CVEजानकारी

2026

CVEविवरणसबमिशनसंयमप्रविष्टि
CVE-2026-15475A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is ...12/07/202612/07/2026377780
CVE-2026-15474A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unkn ...12/07/202612/07/2026377779
CVE-2026-15473A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some ...12/07/202612/07/2026377778
CVE-2026-15472A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affec ...12/07/202612/07/2026377777
CVE-2026-15471A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part ...12/07/202612/07/2026377776
CVE-2026-15470A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue i ...12/07/202612/07/2026377775
CVE-2026-58281Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized atta ...11/07/202611/07/2026377832
CVE-2026-10660The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assist ...11/07/202611/07/2026377831
CVE-2026-61870ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory ...11/07/202611/07/2026377830
CVE-2026-61861ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption m ...11/07/202611/07/2026377825
CVE-2026-61858ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and exter ...11/07/202611/07/2026377827
CVE-2026-61857ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null ...11/07/202611/07/2026377826
CVE-2026-61465ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation l ...11/07/202611/07/2026377822
CVE-2026-61454The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript vari ...11/07/202611/07/2026377828
CVE-2026-61448Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions = 9.0 ...11/07/202611/07/2026377829
CVE-2026-61447PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_pyt ...11/07/202611/07/2026377820
CVE-2026-61445PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in t ...11/07/202611/07/2026377824
CVE-2026-61442PraisonAI Platform (praisonai-platform) before 0.1.9 fails to enforce owner/admin authorization ...11/07/202611/07/2026377823
CVE-2026-61439PraisonAI versions before 4.6.78 contain a prompt injection defense misconfiguration where the b ...11/07/202611/07/2026377821
CVE-2026-61429PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Craw ...11/07/202611/07/2026377819
CVE-2026-61428PraisonAI AgentMail versions before 4.6.78 lack signature verification in webhook mode, allowing ...11/07/202611/07/2026377816
CVE-2026-61426PraisonAI before 1.7.3 contains an insecure default configuration that binds to all interfaces w ...11/07/202611/07/2026377814
CVE-2026-60090PraisonAI before 4.6.78 fails to validate the caller-controlled dimension argument in the PGVect ...11/07/202611/07/2026377813
CVE-2026-60088PraisonAI before 4.6.78 fails to validate file path references in custom command templates, allo ...11/07/202611/07/2026377815
CVE-2026-56763Hono before 4.12.7 allows __proto__ key in parseBody with dot option enabled, permitting special ...11/07/202611/07/2026377812
CVE-2026-56372ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operati ...11/07/202611/07/2026377811
CVE-2026-56303Capgo before 12.128.2 contains an information disclosure vulnerability in the find_apikey_by_val ...11/07/202611/07/2026377810
CVE-2026-56296Cap-go before 12.128.2 contains an information disclosure vulnerability in the public.transfer_a ...11/07/202611/07/2026377817
CVE-2026-56240Capgo before 12.128.12 contains a billing authorization bypass vulnerability in the plan_valid c ...11/07/202611/07/2026377818
CVE-2026-57828The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload tha ...11/07/202611/07/2026377786
CVE-2026-57827The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allo ...11/07/202611/07/2026377784
CVE-2026-1359The Genolve AI image AI video generation plugin for WordPress is vulnerable to unauthorized mo ...11/07/202611/07/2026377774
CVE-2026-6939The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Sit ...11/07/202611/07/2026377772
CVE-2026-6801The Context Blog theme for WordPress is vulnerable to Sensitive Information Exposure in all vers ...11/07/202611/07/2026377765
CVE-2026-4661The WP CTA Sticky CTA Builder, Generate Leads, Promote Sales plugin for WordPress is vulnerabl ...11/07/202611/07/2026377770
CVE-2026-1382The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the &# ...11/07/202611/07/2026377771
CVE-2026-15155The Essential Addons for Elementor Popular Elementor Templates Widgets plugin for WordPress ...11/07/202611/07/2026377768
CVE-2026-12994The WCFM Frontend Manager for WooCommerce plugin for WordPress is vulnerable to authorization ...11/07/202611/07/2026377767
CVE-2026-9282The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up ...11/07/202611/07/2026377766
CVE-2026-9017The NEX-Forms Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to author ...11/07/202611/07/2026377769
CVE-2026-15010The bbp Style Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions ...11/07/202611/07/2026377773
CVE-2026-12738The WP Easy Pay Payment and Donation form Builder for Square plugin for WordPress is vulnerabl ...11/07/202611/07/2026377760
CVE-2026-12126The WCFM Marketplace Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerabl ...11/07/202611/07/2026377763
CVE-2026-12103The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all ver ...11/07/202611/07/2026377762
CVE-2026-11901The WP Hotel Booking plugin for WordPress is vulnerable to Insufficient Verification of Data Aut ...11/07/202611/07/2026377756
CVE-2026-11898The White Label CMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin ...11/07/202611/07/2026377764
CVE-2026-11591The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...11/07/202611/07/2026377761
CVE-2026-10865The Cost Calculator Builder plugin for WordPress is vulnerable to Sensitive Information Exposure ...11/07/202611/07/2026377758
CVE-2026-10041The WCFM Frontend Manager for WooCommerce plugin for WordPress is vulnerable to Insecure Direc ...11/07/202611/07/2026377757
CVE-2026-7655The SureCart plugin for WordPress is vulnerable to privilege escalation via account takeover in ...11/07/202611/07/2026377753
CVE-2026-13378The Form Vibes Database Manager for Forms plugin for WordPress is vulnerable to Stored Cross-S ...11/07/202611/07/2026377754
CVE-2026-9738The Print, PDF, Email by PrintFriendly plugin for WordPress is vulnerable to Stored Cross-Site S ...11/07/202611/07/2026377752
CVE-2026-7620The Notification for Telegram plugin for WordPress is vulnerable to authorization bypass in all ...11/07/202611/07/2026377751
CVE-2026-7559The Affilia Affiliate Program Referral Tracking for WordPress plugin for WordPress is vulner ...11/07/202611/07/2026377750
CVE-2026-6804The AI Chatbot Workflow Automation by AIWU plugin for WordPress is vulnerable to authorization ...11/07/202611/07/2026377749
CVE-2026-6803The AI Chatbot Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Autho ...11/07/202611/07/2026377748
CVE-2026-3576The Planyo Online Reservation System plugin for WordPress is vulnerable to Server-Side Request F ...11/07/202611/07/2026377746
CVE-2026-3552The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data mod ...11/07/202611/07/2026377747
CVE-2026-2354The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a fl ...11/07/202611/07/2026377745
CVE-2026-1832The ThriveDesk Live Chat, AI Chatbot, Helpdesk Knowledge Base plugin for WordPress is vulner ...11/07/202611/07/2026377740
CVE-2026-15335The Booking Package plugin for WordPress is vulnerable to generic SQL Injection via 'email& ...11/07/202611/07/2026377737
CVE-2026-15097The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ' ...11/07/202611/07/2026377744
CVE-2026-15096The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Mo ...11/07/202611/07/2026377743
CVE-2026-14262The Simple JWT Login Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerab ...11/07/202611/07/2026377739
CVE-2026-13250The Solace Extra plugin for WordPress is vulnerable to authorization bypass in all versions up t ...11/07/202611/07/2026377736
CVE-2026-13116The PDF Invoices Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure ...11/07/202611/07/2026377738
CVE-2026-12141The Premium Addons for Elementor Powerful Elementor Templates Widgets plugin for WordPress i ...11/07/202611/07/2026377742
CVE-2026-8678The MyParcel plugin for WordPress is vulnerable to authorization bypass in all versions up to, a ...11/07/202611/07/2026377727
CVE-2026-7544The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in a ...11/07/202611/07/2026377731
CVE-2026-5743The SimpLy Gallery Block Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scri ...11/07/202611/07/2026377734
CVE-2026-3367The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site ...11/07/202611/07/2026377735
CVE-2026-15338The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusi ...11/07/202611/07/2026377726
CVE-2026-15073The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to ge ...11/07/202611/07/2026377730
CVE-2026-15072The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to ge ...11/07/202611/07/2026377729
CVE-2026-13353The WP Ultimate CSV Importer WordPress Import Export for CSV, XML Excel plugin for WordPre ...11/07/202611/07/2026377725
CVE-2026-13262The Majestic Support The Leading-Edge Help Desk Customer Support Plugin plugin for WordPress ...11/07/202611/07/2026377728
CVE-2026-13114The Motors Car Dealership Classified Listings Plugin plugin for WordPress is vulnerable to S ...11/07/202611/07/2026377733
CVE-2026-12426The Members Membership User Role Editor Plugin plugin for WordPress is vulnerable to Sensiti ...11/07/202611/07/2026377724
CVE-2026-10628The Points and Rewards for WooCommerce plugin for WordPress is vulnerable to authorization bypas ...11/07/202611/07/2026377732
CVE-2026-13756The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions u ...11/07/202611/07/2026377722
CVE-2026-11426The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all v ...11/07/202611/07/2026377723
CVE-2026-59155Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O M tool. ...11/07/202611/07/2026377713
CVE-2026-58591Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377719
CVE-2026-58590Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affe ...11/07/202611/07/2026377721
