE-2026-4664The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in ...04/10/202604/10/2026356707
CVE-2026-4351The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in ...04/10/202604/10/2026356689
CVE-2026-4305The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Si ...04/10/202604/10/2026356717
CVE-2026-4057The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to ...04/10/202604/10/2026356709
CVE-2026-3360The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Inse ...04/10/202604/10/2026356706
CVE-2026-2712The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to mi ...04/10/202604/10/2026356687
CVE-2026-25203Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability ...04/10/202604/10/2026356728
CVE-2026-1924The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers ...04/10/202604/10/2026356716
CVE-2026-1263The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, ...04/10/202604/10/2026356715
CVE-2026-5983A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDD ...04/10/202604/10/2026356537
CVE-2026-5982A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAd ...04/10/202604/10/2026356536
CVE-2026-5981A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall ...04/10/202604/10/2026356535
CVE-2026-5778Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in ...04/10/202604/10/2026356763
CVE-2026-5772A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) duri ...04/10/202604/10/2026356762
CVE-2026-5264Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1 ...04/10/202604/10/2026356795
CVE-2026-5263URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate ...04/10/202604/10/2026356771
CVE-2026-40154PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched templat ...04/10/202604/10/2026356761
CVE-2026-40153PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in she ...04/10/202604/10/2026356784
CVE-2026-40152PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools v ...04/10/202604/10/2026356753
CVE-2026-40151PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a ...04/10/202604/10/2026356787
CVE-2026-40150PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praison ...04/10/202604/10/2026356792
CVE-2026-40149PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list en ...04/10/202604/10/2026356758
CVE-2026-40148PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in Praiso ...04/10/202604/10/2026356794
CVE-2026-40117PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py ...04/10/202604/10/2026356769
CVE-2026-40116PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in P ...04/10/202604/10/2026356756
CVE-2026-40115PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (se ...04/10/202604/10/2026356791
CVE-2026-40114PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbi ...04/10/202604/10/2026356770
CVE-2026-40113PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delim ...04/10/202604/10/2026356768
CVE-2026-40112PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/a ...04/10/202604/10/2026356785
CVE-2026-40111PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praison ...04/10/202604/10/2026356767
CVE-2026-39848Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop opera ...04/10/202604/10/2026356750
CVE-2026-35646OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook t ...04/10/202604/10/2026356755
CVE-2026-35645OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subage ...04/10/202604/10/2026356790
CVE-2026-35644OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers wit ...04/10/202604/10/2026356757
CVE-2026-35642OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events ...04/10/202604/10/2026356782
CVE-2026-35640OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing ...04/10/202604/10/2026356734
CVE-2026-35639OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve m ...04/10/202604/10/2026356745
CVE-2026-35638OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allow ...04/10/202604/10/2026356781
CVE-2026-35637OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization che ...04/10/202604/10/2026356783
CVE-2026-35636OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where ...04/10/202604/10/2026356780
CVE-2026-35635OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Ch ...04/10/202604/10/2026356779
CVE-2026-35634OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway wher ...04/10/202604/10/2026356793
CVE-2026-35633OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP ...04/10/202604/10/2026356766
CVE-2026-35632OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.up ...04/10/202604/10/2026356752
CVE-2026-35631OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat comman ...04/10/202604/10/2026356751
CVE-2026-35629OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel e ...04/10/202604/10/2026356789
CVE-2026-35628OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authent ...04/10/202604/10/2026356754
CVE-2026-35627OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct mes ...04/10/202604/10/2026356748
CVE-2026-35626OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice cal ...04/10/202604/10/2026356765
CVE-2026-35625OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-au ...04/10/202604/10/2026356774
CVE-2026-35624OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that match ...04/10/202604/10/2026356778
CVE-2026-35623OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication t ...04/10/202604/10/2026356743
CVE-2026-35622OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google C ...04/10/202604/10/2026356747
CVE-2026-35618OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verificatio ...04/10/202604/10/2026356777
CVE-2026-35617OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy ...04/10/202604/10/2026356746
CVE-2026-34512OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:s ...04/10/202604/10/2026356764
CVE-2026-33797An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows ...04/10/202604/10/2026356737
CVE-2026-33793An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networ ...04/10/202604/10/2026356729
CVE-2026-33791An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos O ...04/10/202604/10/2026356740
CVE-2026-33790An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of ...04/10/202604/10/2026356736
CVE-2026-33788A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs ...04/10/202604/10/2026356749
CVE-2026-33786An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon ...04/10/202604/10/2026356741
CVE-2026-33782A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Ju ...04/10/202604/10/2026356739
CVE-2026-33780A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning ...04/10/202604/10/2026356733
CVE-2026-33779An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks J ...04/10/202604/10/2026356732