CVE-2026-58589Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue affe ...11/07/202611/07/2026377715
CVE-2026-58588Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377718
CVE-2026-58587Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377717
CVE-2026-55884Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.20.8 through 0 ...11/07/202611/07/2026377714
CVE-2026-55883Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0 ...11/07/202611/07/2026377720
CVE-2026-55882Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0 ...11/07/202611/07/2026377716
CVE-2026-55810Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11/07/202611/07/2026377712
CVE-2026-55809Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11/07/202611/07/2026377706
CVE-2026-55808Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377710
CVE-2026-55807Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal core allows Server Side Reques ...11/07/202611/07/2026377708
CVE-2026-55806URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal cor ...11/07/202611/07/2026377705
CVE-2026-55804Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11/07/202611/07/2026377704
CVE-2026-55803Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11/07/202611/07/2026377703
CVE-2026-55187Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shippe ...11/07/202611/07/2026377709
CVE-2026-52761ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, ...11/07/202611/07/2026377707
CVE-2026-52747ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, ...11/07/202611/07/2026377702
CVE-2026-49213TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in pack ...11/07/202611/07/2026377711
CVE-2026-44795Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0 ...11/07/202611/07/2026377695
CVE-2026-15085Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377700
CVE-2026-15084Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377699
CVE-2026-15083Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11/07/202611/07/2026377694
CVE-2026-15082Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377698
CVE-2026-15081Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v ...11/07/202611/07/2026377693
CVE-2026-15080Cross-Site Request Forgery (CSRF) vulnerability in Drupal Ray Enterprise Translation allows Cros ...11/07/202611/07/2026377697
CVE-2026-15079Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Login Disable ...11/07/202611/07/2026377696
CVE-2026-13244Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11/07/202611/07/2026377692
CVE-2026-13243Cross-Site Request Forgery (CSRF) vulnerability in Drupal Salesforce Suite allows Cross Site Req ...11/07/202611/07/2026377701
CVE-2026-13242Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') v ...11/07/202611/07/2026377690
CVE-2026-13241Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue af ...11/07/202611/07/2026377691
CVE-2026-13240Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue af ...11/07/202611/07/2026377688
CVE-2026-13239Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affect ...11/07/202611/07/2026377687
CVE-2026-13238Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forcefu ...11/07/202611/07/2026377684
CVE-2026-13237Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue a ...11/07/202611/07/2026377683
CVE-2026-13236Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue aff ...11/07/202611/07/2026377686
CVE-2026-13235Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Brows ...11/07/202611/07/2026377682
CVE-2026-13234Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377689
CVE-2026-13233Server-Side Request Forgery (SSRF) vulnerability in Drupal OpenAI Provider allows Server Side Re ...11/07/202611/07/2026377685
CVE-2026-13232Incorrect Authorization vulnerability in Drupal Advanced Content Feedback (aka admin_feedback) a ...11/07/202611/07/2026377674
CVE-2026-13231Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377680
CVE-2026-12535Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...11/07/202611/07/2026377675
CVE-2026-11909Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. ...11/07/202611/07/2026377677
CVE-2026-11908Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377679
CVE-2026-10770Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377678
CVE-2026-10769Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting ) vulnerabili ...11/07/202611/07/2026377676
CVE-2026-10768Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This ...11/07/202611/07/2026377681
CVE-2026-14480OpenPLC Runtime v3 contains an authenticated arbitrary file write vulnerability in the legacy w ...11/07/202611/07/2026377673
CVE-2026-14286This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.11/07/202611/07/2026
 
CVE-2026-55175Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1. ...11/07/202611/07/2026377664
CVE-2026-44383Multiple connections to the backend using the same charging station ID are allowed, which could ...11/07/202611/07/2026377670
CVE-2026-42952Previously, there was no throttling on repeated authentication attempts to the charging station ...11/07/202611/07/2026377672
CVE-2026-20744The charging station websocket endpoint accepts connections without proper authentication, whic ...11/07/202611/07/2026377671
CVE-2026-15089vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest r ...11/07/202611/07/2026377666
CVE-2026-15087vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.11/07/202611/07/2026377669
CVE-2026-15086vulnerability in Drupal Raw Formatter [Meta Tag Formatter] allows . This issue affects Raw Forma ...11/07/202611/07/2026377668
CVE-2026-11915vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force at ...11/07/202611/07/2026377665
CVE-2026-11914vulnerability in Drupal Composer allows . This issue affects Composer versions: *.*.11/07/202611/07/2026377667
CVE-2026-11913vulnerability in Drupal Mother May I allows . This issue affects Mother May I versions: *.*.11/07/202611/07/2026377663
CVE-2026-58503Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeratio ...10/07/202611/07/2026377662
CVE-2026-57584Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC appl ...10/07/202611/07/2026377654
CVE-2026-55852Frappe is a full-stack web application framework. Prior to 16.23.0 and 15.112.0, TarSlip RCE was ...10/07/202611/07/2026377656
CVE-2026-54736Phalcon is a high-performance, full-stack PHP framework. Prior to 5.14.1, Phalcon\Encryption\Cry ...10/07/202610/07/2026377653
CVE-2026-49844Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Ap ...10/07/202610/07/2026377652
CVE-2026-49394Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was pos ...10/07/202611/07/2026377660
CVE-2026-48127Frappe is a full-stack web application framework. Prior to 16.20.0 and 15.110.0, users without w ...10/07/202611/07/2026377659
CVE-2026-47422Frappe is a full-stack web application framework. Prior to 15.107.5 and 16.18.2, an endpoint in ...10/07/202611/07/2026377658
CVE-2026-47199Frappe is a full-stack web application framework. Prior to 16.18.3 and 15.108.0, check_safe_sql_ ...10/07/202611/07/2026377655
CVE-2026-42219Frappe is a full-stack web application framework. Prior to 16.19.0 and 15.109.0, path traversal ...10/07/202611/07/2026377657
CVE-2026-41482Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and ...10/07/202611/07/2026377661
CVE-2026-9726Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ...10/07/202610/07/2026377645
CVE-2026-7639Software installed and run as a non-privileged user may conduct a sequence of improper GPU syste ...10/07/202610/07/2026377651
CVE-2026-58499EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in ...10/07/202610/07/2026377647
CVE-2026-57575Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains ...10/07/202610/07/2026377650
CVE-2026-57574Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains ...10/07/202610/07/2026377646
CVE-2026-57230OpenReplay is a self-hosted session replay suite. Prior to 1.27.0, the session search and analyt ...10/07/202610/07/2026377649
CVE-2026-55881OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returne ...10/07/202610/07/2026377648
CVE-2026-55880OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and not ...10/07/202610/07/2026377641
CVE-2026-55879OpenReplay is a self-hosted session replay suite. From 1.24.0 before 1.25.0, the OpenReplay trac ...10/07/202610/07/2026377643
CVE-2026-55665Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist conta ...10/07/202610/07/2026377637
CVE-2026-55664Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /fo ...10/07/202610/07/2026377635
CVE-2026-55659Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several ser ...10/07/202610/07/2026377636
CVE-2026-55213h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4 ...10/07/202610/07/2026377640
CVE-2026-45203Kernel software installed and running inside a Host VM may post improper commands to the GPU Fir ...10/07/202610/07/2026377638
CVE-2026-45196Kernel software installed and running inside a Host VM may post improper commands to the GPU Fir ...10/07/202610/07/2026377644
CVE-2026-41154Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes ...10/07/202610/07/2026377639
CVE-2026-34196Software installed and run as a non-privileged user may conduct improper GPU system calls to cau ...10/07/202610/07/2026377642
CVE-2026-57807Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security So ...10/07/202610/07/2026377633
CVE-2026-57221RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, Rabbi ...10/07/202610/07/2026377630
CVE-2026-57220RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does ...10/07/202610/07/2026377628
CVE-2026-57219RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, the o ...10/07/202610/07/2026377634
CVE-2026-57218RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an exis ...10/07/202610/07/2026377632
CVE-2026-57217RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.21, 4.1.11, and 4.2.6, Rabbi ...10/07/202610/07/2026377631
CVE-2026-57216RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP ...10/07/202610/07/2026377629
CVE-2026-57215RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, Rabbi ...10/07/202610/07/2026377625
CVE-2026-57214RabbitMQ is a messaging and streaming broker. Prior to 4.2.5, the RabbitMQ management UI renders ...10/07/202610/07/2026377624
CVE-2026-57213RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the r ...10/07/202610/07/2026377627
CVE-2026-57212RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the r ...10/07/202610/07/2026377623
CVE-2026-57211RabbitMQ is a messaging and streaming broker. Prior to 4.1.11 and 4.2.6 on Windows, the RabbitMQ ...10/07/202610/07/2026377626
CVE-2026-55405LangChain4j is a Java library for building LLM-powered applications on the JVM. Prior to 1.2.1- ...10/07/202610/07/2026377621
CVE-2026-55233OpenResty is a high performance web platform. From 1.29.2.1 to before 1.29.2.5, an out-of-bounds ...10/07/202610/07/2026377622
CVE-2026-55229Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /fo ...10/07/202610/07/2026372589
CVE-2026-13039The Eventin Event Calendar, Event Registration, Tickets Booking (AI Powered) plugin for Word ...10/07/202610/07/2026377619
CVE-2026-12761The miniOrange Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPre ...10/07/202610/07/2026377620
CVE-2026-57850RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the serve ...10/07/202610/07/2026377612
CVE-2026-57158FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, Free ...10/07/202610/07/2026377617
CVE-2026-57157FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server ...10/07/202610/07/2026377616
CVE-2026-57156FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0 on 32-bit build ...10/07/202610/07/2026377615
CVE-2026-55827FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.27.1, FreeRDP client ...10/07/202610/07/2026377614
CVE-2026-55789Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...10/07/202610/07/2026377613
CVE-2026-55515Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report ...10/07/202610/07/2026377618
CVE-2026-55481Snipe-IT is an IT asset/license management system. Prior to 8.6.2, default.blade.php renders hea ...10/07/202610/07/2026377610
CVE-2026-55479Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the legacy single-seat licens ...10/07/202610/07/2026377611
CVE-2026-55475Snipe-IT is an IT asset/license management system. Prior to 8.6.1, the Importer API endpoint all ...10/07/202610/07/2026377609
CVE-2026-55469Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated user with im ...10/07/202610/07/2026377608
CVE-2026-55466Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes S ...10/07/202610/07/2026377600
CVE-2026-55462Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UsersController::show() and p ...10/07/202610/07/2026377607
CVE-2026-55461Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the user edit flow stores url ...10/07/202610/07/2026377604
CVE-2026-55452Snipe-IT is an IT asset/license management system. Prior to 8.5.0, Actionlog::logaction() stores ...10/07/202610/07/2026377606
CVE-2026-55377Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...10/07/202610/07/2026377603
CVE-2026-55370Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logt ...10/07/202610/07/2026377602
CVE-2026-54714Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @log ...10/07/202610/07/2026377601
CVE-2026-15295The WordPress Infinite Scroll Ajax Load More plugin for WordPress is vulnerable to Stored Cros ...10/07/202610/07/2026377605
CVE-2026-11321The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field v ...10/07/202610/07/2026377599
CVE-2026-6212Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies ...10/07/202610/07/2026377598
CVE-2026-61460Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadContr ...10/07/202610/07/2026377597
CVE-2026-61459MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured to ...10/07/202610/07/2026377596
CVE-2026-55843Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update() pas ...10/07/202610/07/2026377595
CVE-2026-55516Snipe-IT is an IT asset/license management system. Prior to 8.6.2, PATCH or PUT /api/v1/maintena ...10/07/202610/07/2026377594
CVE-2026-55478Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/{kit_id}/li ...10/07/202610/07/2026377593
CVE-2026-55476Snipe-IT is an IT asset/license management system. Prior to 8.6.0, POST /account/request/{itemTy ...10/07/202610/07/2026377592
CVE-2026-55474Snipe-IT is an IT asset/license management system. Prior to 8.5.0, ActionlogController::displayS ...10/07/202610/07/2026377591
CVE-2026-55472Snipe-IT is an IT asset/license management system. Prior to 8.6.2, when Full Multiple Companies ...10/07/202610/07/2026377590
CVE-2026-55464Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML b ...10/07/202610/07/2026377589
CVE-2026-55460Snipe-IT is an IT asset/license management system. Prior to 8.6.2, an authenticated non-admin us ...10/07/202610/07/2026377588
CVE-2026-54329Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create pa ...10/07/202610/07/2026377587
CVE-2026-15146GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FT ...10/07/202610/07/2026377586
CVE-2026-57476Deloitte AI Assist for Customer exposed unauthenticated API endpoints that allowed an attacker w ...10/07/202610/07/2026377584
CVE-2026-57475Deloitte AI Assist for Customer accepted unauthenticated POST requests through public-facing API ...10/07/202610/07/2026377583
CVE-2026-57474Deloitte AI Assist for Customer disclosed some configuration information through public-facing A ...10/07/202610/07/2026377577
CVE-2026-6872** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes ...10/07/202610/07/2026
 
CVE-2026-61461Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backen ...10/07/202610/07/2026377581
CVE-2026-5801Improper neutralization of special elements used in an SQL command ('SQL injection') v ...10/07/202610/07/2026377580
CVE-2026-59151Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow t ...10/07/202610/07/2026377579
CVE-2026-53450Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rej ...10/07/202610/07/2026377582
CVE-2026-53449Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd pr ...10/07/202610/07/2026377578
CVE-2026-53448Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.12.0, the coturn ...10/07/202610/07/2026377574
CVE-2026-56668ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 T ...10/07/202610/07/2026377571
CVE-2026-56667ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC a ...10/07/202610/07/2026377570
CVE-2026-56666ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external ...10/07/202610/07/2026377573
CVE-2026-56665ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is a ...10/07/202610/07/2026377566
CVE-2026-56664ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...10/07/202610/07/2026377565
CVE-2026-55672ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...10/07/202610/07/2026377569
CVE-2026-55671ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL& ...10/07/202610/07/2026377572
CVE-2026-55670ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event st ...10/07/202610/07/2026377568
CVE-2026-53780This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.10/07/202610/07/2026
 
CVE-2026-2397Improper neutralization of special elements used in an SQL command ('SQL injection') v ...10/07/202610/07/2026377567
CVE-2026-59193Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash G ...10/07/202610/07/2026377562
CVE-2026-59190grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and ...10/07/202610/07/2026377563
CVE-2026-57167PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rende ...10/07/202610/07/2026377585
CVE-2026-55783NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...10/07/202610/07/2026377557
CVE-2026-55782NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...10/07/202610/07/2026377564
CVE-2026-55781NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...10/07/202610/07/2026377556
CVE-2026-55780NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, ...10/07/202610/07/2026377559
CVE-2026-55669ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL&#039 ...10/07/202610/07/2026377555
CVE-2026-51119An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /Syst ...10/07/202610/07/2026377561
CVE-2026-3251Improper neutralization of input during web page generation ('cross-site scripting') v ...10/07/202610/07/2026377560
CVE-2026-2398Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. Mo ...10/07/202610/07/2026377554
CVE-2026-1667The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Arbitrary Post Creation and ...10/07/202610/07/2026377558
CVE-2026-59180Apprise is an open source library which allows you to send a notification to almost all of the m ...10/07/202610/07/2026377550
CVE-2026-59162Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...10/07/202610/07/2026377545
CVE-2026-59161Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...10/07/202610/07/2026377544
CVE-2026-59154Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorizat ...10/07/202610/07/2026377547
CVE-2026-58493grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::__call build ...10/07/202610/07/2026377552
CVE-2026-58492grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists m ...10/07/202610/07/2026377551
CVE-2026-566759Router is an AI router token saver. Prior to 0.5.2, 9router treats loopback requests as trust ...10/07/202610/07/2026377549
CVE-2026-55890Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XS ...10/07/202610/07/2026372596
CVE-2026-55885Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup p ...10/07/202610/07/2026377546
CVE-2026-55687ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, ...10/07/202610/07/2026377548
CVE-2026-556419Router is an AI router token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM prox ...10/07/202610/07/2026377543
CVE-2026-556389Router is an AI router token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, a ...10/07/202610/07/2026377538
CVE-2026-54919cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mb ...10/07/202610/07/2026377541
CVE-2026-54063Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to ...10/07/202610/07/2026377536