CVE-2026-33775A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber ...04/10/202604/10/2026356731
CVE-2026-33773An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Junip ...04/10/202604/10/2026356742
CVE-2026-21919An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos ...04/10/202604/10/2026356730
CVE-2026-21916A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allow ...04/10/202604/10/2026356735
CVE-2026-21915A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JS ...04/10/202604/10/2026356773
CVE-2026-21904An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit ...04/10/202604/10/2026356744
CVE-2026-5980A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACF ...04/10/202604/10/2026356534
CVE-2026-5979A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the funct ...04/10/202604/10/2026356533
CVE-2026-5978A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the ...04/10/202604/10/2026356532
CVE-2026-5977A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function s ...04/10/202604/10/2026356531
CVE-2026-5447Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overfl ...04/10/202604/10/2026356788
CVE-2026-5446In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce ...04/10/202604/10/2026356786
CVE-2026-40093nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and ear ...04/10/202604/10/2026356772
CVE-2026-33787An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon ...04/10/202604/10/2026356698
CVE-2026-5985A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected el ...04/10/202604/10/2026356539
CVE-2026-5507When restoring a session from cache, a pointer from the serialized session data is used in a free op ...04/10/202604/10/2026356703
CVE-2026-5986A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the func ...04/10/202604/10/2026356540
CVE-2026-5504A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover pl ...04/10/202604/10/2026356688
CVE-2026-5503In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find ...04/10/202604/10/2026356714
CVE-2026-5988A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the ...04/10/202604/10/2026356542
CVE-2026-5987A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the f ...04/10/202604/10/2026356541
CVE-2026-5295A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() functi ...04/10/202604/10/2026356726
CVE-2026-34424Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access to ...04/10/202604/10/2026356686
CVE-2026-33785A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a ...04/10/202604/10/2026356695
CVE-2026-33784A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual L ...04/10/202604/10/2026356700
CVE-2026-33783A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networ ...04/10/202604/10/2026356694
CVE-2026-33781An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin ...04/10/202604/10/2026356693
CVE-2026-33778An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by ...04/10/202604/10/2026356692
CVE-2026-33776A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved a ...04/10/202604/10/2026356697
CVE-2026-33774An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin ...04/10/202604/10/2026356691
CVE-2026-33771A Weak Password Requirements vulnerability in the password management function of Juniper Networks C ...04/10/202604/10/2026356704
CVE-2026-5984A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of th ...04/10/202604/10/2026356538
CVE-2026-40109Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolk ...04/09/202604/10/2026356696
CVE-2026-40107SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with ...04/09/202604/10/2026356713
CVE-2026-35206Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specia ...04/09/202604/10/2026356712
CVE-2026-5976A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the funct ...04/09/202604/09/2026356530
CVE-2026-5975A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the ...04/09/202604/09/2026356529
CVE-2026-5974A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the ...04/09/202604/09/2026356528
CVE-2026-5194Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA cert ...04/09/202604/10/2026356705
CVE-2026-4436A low-privileged remote attacker can send Modbus packets to manipulate register values that are inp ...04/09/202604/10/2026356702
CVE-2026-5187Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. ...04/09/202604/09/2026356683
CVE-2026-40089Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audi ...04/09/202604/09/2026356684
CVE-2026-40088PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow ...04/09/202604/09/2026356682
CVE-2026-40087LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.2 ...04/09/202604/09/2026356681
CVE-2026-35577Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. P ...04/09/202604/09/2026356680
CVE-2026-34500CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled a ...04/09/202604/09/2026356679
CVE-2026-34487Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin ...04/09/202604/09/2026356678
CVE-2026-34486Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-291 ...04/09/202604/09/2026356676
CVE-2026-34483Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache ...04/09/202604/09/2026356677
CVE-2026-5973A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime ...04/09/202604/09/2026356527
CVE-2026-5972A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the funct ...04/09/202604/09/2026356526
CVE-2026-40077Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept ...04/09/202604/09/2026356671
CVE-2026-39977flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-fil ...04/09/202604/09/2026356657
CVE-2026-35063OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authe ...04/09/202604/09/2026356670
CVE-2026-34734HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the ...04/09/202604/09/2026356665
CVE-2026-32990Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. ...04/09/202604/09/2026356662
CVE-2026-29923The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privil ...04/09/202604/09/2026356674
CVE-2026-29146Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This ...04/09/202604/09/2026356653
CVE-2026-29145CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled v ...04/09/202604/09/2026356661
CVE-2026-29129Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects ...04/09/202604/09/2026356660
CVE-2026-25854Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via th ...04/09/202604/09/2026356659
CVE-2026-24880Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Ap ...04/09/202604/09/2026356654
CVE-2026-39912V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response b ...04/09/202604/09/2026356673
CVE-2026-35556OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an atta ...04/09/202604/09/2026356675