CVE-2026-53657Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3 ...10/07/202610/07/2026377539
CVE-2026-53653Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticate ...10/07/202610/07/2026377540
CVE-2026-39903Simple Machines Forum 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5 contains an authorization ...10/07/202610/07/2026377537
CVE-2026-39244adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulat ...10/07/202610/07/2026377542
CVE-2026-15377A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnera ...10/07/202610/07/2026377444
CVE-2026-15376A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown functi ...10/07/202610/07/2026377443
CVE-2026-8609An unauthenticated attacker can repeatedly call Grafana's OAuth login route with unique val ...10/07/202610/07/2026377526
CVE-2026-8595A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a mali ...10/07/202610/07/2026377528
CVE-2026-566769Router is an AI router token saver. Prior to 0.5.2, 9router validates image URLs by resolving ...10/07/202610/07/2026377525
CVE-2026-555019Router is an AI router token saver. Prior to 0.4.80, the dashboard login rate limiter in src/ ...10/07/202610/07/2026377523
CVE-2026-61492In JetBrains YouTrack before 2026.2.17394 stored XSS via article titles in digest emails was pos ...10/07/202610/07/2026377531
CVE-2026-61456The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 fails to sanitize SVG files uploaded ...10/07/202610/07/2026377529
CVE-2026-61455Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lac ...10/07/202610/07/2026377524
CVE-2026-61450Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author (any admin.pages user ...10/07/202610/07/2026377522
CVE-2026-61444PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where t ...10/07/202610/07/2026377521
CVE-2026-61441PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dep ...10/07/202610/07/2026377527
CVE-2026-61437PraisonAI (pip package praisonaiagents) before 1.6.78 contains an unsafe dynamic module loading ...10/07/202610/07/2026377520
CVE-2026-555009Router is an AI router token saver. Prior to 0.4.80, the /api/settings/database endpoint allo ...10/07/202610/07/2026377515
CVE-2026-54149MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import func ...10/07/202610/07/2026377514
CVE-2026-54001osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...10/07/202610/07/2026377518
CVE-2026-54000osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...10/07/202610/07/2026377517
CVE-2026-46388osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. ...10/07/202610/07/2026377519
CVE-2026-33382Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the reques ...10/07/202610/07/2026377513
CVE-2026-15375A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown ...10/07/202610/07/2026377442
CVE-2026-15374A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function ...10/07/202610/07/2026377441
CVE-2026-15373A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an ...10/07/202610/07/2026377440
CVE-2026-15143A flaw was found in the file_type content detector of guardrails-detectors. This vulnerability a ...10/07/202610/07/2026377516
CVE-2026-61434PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command exec ...10/07/202610/07/2026377506
CVE-2026-61432PraisonAI (praisonaiagents) before 1.6.78 contains a path traversal vulnerability in the FastCon ...10/07/202610/07/2026377505
CVE-2026-61431PraisonAI before 4.6.78 contains a path traversal vulnerability in ContextGatherer that fails to ...10/07/202610/07/2026377504
CVE-2026-60091PraisonAI before 4.6.78 contains an unauthenticated server-side request forgery vulnerability in ...10/07/202610/07/2026377508
CVE-2026-60089PraisonAI (pip package praisonaiagents) before 1.6.78 automatically loads defaults from a projec ...10/07/202610/07/2026377507
CVE-2026-60086PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injec ...10/07/202610/07/2026377503
CVE-2026-59796In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permiss ...10/07/202610/07/2026377510
CVE-2026-59795In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible10/07/202610/07/2026377512
CVE-2026-59794In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agen ...10/07/202610/07/2026377511
CVE-2026-59793In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS in ...10/07/202610/07/2026377509
CVE-2026-59792In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project ...10/07/202610/07/2026377499
CVE-2026-59791In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible10/07/202610/07/2026377501
CVE-2026-58661n8n before 2.28.0 (and before 1.123.58 on the 1.x branch) contains a disk space exhaustion vulne ...10/07/202610/07/2026377498
CVE-2026-57994phpMyFAQ before 4.1.5 applies inconsistent active=yes and publication-date filtering across its ...10/07/202610/07/2026377493
CVE-2026-57961phpMyFAQ before 4.1.5 contains a potential authenticated path traversal vulnerability in the con ...10/07/202610/07/2026377492
CVE-2026-56765Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint expos ...10/07/202610/07/2026377497
CVE-2026-56373ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses ...10/07/202610/07/2026377496
CVE-2026-56366ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when process ...10/07/202610/07/2026377494
CVE-2026-56354n8n before 1.123.24, 2.10.4, and 2.12.0 (across its 1.x and 2.x branches) contains cross-site sc ...10/07/202610/07/2026377500
CVE-2026-56335Capgo before 12.128.2 contains an authorization bypass vulnerability where write-scoped API keys ...10/07/202610/07/2026377495
CVE-2026-56329Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused b ...10/07/202610/07/2026377491
CVE-2026-56312Capgo before 12.128.2 contains an improper validation vulnerability in the accept_invitation end ...10/07/202610/07/2026377484
CVE-2026-56309Capgo before 12.128.2 fails to enforce plan/quota restrictions on the /files/upload/attachments ...10/07/202610/07/2026377488
CVE-2026-56305Capgo before 12.128.2 contains an authentication bypass vulnerability in the password change end ...10/07/202610/07/2026377486
CVE-2026-56279Capgo before 12.128.2 contains an information disclosure vulnerability in the get_orgs_v7(userid ...10/07/202610/07/2026377483
CVE-2026-56261Crawl4AI before 0.8.7 contains a server-side request forgery (SSRF) vulnerability in the Docker ...10/07/202610/07/2026377490
CVE-2026-56254In @capgo/capacitor-updater (Cap-go/capgo) before 12.128.2, the end-to-end encryption scheme dis ...10/07/202610/07/2026377489
CVE-2026-38059The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. ...10/07/202610/07/2026377485
CVE-2026-38057The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentica ...10/07/202610/07/2026377530
CVE-2026-29519Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a ref ...10/07/202610/07/2026377487
CVE-2026-22660FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows ...10/07/202610/07/2026377482
CVE-2026-22659FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability t ...10/07/202610/07/2026377481
CVE-2026-56813Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allow ...10/07/202610/07/2026377480
CVE-2026-54470Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior contain(s) an Improper Restriction of ...10/07/202610/07/2026377479
CVE-2026-54469Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untr ...10/07/202610/07/2026377502
CVE-2026-56814Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multip ...10/07/202610/07/2026377474
CVE-2026-56690Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...10/07/202610/07/2026377476
CVE-2026-56689Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...10/07/202610/07/2026377478
CVE-2026-56688Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Speci ...10/07/202610/07/2026377475
CVE-2026-54468Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a path traversal vulnerab ...10/07/202610/07/2026377477
CVE-2026-53363In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: preserve shared ...10/07/202610/07/2026377533
CVE-2026-58225SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTE ...10/07/202610/07/2026377471
CVE-2026-14461mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker wh ...10/07/202610/07/2026377472
CVE-2026-50810A NULL pointer dereference in smooth_parse_stream_index() in src/media_tools/mpd.c in GPAC maste ...10/07/202610/07/2026376733
CVE-2026-9857The Invoice123 plugin for WordPress is vulnerable to authorization bypass in all versions up to, ...10/07/202610/07/2026377467
CVE-2026-41880R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) modu ...10/07/202610/07/2026377470
CVE-2026-41879R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash. This allows an atta ...10/07/202610/07/2026377468
CVE-2026-41878R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file down ...10/07/202610/07/2026377464
CVE-2026-41877R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can ...10/07/202610/07/2026377465
CVE-2026-41876R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function. The document con ...10/07/202610/07/2026377473
CVE-2026-15378A flaw was found in the `guardrails-detectors` component. This vulnerability allows a remote att ...10/07/202610/07/2026377466
CVE-2026-15028A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap ov ...10/07/202610/07/2026377462
CVE-2026-13710The Jeg Kit for Elementor Powerful Addons for Elementor, Widgets Templates for WordPress plu ...10/07/202610/07/2026377463
CVE-2026-13247The Logo Slider Logo Carousel, Client Logo Slider Brand Showcase for WordPress plugin for Wo ...10/07/202610/07/2026377469
CVE-2026-13010The JoomSport for Sports: Team League, Football, Hockey more plugin for WordPress is vulne ...10/07/202610/07/2026377461
CVE-2026-12918The Mail Mint Email Marketing, Newsletter, Email Automation WooCommerce Emails plugin for Wo ...10/07/202610/07/2026377459
CVE-2026-11990The KiviCare Clinic Patient Management System (EHR) plugin for WordPress is vulnerable to au ...10/07/202610/07/2026377460
CVE-2026-9838The ICS Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the &# ...10/07/202610/07/2026377456