CVE-2026-35195Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's imple ...04/09/202604/09/2026356672
CVE-2026-35186Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's ...04/09/202604/09/2026356655
CVE-2026-34988Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's ...04/09/202604/09/2026356669
CVE-2026-34987Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime wi ...04/09/202604/09/2026356664
CVE-2026-34983Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can resu ...04/09/202604/09/2026356668
CVE-2026-34971Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's ...04/09/202604/09/2026356652
CVE-2026-34946Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's ...04/09/202604/09/2026356663
CVE-2026-34945Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's ...04/09/202604/09/2026356656
CVE-2026-34944Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platfo ...04/09/202604/09/2026356667
CVE-2026-34943Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contain ...04/09/202604/09/2026356666
CVE-2026-31170An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...04/09/202604/09/2026355506
CVE-2026-28205OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability w ...04/09/202604/09/2026356658
CVE-2026-34942Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's imple ...04/09/202604/09/2026356650
CVE-2026-34941Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contain ...04/09/202604/09/2026356649
CVE-2026-5971A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the functi ...04/09/202604/09/2026356525
CVE-2026-5329Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in ...04/09/202604/09/2026356646
CVE-2026-39911Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability ...04/09/202604/09/2026356648
CVE-2026-39315Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable tha ...04/09/202604/09/2026356647
CVE-2026-35207dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a ...04/09/202604/09/2026356651
CVE-2026-1584A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sen ...04/09/202604/09/2026345137
CVE-2026-40072web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.1 ...04/09/202604/09/2026356645
CVE-2026-40071pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /js ...04/09/202604/09/2026356642
CVE-2026-40070BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::Wallet ...04/09/202604/09/2026356644
CVE-2026-40069BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's ...04/09/202604/09/2026356643
CVE-2026-5970A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function chec ...04/09/202604/09/2026356524
CVE-2026-39987marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The ...04/09/202604/09/2026356624
CVE-2026-39985LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...04/09/202604/09/2026356636
CVE-2026-39983basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via C ...04/09/202604/09/2026356635
CVE-2026-39981AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the ess ...04/09/202604/09/2026356634
CVE-2026-39980OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. ...04/09/202604/09/2026356629
CVE-2026-39961Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From ...04/09/202604/09/2026356623
CVE-2026-30478A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows ...04/09/202604/09/2026356640
CVE-2026-5962A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecur ...04/09/202604/09/2026356515
CVE-2026-39976Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is a ...04/09/202604/09/2026356633
CVE-2026-39974n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive acce ...04/09/202604/09/2026356621
CVE-2026-39972Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-e ...04/09/202604/09/2026356632
CVE-2026-39962MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutraliz ...04/09/202604/09/2026356622
CVE-2026-39959Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol ...04/09/202604/09/2026356628
CVE-2026-39958oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metada ...04/09/202604/09/2026356626
CVE-2026-5961A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vul ...04/09/202604/09/2026356514
CVE-2026-40046Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveM ...04/09/202604/09/2026356558
CVE-2026-39957Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug i ...04/09/202604/09/2026356625
CVE-2026-39943Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, D ...04/09/202604/09/2026356638
CVE-2026-39942Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, t ...04/09/202604/09/2026356637
CVE-2026-39856osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out- ...04/09/202604/09/2026356631
CVE-2026-39855osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an inte ...04/09/202604/09/2026356630
CVE-2026-30479A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attacke ...04/09/202604/09/2026356639
CVE-2026-39941ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows at ...04/09/202604/09/2026356610
CVE-2026-39853osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack ...04/09/202604/09/2026356613
CVE-2026-39843Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of ...04/09/202604/09/2026356612
CVE-2026-39398The affected product and advisory are not public.04/09/202604/09/2026
 
CVE-2026-34020Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The RE ...04/09/202604/09/2026356599
CVE-2026-33266Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie en ...04/09/202604/09/2026356598
CVE-2026-33005Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered u ...04/09/202604/09/2026356597
CVE-2026-5959A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affect ...04/09/202604/09/2026356512
CVE-2026-5445An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDec ...04/09/202604/09/2026356596
CVE-2026-5444A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a ...04/09/202604/09/2026356591
CVE-2026-5443A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pix ...04/09/202604/09/2026356595
CVE-2026-5442A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded ...04/09/202604/09/2026356594
CVE-2026-5441An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.c ...04/09/202604/09/2026356593
CVE-2026-5440A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Len ...04/09/202604/09/2026356590
CVE-2026-5439A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts Z ...04/09/202604/09/2026356592
CVE-2026-5438A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Enc ...04/09/202604/09/2026356576
CVE-2026-5437An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. ...04/09/202604/09/2026356580
CVE-2026-5960A weakness has been identified in code-projects Patient Record Management System 1.0. This affects a ...04/09/202604/09/2026356513
CVE-2026-4878A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TO ...04/09/202604/09/2026356016
CVE-2026-35205Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins ...04/09/202604/09/2026356583
CVE-2026-35204Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm p ...04/09/202604/09/2026356582
CVE-2026-35041fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service ...04/09/202604/09/2026356579
CVE-2026-35040fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers ...04/09/202604/09/2026356578
CVE-2026-4116Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authent ...04/09/202604/09/2026356588
CVE-2026-4114Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authent ...04/09/202604/09/2026356587
CVE-2026-4113An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a ...04/09/202604/09/2026356586
CVE-2026-4112Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWal ...04/09/202604/09/2026356577
CVE-2026-34757LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl ...04/09/202604/09/2026356507
CVE-2026-34578OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authenti ...04/09/202604/09/2026356573
CVE-2026-4660HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system durin ...04/09/202604/09/2026356564
CVE-2026-3005The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl ...04/09/202604/09/2026356556
CVE-2026-2519The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable t ...04/09/202604/09/2026356555
CVE-2026-24661Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhoo ...04/09/202604/09/2026356523
CVE-2026-21388Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhoo ...04/09/202604/09/2026356522
CVE-2026-4901Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials ...04/09/202604/09/2026356521
CVE-2026-34185Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. ...04/09/202604/09/2026356520
CVE-2026-34184Hydrosystem Control System does not enforce authorization for some directories. This allows an unaut ...04/09/202604/09/2026356517
CVE-2026-34538Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to ...04/09/202604/09/2026356508
CVE-2026-34179In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go ...04/09/202604/09/2026356511
CVE-2026-34178In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/in ...04/09/202604/09/2026356510
CVE-2026-34177Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidde ...04/09/202604/09/2026356509
CVE-2026-5854A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the ...04/09/202604/09/2026356380
CVE-2026-5853A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by thi ...04/09/202604/09/2026356379
CVE-2026-5852A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function se ...04/09/202604/09/2026356378
CVE-2026-5851A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the funct ...04/09/202604/09/2026356377
CVE-2026-5850A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function s ...04/09/202604/09/2026356376
CVE-2026-5849A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown funct ...04/09/202604/09/2026356375
CVE-2026-5848A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function ...04/09/202604/09/2026356374
CVE-2026-5847A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown f ...04/09/202604/09/2026356373
CVE-2026-5844A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file pr ...04/09/202604/09/2026356329
CVE-2026-5842A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is ...04/09/202604/09/2026356298
CVE-2026-5841A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7Web ...04/09/202604/09/2026356297
CVE-2026-5840A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown fu ...04/09/202604/09/2026356296
CVE-2026-5839A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknow ...04/09/202604/09/2026356295
CVE-2026-5838A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unk ...04/09/202604/09/2026356294
CVE-2026-5742The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and ...04/09/202604/09/2026356506
CVE-2026-4336The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ ...04/09/202604/09/2026356500
CVE-2026-1830The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up ...04/09/202604/09/2026356498
CVE-2026-5837A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the ...04/09/202604/09/2026356293
CVE-2026-5836A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is som ...04/09/202604/09/2026356292
CVE-2026-5835A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an u ...04/09/202604/09/2026356291
CVE-2026-5834A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function ...04/09/202604/09/2026356290
CVE-2026-5833A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impac ...04/09/202604/09/2026356289
CVE-2026-5357The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' ...04/09/202604/09/2026356501
CVE-2026-4429The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...04/09/202604/09/2026356505
CVE-2026-4124The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and in ...04/09/202604/09/2026356503
CVE-2026-3574The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Script ...04/09/202604/09/2026356504
CVE-2026-3568The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versio ...04/09/202604/09/2026356499
CVE-2026-5832A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze ...04/09/202604/09/2026356288
CVE-2026-5831A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown funct ...04/09/202604/09/2026356278
CVE-2026-5830A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of th ...04/09/202604/09/2026356277
CVE-2026-4326The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all v ...04/09/202604/09/2026356502
CVE-2026-5827A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unkno ...04/09/202604/09/2026356274
CVE-2026-5826A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unkno ...04/09/202604/09/2026356273
CVE-2026-5825A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects ...04/09/202604/09/2026356272
CVE-2026-5829A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element ...04/09/202604/09/2026356276
CVE-2026-5828A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is a ...04/09/202604/09/2026356275
CVE-2026-5823A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this ...04/09/202604/09/2026356270
CVE-2026-5824A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects ...04/09/202604/09/2026356271
CVE-2026-5812A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This a ...04/09/202604/09/2026356260
CVE-2026-5811A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this i ...04/09/202604/09/2026356259
CVE-2026-5173GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18. ...04/09/202604/09/2026356480
CVE-2026-4916GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 ...04/09/202604/09/2026356393