CVE-2026-6802The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access ...10/07/202610/07/2026377454
CVE-2026-6440The GoodMeet Google Meet Integration for Webinar, Meeting Video Conference plugin for WordPr ...10/07/202610/07/2026377457
CVE-2026-3907The Hostel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wphos ...10/07/202610/07/2026377455
CVE-2026-1946The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of dat ...10/07/202610/07/2026377448
CVE-2026-15104The BetterDocs AI Documentation, Knowledge Base, Docs, Wikis, FAQ with Chatbot plugin for Word ...10/07/202610/07/2026377458
CVE-2026-15026The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Inform ...10/07/202610/07/2026377447
CVE-2026-14475The Cookie Banner for GDPR / CCPA WPLP Cookie Consent plugin for WordPress is vulnerable to ge ...10/07/202610/07/2026377451
CVE-2026-12955The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data ...10/07/202610/07/2026377446
CVE-2026-12924The Eventin Event Calendar, Event Registration, Tickets Booking (AI Powered) plugin for Word ...10/07/202610/07/2026377453
CVE-2026-12400The FlowForms Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direc ...10/07/202610/07/2026377450
CVE-2026-12108The Highlighting Code Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi ...10/07/202610/07/2026377452
CVE-2026-11992The Easy Appointments plugin for WordPress is vulnerable to authorization bypass in all versions ...10/07/202610/07/2026377449
CVE-2026-40454Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-b ...10/07/202610/07/2026377434
CVE-2026-40452Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization by ...10/07/202610/07/2026377433
CVE-2026-40009Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authentica ...10/07/202610/07/2026377432
CVE-2026-40008Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vul ...10/07/202610/07/2026377431
CVE-2026-40007Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pi ...10/07/202610/07/2026377427
CVE-2026-40006Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttlin ...10/07/202610/07/2026377426
CVE-2026-40005Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnera ...10/07/202610/07/2026377428
CVE-2026-28564Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache ...10/07/202610/07/2026377430
CVE-2026-13347The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to ...10/07/202610/07/2026377429
CVE-2026-12685The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfu ...10/07/202610/07/2026377423
CVE-2026-12276The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether use ...10/07/202610/07/2026377424
CVE-2026-12123The All-in-One Video Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery i ...10/07/202610/07/2026377425
CVE-2026-21057Improper input validation in Samsung Pass prior to version 5.2.10.3 allows local privileged atta ...10/07/202610/07/2026377422
CVE-2026-21056Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to a ...10/07/202610/07/2026377421
CVE-2026-21055Improper export of android application components in Bixby prior to version 4.0.70.8 allows loca ...10/07/202610/07/2026377420
CVE-2026-21054Improper export of android application components in InputSharing prior to version 2.7.01.4 allo ...10/07/202610/07/2026377419
CVE-2026-21053Improper input validation in Samsung Email prior to version 6.2.13.1 allows local attackers to c ...10/07/202610/07/2026377418
CVE-2026-21052Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged at ...10/07/202610/07/2026377417
CVE-2026-21051Incorrect default permissions in WLAN security prior to SMR Jul-2026 Release 1 allows local atta ...10/07/202610/07/2026377416
CVE-2026-21050Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers ...10/07/202610/07/2026377415
CVE-2026-21049Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers ...10/07/202610/07/2026377414
CVE-2026-21048Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 ...10/07/202610/07/2026377413
CVE-2026-21046Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Relea ...10/07/202610/07/2026377412
CVE-2026-21045Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 ...10/07/202610/07/2026377405
CVE-2026-21044Improper authorization in KnoxGuardManager prior to SMR Jul-2026 Release 1 allows local attacker ...10/07/202610/07/2026377411
CVE-2026-21043Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged atta ...10/07/202610/07/2026377410
CVE-2026-21042Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to ex ...10/07/202610/07/2026377409
CVE-2026-21041Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local at ...10/07/202610/07/2026377408
CVE-2026-21040Improper access control in IAFDService prior to SMR Jul-2026 Release 1 allows local privileged a ...10/07/202610/07/2026377407
CVE-2026-21039Improper access control in Settings prior to SMR Jul-2026 Release 1 allows local attackers to co ...10/07/202610/07/2026377406
CVE-2026-15332A security flaw has been discovered in zhayujie CowAgent up to 2.1.0. The impacted element is an ...10/07/202610/07/2026377275
CVE-2026-15331A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the fun ...10/07/202610/07/2026377274
CVE-2026-15330A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build ...10/07/202610/07/2026377273
CVE-2026-15302The ARMember plugin for WordPress is vulnerable to Directory Traversal in all versions up to, an ...10/07/202610/07/2026377400
CVE-2026-15301The BuddyHolis TableSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...10/07/202610/07/2026377404
CVE-2026-15300The GEO my WP plugin for WordPress was vulnerable to SQL Injection via the 'distance', ...10/07/202610/07/2026377397
CVE-2026-15299The Animation Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...10/07/202610/07/2026377398
CVE-2026-15298The TelSender plugin for WordPress is vulnerable to DOM-Based Cross-Site Scripting in all versio ...10/07/202610/07/2026377403
CVE-2026-15297The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin f ...10/07/202610/07/2026377402
CVE-2026-15296The affiliate-toolkit WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to St ...10/07/202610/07/2026377532
CVE-2026-15293The WP Business Intelligence Lite plugin for WordPress is vulnerable to authorization bypass in ...10/07/202610/07/2026377399
CVE-2026-15292The Sudoku Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the & ...10/07/202610/07/2026377401
CVE-2026-15291The Chat Help Click to Chat Button Form plugin for WordPress is vulnerable to Sensitive Info ...10/07/202610/07/2026377392
CVE-2026-15290The Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction ...10/07/202610/07/2026292456
CVE-2026-15289The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-base ...10/07/202610/07/2026377394
CVE-2026-15288The SureForms Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to I ...10/07/202610/07/2026377391
CVE-2026-15287The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to time-bas ...10/07/202610/07/2026377393
CVE-2026-15286The Gutenberg Blocks with AI by Kadence WP Page Builder Features plugin for WordPress is vulne ...10/07/202610/07/2026377390
CVE-2026-15285The Plus Addons for Elementor plugin for WordPress was vulnerable to Authenticated (Contributor+ ...10/07/202610/07/2026377388
CVE-2026-15284The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...10/07/202610/07/2026377396
CVE-2026-15283The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...10/07/202610/07/2026377395
CVE-2026-15282The Instant Appointment plugin for WordPress is vulnerable to arbitrary file uploads due to miss ...10/07/202610/07/2026377389
CVE-2026-5069The Fluent Forms plugin for WordPress is vulnerable to incorrect authorization via the 'sub ...10/07/202610/07/2026377387
CVE-2026-54423In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPM ...10/07/202610/07/2026377385
CVE-2026-44918OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project wi ...10/07/202610/07/2026377386
CVE-2026-15329A vulnerability was found in zhayujie CowAgent up to 2.1.0. This issue affects the function Brow ...10/07/202610/07/2026377272
CVE-2026-15326A vulnerability was identified in halo-dev halo up to 2.24.2. This affects the function ThemeUti ...10/07/202610/07/2026377265
CVE-2026-15321A vulnerability was found in MyEMS up to 6.4.0. The affected element is the function on_post of ...10/07/202610/07/2026377263
CVE-2026-15070The Salon Booking System Free Version plugin for WordPress is vulnerable to Cross-Site Request ...10/07/202610/07/2026377381
CVE-2026-14894The Super Forms Drag Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File ...10/07/202610/07/2026377382
CVE-2026-13430The Post Export Import with Media plugin for WordPress is vulnerable to Arbitrary File Upload in ...10/07/202610/07/2026377380
CVE-2026-11818The WPCafe Restaurant Menu, Online Food Ordering Table Booking System plugin for WordPress i ...10/07/202610/07/2026377383
CVE-2026-11392The WP Hotel Booking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via th ...10/07/202610/07/2026377384
CVE-2026-15320A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the func ...10/07/202610/07/2026377260
CVE-2026-15319A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the func ...10/07/202610/07/2026377259
CVE-2026-15318A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some un ...10/07/202610/07/2026377258
CVE-2026-55616** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-49757. Reason: This candidat ...10/07/202610/07/2026
 
CVE-2026-54771Langroid is a framework for building large-language-model-powered applications. Prior to version ...10/07/202610/07/2026377379
CVE-2026-54769Langroid is a framework for building large-language-model-powered applications. Versions prior t ...10/07/202610/07/2026377378
CVE-2026-54760Langroid is a framework for building large-language-model-powered applications. Prior to version ...10/07/202610/07/2026367762
CVE-2026-50181Langroid is a framework for building large-language-model-powered applications. Prior to version ...10/07/202610/07/2026376435
CVE-2026-50180Langroid is a framework for building large-language-model-powered applications. Prior to version ...10/07/202610/07/2026377377
CVE-2026-15317A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerabili ...10/07/202610/07/2026377257
CVE-2026-15311A vulnerability was identified in NousResearch hermes-agent up to 2026.5.29.2. Affected by this ...10/07/202610/07/2026377247
CVE-2026-55615Langroid is a framework for building large-language-model-powered applications. Prior to version ...10/07/202610/07/2026367762
CVE-2026-12598The LoginPress Pro plugin for WordPress is vulnerable to authentication bypass in versions up to ...10/07/202610/07/2026377374
CVE-2026-12597The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via the GitHub OA ...10/07/202610/07/2026377376
CVE-2026-12595The LoginPress Pro plugin for WordPress is vulnerable to Authentication Bypass via Unverified OA ...10/07/202610/07/2026377375
CVE-2026-58123Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability tha ...10/07/202610/07/2026377369
CVE-2026-58122Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthe ...10/07/202610/07/2026377372
CVE-2026-59858Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script ...10/07/202610/07/2026377371
CVE-2026-59857Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of sp ...10/07/202610/07/2026377370
CVE-2026-59856Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion scri ...10/07/202610/07/2026377368
CVE-2026-59855SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in a ...10/07/202610/07/2026377363
CVE-2026-59854SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/gl ...10/07/202610/07/2026377358
CVE-2026-59853SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/ ...10/07/202610/07/2026377362
CVE-2026-59834SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search ...10/07/202610/07/2026377361
CVE-2026-59833SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders no ...10/07/202610/07/2026377367
CVE-2026-59832SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /snippets/*fi ...10/07/202610/07/2026377359
CVE-2026-59831GitHub CLI (gh) is GitHub s official command line tool. From 2.10.0 through 2.95.0, connecting t ...10/07/202610/07/2026377366
CVE-2026-57501Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu ...10/07/202610/07/2026377365
CVE-2026-44342New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management ...10/07/202610/07/2026377360
CVE-2026-33655New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management ...10/07/202610/07/2026377364
CVE-2026-57054A Use of Incorrectly-Resolved Name or Reference vulnerability in the URL filtering plugin of Jun ...10/07/202610/07/2026377352
CVE-2026-57032An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine (pfe) ...10/07/202610/07/2026377350
CVE-2026-57031An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding e ...10/07/202610/07/2026377348
CVE-2026-57030A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition ...10/07/202610/07/2026377349
CVE-2026-57029A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos ...10/07/202610/07/2026377351
CVE-2026-59828Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10/07/202610/07/2026377356
CVE-2026-58144Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allow ...10/07/202610/07/2026377353
CVE-2026-58143Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows ...10/07/202610/07/2026377354
CVE-2026-55424Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10/07/202610/07/2026377355
CVE-2026-53963Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10/07/202610/07/2026377357
CVE-2026-53962Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10/07/202610/07/2026377346
CVE-2026-53961Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10/07/202610/07/2026377341
CVE-2026-49256Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10/07/202610/07/2026377345
CVE-2026-46413Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10/07/202610/07/2026377344
CVE-2026-45788Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10/07/202610/07/2026377343
CVE-2026-45780Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10/07/202610/07/2026377342
CVE-2026-44787Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...10/07/202610/07/2026377340
CVE-2026-38076An integer overflow in the jbig2_arith_iaid_ctx_new() function of Artifex commit cc37d0 allows a ...10/07/202610/07/2026377347
CVE-2026-15276A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown cod ...10/07/202610/07/2026377216
CVE-2026-15274A vulnerability was detected in lo48576 fbxcel up to 0.9.0. This affects an unknown part of the ...10/07/202610/07/2026377215
CVE-2026-57028An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper ...10/07/202610/07/2026377336
CVE-2026-57027A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engi ...10/07/202610/07/2026377335
CVE-2026-57026An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juni ...10/07/202610/07/2026377339
CVE-2026-57025A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Junip ...10/07/202610/07/2026377338
CVE-2026-57024A Use of Multiple Resources with Duplicate Identifier vulnerability in the IKE daemon (iked) of ...10/07/202610/07/2026377331
CVE-2026-57023An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of J ...10/07/202610/07/2026377337
CVE-2026-57022An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding E ...10/07/202610/07/2026377334
CVE-2026-57021An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos ...10/07/202610/07/2026377330
CVE-2026-57020An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding e ...10/07/202610/07/2026377333
CVE-2026-57019An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Eng ...10/07/202610/07/2026377332
CVE-2026-55689OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, OpenFGA&#03 ...09/07/202610/07/2026377329
CVE-2026-55605DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to ver ...09/07/202610/07/2026377326
CVE-2026-55604DeepSeek MCP Server is an MCP server for DeepSeek V4. Starting in version 1.4.2 and prior to ver ...09/07/202610/07/2026377328
CVE-2026-55170OpenFGA is an authorization/permission engine built for developers. Prior to 1.18.0, when MySQL ...09/07/202610/07/2026377327
CVE-2026-39246decompress before 4.2.2 allows arbitrary symlink creation during archive extraction. When proces ...09/07/202609/07/2026377325
CVE-2026-39245decompress before 4.2.2 contains an improper path containment check that enables directory trave ...09/07/202609/07/2026154375
CVE-2026-39243decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling f ...09/07/202609/07/2026377324
CVE-2026-33803An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper ...09/07/202609/07/2026377322
CVE-2026-33802A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allow ...09/07/202609/07/2026377323
CVE-2026-15271A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450 ...09/07/202609/07/2026377214
CVE-2026-60120Bagisto before 2.4.4 contains a stored cross-site scripting vulnerability via client-side templa ...09/07/202609/07/2026377320
CVE-2026-55865Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malfo ...09/07/202609/07/2026377319
CVE-2026-55212Pimcore is an Open Source Data Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, ...09/07/202609/07/2026377318
CVE-2026-55208Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 20 ...09/07/202610/07/2026377373
CVE-2026-55207Pimcore is an Open Source Data Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, ...09/07/202609/07/2026377321
CVE-2026-51926An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive infor ...09/07/202609/07/2026377317
CVE-2026-51925A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a ...09/07/202609/07/2026377310
CVE-2026-51924An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via ...09/07/202609/07/2026377313
CVE-2026-51923An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c ...09/07/202609/07/2026377314
CVE-2026-33801An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol da ...09/07/202609/07/2026377309
CVE-2026-33800An Unchecked Input for Loop Condition vulnerability in the Packet Forwarding Engine (pfe) of Jun ...09/07/202609/07/2026377312
CVE-2026-33799An Out-of-bounds Write vulnerability in the SNMP daemon (snmpd) of Juniper Networks Junos OS and ...09/07/202609/07/2026377308
CVE-2026-33794An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwardin ...09/07/202609/07/2026377307
CVE-2026-31267Mercusys MW302R MW302R(EU)_V1_1.4.10 Build 231023 is vulnerable to Buffer Overflow in the admini ...09/07/202609/07/2026377315
CVE-2026-21901A NULL Pointer Dereference vulnerability in the management daemon (mgd) of Juniper Networks Juno ...09/07/202609/07/2026377311
CVE-2026-15270A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207. Affected by this vulnerabil ...09/07/202609/07/2026377213
CVE-2026-0278Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) com ...09/07/202609/07/2026377305
CVE-2026-0277An improper certificate validation vulnerability in the Prisma Access Agent for iOS enables an ...09/07/202609/07/2026377303
CVE-2026-0276A privilege escalation vulnerability in Palo Alto Networks Cortex XDR Broker VM enables a local ...09/07/202609/07/2026377306
CVE-2026-0275A local privilege escalation vulnerability in Palo Alto Networks Prisma Browser allows a locall ...09/07/202609/07/2026377304
CVE-2026-55590CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 ba ...09/07/202609/07/2026377294
CVE-2026-54695Pipecat is an open-source Python framework for building real-time voice and multimodal conversat ...09/07/202609/07/2026377293
CVE-2026-54005Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites where a ...09/07/202609/07/2026377297
CVE-2026-54004Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with co ...09/07/202609/07/2026377300
CVE-2026-54003Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites wi ...09/07/202609/07/2026377299
CVE-2026-54002Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plu ...09/07/202609/07/2026377302
CVE-2026-50188Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plu ...09/07/202609/07/2026377298
CVE-2026-49276Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using t ...09/07/202609/07/2026377301