CVE-2026-4398Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.04/09/202604/09/2026
 
CVE-2026-4332GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 bef ...04/09/202604/09/2026356478
CVE-2026-3438A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 th ...04/09/202604/09/2026356494
CVE-2026-3199A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 throug ...04/09/202604/09/2026356479
CVE-2026-2619GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 bef ...04/09/202604/09/2026356477
CVE-2026-5919Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 all ...04/09/202604/09/2026356451
CVE-2026-5918Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote ...04/09/202604/09/2026356450
CVE-2026-5915Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed ...04/09/202604/09/2026356448
CVE-2026-5914Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a us ...04/09/202604/09/2026356452
CVE-2026-5913Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to per ...04/09/202604/09/2026356447
CVE-2026-5912Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perf ...04/09/202604/09/2026356446
CVE-2026-5911Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ...04/09/202604/09/2026356449
CVE-2026-5910Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten ...04/09/202604/09/2026356444
CVE-2026-5909Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten ...04/09/202604/09/2026356445
CVE-2026-5908Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten ...04/09/202604/09/2026356442
CVE-2026-5907Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attac ...04/09/202604/09/2026356443
CVE-2026-5906Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote ...04/09/202604/09/2026356401
CVE-2026-5905Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a re ...04/09/202604/09/2026356441
CVE-2026-5904Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a use ...04/09/202604/09/2026356453
CVE-2026-5903Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who ...04/09/202604/09/2026356440
CVE-2026-5902Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had c ...04/09/202604/09/2026356400
CVE-2026-5901Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attac ...04/09/202604/09/2026356439
CVE-2026-5900Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypa ...04/09/202604/09/2026356438
CVE-2026-5899Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowe ...04/09/202604/09/2026356454
CVE-2026-5898Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att ...04/09/202604/09/2026356437
CVE-2026-5897Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker ...04/09/202604/09/2026356436
CVE-2026-5896Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinc ...04/09/202604/09/2026356435
CVE-2026-5895Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att ...04/09/202604/09/2026356433
CVE-2026-5894Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacke ...04/09/202604/09/2026356432
CVE-2026-5893Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit ...04/09/202604/09/2026356459
CVE-2026-5892Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote att ...04/09/202604/09/2026356404
CVE-2026-5891Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo ...04/09/202604/09/2026356403
CVE-2026-5890Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potent ...04/09/202604/09/2026356434
CVE-2026-5889Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read pot ...04/09/202604/09/2026356431
CVE-2026-5888Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ...04/09/202604/09/2026356430
CVE-2026-5887Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7 ...04/09/202604/09/2026356427
CVE-2026-5886Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attac ...04/09/202604/09/2026356429
CVE-2026-5885Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727. ...04/09/202604/09/2026356428
CVE-2026-5884Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed ...04/09/202604/09/2026356426
CVE-2026-5883Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ...04/09/202604/09/2026356425
CVE-2026-5882Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacke ...04/09/202604/09/2026356424
CVE-2026-5881Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacke ...04/09/202604/09/2026356455
CVE-2026-5880Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo ...04/09/202604/09/2026356402
CVE-2026-5879Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 a ...04/09/202604/09/2026356422
CVE-2026-5878Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ...04/09/202604/09/2026356458
CVE-2026-5877Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ex ...04/09/202604/09/2026356421
CVE-2026-5876Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a rem ...04/09/202604/09/2026356423
CVE-2026-5875Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform ...04/09/202604/09/2026356457
CVE-2026-5874Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who co ...04/09/202604/09/2026356420
CVE-2026-5873Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker ...04/09/202604/09/2026356418
CVE-2026-5872Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ...04/09/202604/09/2026356419
CVE-2026-5871Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar ...04/09/202604/09/2026356417
CVE-2026-5870Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut ...04/09/202604/09/2026356416
CVE-2026-5869Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o ...04/09/202604/09/2026356415
CVE-2026-5868Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attack ...04/09/202604/09/2026356414
CVE-2026-5867Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o ...04/09/202604/09/2026356413
CVE-2026-5866Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ...04/09/202604/09/2026356411
CVE-2026-5865Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar ...04/09/202604/09/2026356412
CVE-2026-5864Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker t ...04/09/202604/09/2026356410
CVE-2026-5863Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker ...04/09/202604/09/2026356409
CVE-2026-5862Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker ...04/09/202604/09/2026356408
CVE-2026-5861Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar ...04/09/202604/09/2026356407
CVE-2026-5860Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut ...04/09/202604/09/2026356405
CVE-2026-5859Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten ...04/09/202604/09/2026356406
CVE-2026-5858Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to e ...04/09/202604/09/2026356456
CVE-2026-5810A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown funct ...04/09/202604/09/2026356246
CVE-2026-5808A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae63405933 ...04/09/202604/09/2026356245