CVE-2026-49274Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using t ...09/07/202609/07/2026377296
CVE-2026-13492The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and ...09/07/202609/07/2026377295
CVE-2026-0287Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS software allow an unaut ...09/07/202609/07/2026377289
CVE-2026-0286A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS software ...09/07/202609/07/2026377283
CVE-2026-0285A server-side request forgery (SSRF) vulnerability in Palo Alto Networks PAN-OS software enables ...09/07/202609/07/2026377291
CVE-2026-0284An XML injection vulnerability in the Large Scale VPN (LSVPN) functionality of Palo Alto Network ...09/07/202609/07/2026377286
CVE-2026-0283An authentication bypass vulnerability in Large Scale VPN ( LSVPN) functionality of Palo Alto Ne ...09/07/202609/07/2026377288
CVE-2026-0282A file deletion vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated ...09/07/202609/07/2026377287
CVE-2026-0281An information disclosure vulnerability in Palo Alto Networks PAN-OS software enables an unauth ...09/07/202609/07/2026377285
CVE-2026-0280An IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS software ...09/07/202609/07/2026377284
CVE-2026-0279Multiple cross site scripting vulnerabilities in the User-ID Authentication Portal (aka Captive ...09/07/202609/07/2026377290
CVE-2026-59149Mockoon provides way to design and run mock APIs. Prior to 9.7.0, a FILE response whose filePath ...09/07/202609/07/2026377279
CVE-2026-59148Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in co ...09/07/202609/07/2026377278
CVE-2026-58198ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to ...09/07/202609/07/2026377280
CVE-2026-61344The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov expos ...09/07/202609/07/2026377270
CVE-2026-61343LibreBooking's email template editor save action passes the submitted template name directl ...09/07/202609/07/2026377266
CVE-2026-59827Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, ...09/07/202609/07/2026377267
CVE-2026-59826Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until ...09/07/202609/07/2026377282
CVE-2026-59817Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public don ...09/07/202609/07/2026377269
CVE-2026-59734Coolify is an open-source and self-hostable tool for managing servers, applications, and databas ...09/07/202609/07/2026377264
CVE-2026-59726Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default ...09/07/202609/07/2026377268
CVE-2026-59721Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfig ...09/07/202609/07/2026377255
CVE-2026-59720Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, mock server creation ...09/07/202609/07/2026377281
CVE-2026-59221Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 ...09/07/202609/07/2026377262
CVE-2026-58378Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker ...09/07/202609/07/2026377261
CVE-2026-55420Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026 ...09/07/202609/07/2026377254
CVE-2026-43752An authenticated administrator may be able to achieve arbitrary code execution on the host syste ...09/07/202609/07/2026377256
CVE-2026-15204A vulnerability was detected in TOTOLINK X5000R 9.1.0cu.2415_B20250515/9.1.0cu.2350_B20230313. A ...09/07/202609/07/2026377125
CVE-2026-15202A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function get_url ...09/07/202609/07/2026377124
CVE-2026-15195A weakness has been identified in apidevtools json-schema-ref-parser up to 15.3.5. This impacts ...09/07/202609/07/2026377123
CVE-2026-14278After further coordination, CVE was determined to not be warranted.09/07/202609/07/2026
 
CVE-2026-59225Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.1 ...09/07/202609/07/2026377277
CVE-2026-59224Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09/07/202609/07/2026377276
CVE-2026-59223Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09/07/202609/07/2026377271
CVE-2026-59222Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.7.0 ...09/07/202609/07/2026377251
CVE-2026-59219Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 ...09/07/202609/07/2026377250
CVE-2026-59217Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09/07/202609/07/2026377249
CVE-2026-59216Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09/07/202609/07/2026377245
CVE-2026-59215Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09/07/202609/07/2026377244
CVE-2026-59213Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.2 ...09/07/202609/07/2026377248
CVE-2026-59212Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 ...09/07/202609/07/2026377243
CVE-2026-51603A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...09/07/202609/07/2026377253
CVE-2026-51602A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...09/07/202609/07/2026377252
CVE-2026-51601Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. T ...09/07/202609/07/2026377246
CVE-2026-51600Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP req ...09/07/202609/07/2026377236
CVE-2026-51599An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Bu ...09/07/202609/07/2026377238
CVE-2026-51598An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build ...09/07/202609/07/2026377241
CVE-2026-51597MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in ...09/07/202609/07/2026377240
CVE-2026-15308The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through re ...09/07/202609/07/2026377242
CVE-2026-15194A security flaw has been discovered in Open5GS 2.7.7. This affects the function amf_context_fina ...09/07/202609/07/2026377122
CVE-2026-15193A vulnerability was determined in AidanPark openclaw-android up to 0.4.0. The affected element i ...09/07/202609/07/2026377120
CVE-2026-15192A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function ...09/07/202609/07/2026377118
CVE-2026-13462PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows ...09/07/202609/07/2026377237
CVE-2026-13461When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the ...09/07/202609/07/2026377239
CVE-2026-59715Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.1 ...09/07/202609/07/2026377234
CVE-2026-59227Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.1 ...09/07/202609/07/2026377232
CVE-2026-59226Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.0 ...09/07/202609/07/2026377231
CVE-2026-59220Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.2 ...09/07/202609/07/2026377233
CVE-2026-59218Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09/07/202609/07/2026377230
CVE-2026-59214Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0 ...09/07/202609/07/2026377225
CVE-2026-59209n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an a ...09/07/202609/07/2026377228
CVE-2026-58459gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability ...09/07/202609/07/2026377224
CVE-2026-53987The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and rende ...09/07/202609/07/2026377235
CVE-2026-51606An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9 ...09/07/202609/07/2026377229
CVE-2026-51605A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...09/07/202609/07/2026377227
CVE-2026-51604A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31. ...09/07/202609/07/2026377226
CVE-2026-15191A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code ...09/07/202609/07/2026377117
CVE-2026-15190A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This af ...09/07/202609/07/2026377116
CVE-2026-61474An improper authorization check in MISP s attribute creation endpoint allowed an authenticated u ...09/07/202609/07/2026377220
CVE-2026-59208n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.2 ...09/07/202609/07/2026377223
CVE-2026-59207n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents fe ...09/07/202609/07/2026377222
CVE-2026-59206n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an a ...09/07/202609/07/2026377221
CVE-2026-58125This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.09/07/202609/07/2026
 
CVE-2026-42486[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09/07/202610/07/2026377535
CVE-2026-23562[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09/07/202610/07/2026377534
CVE-2026-23561[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09/07/202609/07/2026377219
CVE-2026-23560[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09/07/202609/07/2026377219
CVE-2026-23559[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09/07/202609/07/2026377219
CVE-2026-23556When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are l ...09/07/202609/07/2026377217
CVE-2026-15189A security vulnerability has been detected in aerostackdev aerostack-mcp up to 6315dfde7df0a15aa ...09/07/202609/07/2026377115
CVE-2026-15188A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc1 ...09/07/202609/07/2026377114
CVE-2026-15187A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.s ...09/07/202609/07/2026377113
CVE-2026-11404Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function ...09/07/202609/07/2026377218
CVE-2026-60109Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol ana ...09/07/202609/07/2026377207
CVE-2026-60108Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer ...09/07/202609/07/2026377206
CVE-2026-5005Improper neutralization of input during web page generation ('cross-site scripting') v ...09/07/202609/07/2026377212
CVE-2026-56292A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting thi ...09/07/202609/07/2026377211
CVE-2026-54801A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...09/07/202609/07/2026377210
CVE-2026-54800A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...09/07/202609/07/2026377209
CVE-2026-54799A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...09/07/202609/07/2026377205
CVE-2026-54798A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions V ...09/07/202609/07/2026377208
CVE-2026-60095Vinchin Backup Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in ...09/07/202609/07/2026377203
CVE-2026-60094Vinchin Backup Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that ...09/07/202609/07/2026377202