CVE-2026-5806A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unkn ...04/09/202604/09/2026356244
CVE-2026-5711The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 's ...04/09/202604/09/2026356485
CVE-2026-40037OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetc ...04/09/202604/09/2026356484
CVE-2026-40036Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py ...04/09/202604/09/2026356467
CVE-2026-40035Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that en ...04/09/202604/09/2026356463
CVE-2026-40032UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in t ...04/09/202604/09/2026356483
CVE-2026-40031MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-l ...04/09/202604/09/2026356462
CVE-2026-40030parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path ar ...04/09/202604/09/2026356482
CVE-2026-40029parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file p ...04/09/202604/09/2026356481
CVE-2026-40028Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML repo ...04/09/202604/09/2026356495
CVE-2026-40027ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerabili ...04/09/202604/09/2026356471
CVE-2026-40026The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem ...04/09/202604/09/2026356470
CVE-2026-40025The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem ke ...04/09/202604/09/2026356469
CVE-2026-40024The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an ...04/09/202604/09/2026356468
CVE-2026-39901monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a tra ...04/09/202604/09/2026356486
CVE-2026-5805A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an ...04/09/202604/09/2026356243
CVE-2026-5451The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...04/09/202604/09/2026356489
CVE-2026-5436The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to ...04/09/202604/09/2026356460
CVE-2026-39892cryptography is a package designed to expose cryptographic primitives and recipes to Python develope ...04/09/202604/09/2026356464
CVE-2026-39891PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function ...04/09/202604/09/2026356488
CVE-2026-39890PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method ...04/09/202604/09/2026356466
CVE-2026-39889PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream serv ...04/09/202604/09/2026356487
CVE-2026-39888PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.p ...04/09/202604/09/2026356461
CVE-2026-39885FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the m ...04/09/202604/09/2026356497
CVE-2026-39883OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2 ...04/09/202604/09/2026343871
CVE-2026-39882OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters ...04/09/202604/09/2026356472
CVE-2026-39860Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allow ...04/09/202604/09/2026256417
CVE-2026-2104GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 ...04/09/202604/09/2026356476
CVE-2026-1752GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 bef ...04/09/202604/09/2026356475
CVE-2026-1516GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 b ...04/09/202604/09/2026356474
CVE-2026-1101GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 bef ...04/09/202604/09/2026356399
CVE-2026-1092GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 ...04/09/202604/09/2026356398
CVE-2026-5813A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affe ...04/09/202604/09/2026356261
CVE-2026-5815A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_ma ...04/09/202604/09/2026356263
CVE-2026-5814A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue ...04/09/202604/09/2026356262
CVE-2026-5803A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f38934 ...04/08/202604/08/2026356242
CVE-2026-39881Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerabilit ...04/08/202604/09/2026356390
CVE-2026-39844NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward ...04/08/202604/09/2026356381
CVE-2026-39429kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and containe ...04/08/202604/09/2026356389
CVE-2026-39416AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. P ...04/08/202604/09/2026356496
CVE-2026-39415Frappe Learning Management System (LMS) is a learning system that helps users structure their conten ...04/08/202604/09/2026356395
CVE-2026-39414MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEA ...04/08/202604/09/2026356388
CVE-2026-39412LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4 ...04/08/202604/09/2026356473
CVE-2026-39411LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow ...04/08/202604/09/2026356490
CVE-2026-39362InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DO ...04/08/202604/08/2026356037
CVE-2026-35525LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3 ...04/08/202604/09/2026356392
CVE-2026-35479InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who hav ...04/08/202604/09/2026356493
CVE-2026-35478InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authentica ...04/08/202604/09/2026356391
CVE-2026-35477InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-2 ...04/08/202604/09/2026356387
CVE-2026-35476InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authe ...04/08/202604/09/2026356386
CVE-2026-23869A denial of service vulnerability exists in React Server Components, affecting the following package ...04/08/202604/09/2026356384
CVE-2026-5802A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of ...04/08/202604/08/2026356241
CVE-2026-39880Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7. ...04/08/202604/09/2026356385
CVE-2026-39864Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an ou ...04/08/202604/09/2026356383
CVE-2026-39863Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8. ...04/08/202604/09/2026356382
CVE-2026-39862Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code e ...04/08/202604/09/2026356492
CVE-2026-39859LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3 ...04/08/202604/09/2026356267
CVE-2026-39413LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API ...04/08/202604/09/2026356394
CVE-2026-35455immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStore ...04/08/202604/08/2026356372
CVE-2026-35446LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...04/08/202604/08/2026356363
CVE-2026-35403LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...04/08/202604/08/2026356371
CVE-2026-35400LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...04/08/202604/08/2026356367
CVE-2026-35169LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...04/08/202604/08/2026356370
CVE-2026-35165LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...04/08/202604/08/2026356366
CVE-2026-34985LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...04/08/202604/08/2026356368
CVE-2026-34837Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint ...04/08/202604/08/2026356365
CVE-2026-34782Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the RE ...04/08/202604/08/2026356364
CVE-2026-20709Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Serie ...04/08/202604/08/2026356369
CVE-2026-39851Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, th ...04/08/202604/08/2026356344
CVE-2026-35407Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a ...04/08/202604/08/2026356343
CVE-2026-35401Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a m ...04/08/202604/08/2026356342
CVE-2026-2942The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missin ...04/08/202604/08/2026356330
CVE-2026-0814The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due ...04/08/202604/08/2026356334
CVE-2026-0811The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in a ...04/08/202604/08/2026356353
CVE-2026-34724Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side te ...04/08/202604/08/2026356331
CVE-2026-34723Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauth ...04/08/202604/08/2026356336
CVE-2026-34722Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the us ...04/08/202604/08/2026356341
CVE-2026-34721Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OA ...04/08/202604/08/2026356333
CVE-2026-34720Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SS ...04/08/202604/08/2026356340
CVE-2026-34719Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the we ...04/08/202604/08/2026356355
CVE-2026-34718Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HT ...04/08/202604/08/2026356339
CVE-2026-34392LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...04/08/202604/08/2026356352
CVE-2026-34248Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in sha ...04/08/202604/08/2026356338
CVE-2026-34166LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3 ...04/08/202604/08/2026356337
CVE-2026-33350LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...04/08/202604/08/2026356351
CVE-2026-30818An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an au ...04/08/202604/08/2026356350
CVE-2026-30817An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows ...04/08/202604/08/2026356349
CVE-2026-30816An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allo ...04/08/202604/08/2026356348
CVE-2026-30815An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an a ...04/08/202604/08/2026356335
CVE-2026-30814A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authent ...04/08/202604/08/2026356332
CVE-2026-27806Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk e ...04/08/202604/08/2026356354
CVE-2026-33756Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Sal ...04/08/202604/08/2026356302
CVE-2026-33466Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitra ...04/08/202604/08/2026356301
CVE-2026-33459Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Al ...04/08/202604/08/2026356305
CVE-2026-33458Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An ...04/08/202604/08/2026356314
CVE-2026-32591A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administr ...04/08/202604/08/2026356300
CVE-2026-32590A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload p ...04/08/202604/08/2026356304
CVE-2026-32589A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push a ...04/08/202604/08/2026356303
CVE-2026-4498Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can ...04/08/202604/08/2026356285
CVE-2026-33461Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse ( ...04/08/202604/08/2026356279
CVE-2026-33460Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privi ...04/08/202604/08/2026356280
CVE-2026-31017A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNe ...04/08/202604/08/2026356283
CVE-2026-30075OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport ...04/08/202604/08/2026356282
CVE-2026-2377A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by provi ...04/08/202604/08/2026356284
CVE-2026-4837An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions cou ...04/08/202604/08/2026356268
CVE-2026-30080OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configurati ...04/08/202604/08/2026356269
CVE-2026-33753rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. ...04/08/202604/08/2026356264
CVE-2026-33229XWiki Platform is a generic wiki platform offering runtime services for applications built on top of ...04/08/202604/08/2026356265
CVE-2026-31040A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-s ...04/08/202604/08/2026356266
CVE-2026-39865Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.2, Axios HTTP/2 sess ...04/08/202604/08/2026356249
CVE-2026-39410Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12. ...04/08/202604/08/2026356248
CVE-2026-39409Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12. ...04/08/202604/08/2026356252
CVE-2026-39408Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12. ...04/08/202604/08/2026356250
CVE-2026-39407Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12. ...04/08/202604/08/2026356251
CVE-2026-39406@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling ...04/08/202604/08/2026356247
CVE-2026-39394CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...04/08/202604/08/2026356258
CVE-2026-39393CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...04/08/202604/08/2026356257
CVE-2026-39392CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...04/08/202604/08/2026356254
CVE-2026-39391CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...04/08/202604/08/2026356256
CVE-2026-39390CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...04/08/202604/08/2026356253
CVE-2026-39389CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...04/08/202604/08/2026356255

2025

CVEDescriptionSubmissionModerationEntry
CVE-2025-66447Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicio ...04/10/202604/10/2026356898
CVE-2025-44560owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.04/10/202604/10/2026356831
CVE-2025-5804Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...04/10/202604/10/2026315593
CVE-2025-58920Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...04/10/202604/10/2026356820
CVE-2025-58913Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...04/10/202604/10/2026341185
CVE-2025-14545The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via ...04/10/202604/10/2026356800
CVE-2025-59969A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanc ...04/10/202604/10/2026356738
CVE-2025-13914A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Netw ...04/10/202604/10/2026356699
CVE-2025-13926An attacker could use data obtained by sniffing the network traffic to forge packets in order to ma ...04/09/202604/09/2026356685
CVE-2025-70797Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execut ...04/09/202604/09/2026356641
CVE-2025-63238A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to t ...04/09/202604/09/2026356627
CVE-2025-70365A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output ...04/09/202604/09/2026356614
CVE-2025-70364An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execu ...04/09/202604/09/2026356611
CVE-2025-15480In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during cra ...04/09/202604/09/2026356575
CVE-2025-14551In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. U ...04/09/202604/09/2026356574
CVE-2025-70811Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute ...04/09/202604/09/2026356585
CVE-2025-70810Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute ...04/09/202604/09/2026356584
CVE-2025-62718Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, Axios does not co ...04/09/202604/09/2026356581
CVE-2025-50228Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and ...04/09/202604/09/2026356589
CVE-2025-45806A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers ...04/09/202604/09/2026356565
CVE-2025-57735When user logged out, the JWT token the user had authtenticated with was not invalidated, which coul ...04/09/202604/09/2026356519
CVE-2025-62188An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache Dolphin ...04/09/202604/09/2026356516
CVE-2025-9484GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 bef ...04/09/202604/09/2026356397
CVE-2025-12664GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 ...04/09/202604/09/2026356396
CVE-2025-50673A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...04/08/202604/08/2026356362
CVE-2025-50672A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para ...04/08/202604/08/2026356361
CVE-2025-50671A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para ...04/08/202604/08/2026356347
CVE-2025-50670A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para ...04/08/202604/08/2026356346
CVE-2025-50669A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to i ...04/08/202604/08/2026356360
CVE-2025-50668A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...04/08/202604/08/2026356359
CVE-2025-50667A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...04/08/202604/08/2026356358
CVE-2025-50666A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of mult ...04/08/202604/08/2026356345
CVE-2025-50665A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of inpu ...04/08/202604/08/2026356313
CVE-2025-50664A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para ...04/08/202604/08/2026356312
CVE-2025-50663A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...04/08/202604/08/2026356357
CVE-2025-50662A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...04/08/202604/08/2026356356
CVE-2025-50661A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of mult ...04/08/202604/08/2026356311
CVE-2025-50660A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...04/08/202604/08/2026356327
CVE-2025-50659A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...04/08/202604/08/2026356326
CVE-2025-50657A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...04/08/202604/08/2026356325
CVE-2025-50655A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...04/08/202604/08/2026356328
CVE-2025-50654A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of th ...04/08/202604/08/2026356324
CVE-2025-50653A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...04/08/202604/08/2026356323
CVE-2025-50652An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /savep ...04/08/202604/08/2026356322
CVE-2025-50650A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of ...04/08/202604/08/2026356321
CVE-2025-50649A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation ...04/08/202604/08/2026356320
CVE-2025-50648A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validati ...04/08/202604/08/2026356319
CVE-2025-50647A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of ...04/08/202604/08/2026356318
CVE-2025-50646A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input valida ...04/08/202604/08/2026356317
CVE-2025-50645A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflo ...04/08/202604/08/2026356310
CVE-2025-50644A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of us ...04/08/202604/08/2026356316
CVE-2025-30650A Missing Authentication for Critical Function vulnerability in command processing of Juniper Netwo ...04/08/202604/08/2026356299
CVE-2025-52222D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 ...04/08/202604/08/2026356309
CVE-2025-52221Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the func ...04/08/202604/08/2026356315
CVE-2025-45059D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the t ...04/08/202604/08/2026356308
CVE-2025-45058D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the j ...04/08/202604/08/2026356307
CVE-2025-45057D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the i ...04/08/202604/08/2026356306
CVE-2025-57175Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root passwor ...04/08/202604/08/2026356286
CVE-2025-14243A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, rem ...04/08/202604/08/2026356281

2024

CVEDescriptionSubmissionModerationEntry
CVE-2024-1490An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the ...04/09/202604/09/2026356518

2023

CVEDescriptionSubmissionModerationEntry
CVE-2023-54364Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenti ...04/09/202604/10/2026356727
CVE-2023-54363Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthent ...04/09/202604/10/2026356725
CVE-2023-54362Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that ...04/09/202604/10/2026356724
CVE-2023-54361Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allo ...04/09/202604/10/2026356723
CVE-2023-54360Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attacke ...04/09/202604/10/2026356722
CVE-2023-54359WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that all ...04/09/202604/10/2026356701
CVE-2023-54358WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that all ...04/09/202604/10/2026356711
CVE-2023-46945QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request04/08/202604/08/2026356287

2021

CVEDescriptionSubmissionModerationEntry
CVE-2021-47961A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows ...04/10/202604/10/2026356809
CVE-2021-47960A files or directories accessible to external parties vulnerability in Synology SSL VPN Client befor ...04/10/202604/10/2026356814

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!