CVE-2026-4256Improper neutralization of special elements used in an LDAP query ('LDAP injection') v ...09/07/202609/07/2026377204
CVE-2026-15186A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function ...09/07/202609/07/2026377112
CVE-2026-15185A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of t ...09/07/202609/07/2026377111
CVE-2026-14261A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execu ...09/07/202609/07/2026377200
CVE-2026-12879An Improper Input Validation vulnerability in BigQuery DAO in Google Cloud Apigee versions prior ...09/07/202609/07/2026377199
CVE-2026-12593The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{us ...09/07/202609/07/2026377201
CVE-2026-12116A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in th ...09/07/202609/07/2026377198
CVE-2026-3494In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_ ...09/07/202609/07/2026348595
CVE-2026-15184A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg ...09/07/202609/07/2026377110
CVE-2026-9253The WP Cost Estimation Payment Forms Builder (E P Forms) plugin for WordPress is vulnerable to ...09/07/202609/07/2026377197
CVE-2026-15182A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the functio ...09/07/202609/07/2026377109
CVE-2026-9240The Colissimo Officiel : M thodes de livraison pour WooCommerce plugin for WordPress is vulnerab ...09/07/202609/07/2026377195
CVE-2026-9237The Employee, Leave and Recruitment Management System Crew HRM plugin for WordPress is vulnera ...09/07/202609/07/2026377196
CVE-2026-9235The DHL eCommerce (Benelux) for WooCommerce plugin for WordPress is vulnerable to unauthorized m ...09/07/202609/07/2026377194
CVE-2026-9028The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to authorization by ...09/07/202609/07/2026377186
CVE-2026-9027The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass v ...09/07/202609/07/2026377185
CVE-2026-9021The Easy Invoice plugin for WordPress is vulnerable to Missing Authorization in versions up to, ...09/07/202609/07/2026377184
CVE-2026-59692A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS h ...09/07/202609/07/2026377190
CVE-2026-59691A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin. When a client ...09/07/202609/07/2026377191
CVE-2026-58307Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Ove ...09/07/202609/07/2026377189
CVE-2026-58306Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers ...09/07/202609/07/2026377192
CVE-2026-58305Access of resource using incompatible type ('type confusion') vulnerability in Samsung ...09/07/202609/07/2026377188
CVE-2026-58304Out-of-bounds read, Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Ove ...09/07/202609/07/2026377187
CVE-2026-58303Stack-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffer ...09/07/202609/07/2026377193
CVE-2026-56291The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload tha ...09/07/202609/07/2026377183
CVE-2026-56289GNU patch is vulnerable to a denial of service (DoS) due to improper validation of hunk (single ...09/07/202609/07/2026377175
CVE-2026-56288GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unifie ...09/07/202609/07/2026377174
CVE-2026-50644SOPlanning is vulnerable to SQL injection in the audit retention configuration. An attacker hold ...09/07/202609/07/2026377182
CVE-2026-4298The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all v ...09/07/202609/07/2026377177
CVE-2026-4275The Divi Torque Lite Divi Theme, Divi Builder Extra Theme plugin for WordPress is vulnerable ...09/07/202609/07/2026377181
CVE-2026-14372The Bit Form Contact Form, Payment Forms, Multi Step Forms, Calculator Custom Form Builder p ...09/07/202609/07/2026377176
CVE-2026-13441The EventPrime Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sto ...09/07/202609/07/2026377180
CVE-2026-12590Impact: In body-parser versions prior to 1.20.6 (1.x line) and 2.3.0 (2.x line), when the parser ...09/07/202609/07/2026377179
CVE-2026-12428The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due ...09/07/202609/07/2026377178
CVE-2026-5955Improper neutralization of special elements used in an SQL command ('SQL injection') v ...09/07/202609/07/2026377169
CVE-2026-5793Improper neutralization of input during web page generation ('cross-site scripting') v ...09/07/202609/07/2026377173
CVE-2026-56460HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authentica ...09/07/202609/07/2026377172
CVE-2026-56459HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The applicat ...09/07/202609/07/2026377170
CVE-2026-56458HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to car ...09/07/202609/07/2026377166
CVE-2026-2342Improper neutralization of input during web page generation ('cross-site scripting') v ...09/07/202609/07/2026377171
CVE-2026-1989Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solu ...09/07/202609/07/2026377168
CVE-2026-1365Insertion of sensitive information into sent data vulnerability in Sayax Energy Technologies Inc ...09/07/202609/07/2026377167
CVE-2026-15158The Blocksy Companion plugin for WordPress is vulnerable to Arbitrary File Upload in all version ...09/07/202609/07/2026377164
CVE-2026-12433The Hydra Booking Appointment Scheduling Booking Calendar plugin for WordPress is vulnerable ...09/07/202609/07/2026377165
CVE-2026-8996The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to Sensitive Inform ...09/07/202609/07/2026377160
CVE-2026-8848The Popup Maker Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Build ...09/07/202609/07/2026377158
CVE-2026-7558The Age Verification Identity Verification by Token of Trust plugin for WordPress is vulnerabl ...09/07/202609/07/2026377159
CVE-2026-6910The Bookero.pl system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Sit ...09/07/202609/07/2026377163
CVE-2026-59269A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially gain ...09/07/202609/07/2026377161
CVE-2026-57111Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.re ...09/07/202609/07/2026376957
CVE-2026-4653The Block, Suspend, Report for BuddyPress plugin for WordPress is vulnerable to Stored Cross-Sit ...09/07/202609/07/2026377162
CVE-2026-33390An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functional ...09/07/202609/07/2026377152
CVE-2026-31985When the upstream Guardian or CMC was configured in the Remote Collector via n2os-tui, the gener ...09/07/202609/07/2026377151
CVE-2026-31984A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the ...09/07/202609/07/2026377148
CVE-2026-31983A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. ...09/07/202609/07/2026377155
CVE-2026-31982An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to in ...09/07/202609/07/2026377154
CVE-2026-31981A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a ...09/07/202609/07/2026377157
CVE-2026-15000The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site ...09/07/202609/07/2026377153
CVE-2026-14343The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via &#039 ...09/07/202609/07/2026377156
CVE-2026-14342The Mail Mint Email Marketing, Newsletter, Email Automation WooCommerce Emails plugin for Wo ...09/07/202609/07/2026377150
CVE-2026-14245The miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress is vulnerable ...09/07/202609/07/2026377149
CVE-2026-13771The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scr ...09/07/202609/07/2026377143
CVE-2026-13450The GamiPress Gamification plugin to reward points, achievements, badges ranks in WordPress ...09/07/202609/07/2026377142
CVE-2026-13334The Mang Board WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the & ...09/07/202609/07/2026377147
CVE-2026-13253The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the &#03 ...09/07/202609/07/2026377146
CVE-2026-13080The WPFunnels Funnel Builder for WooCommerce with Checkout One Click Upsell plugin for WordP ...09/07/202609/07/2026377138
CVE-2026-13011The ERP: Complete HR, Accounting CRM Suite with Recruitment and WooCommerce CRM Support plugin ...09/07/202609/07/2026377141
CVE-2026-12418The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership User Regis ...09/07/202609/07/2026377139
CVE-2026-12406The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership User Regis ...09/07/202609/07/2026377145
CVE-2026-12170The AcyMailing An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress p ...09/07/202609/07/2026377144
CVE-2026-11359The Memberships and User Profiles for WooCommerce ProfileGrid WooCommerce Integration plugin f ...09/07/202609/07/2026377140
CVE-2026-47840A network attacker positioned between UAA and its LDAP directory can impersonate the directory u ...09/07/202609/07/2026377137
CVE-2026-47831Use of a cryptographically weak random number generator in the GenerateRandomPassword function i ...09/07/202609/07/2026377136
CVE-2026-47830Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-build ...09/07/202609/07/2026377135
CVE-2026-47829Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH op ...09/07/202609/07/2026377127
CVE-2026-47828During bosh create-env and bosh delete-env, the CLI uploads compiled CPI packages and rendered j ...09/07/202609/07/2026377131
CVE-2026-47826The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write ...09/07/202609/07/2026377134
CVE-2026-12517The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the serv ...09/07/202609/07/2026377133
CVE-2026-12516The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the serv ...09/07/202609/07/2026377132
CVE-2026-12270The Everest Forms WordPress plugin before 3.5.0 does not correctly restrict access to several R ...09/07/202609/07/2026377126
CVE-2026-11875The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or ver ...09/07/202609/07/2026377130
CVE-2026-11869The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check ...09/07/202609/07/2026377129
CVE-2026-11571The Everest Forms WordPress plugin before 3.5.0 does not reliably delete temporary CSV files ge ...09/07/202609/07/2026377128
CVE-2026-5523The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up ...09/07/202609/07/2026377119
CVE-2026-41857A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator&#0 ...09/07/202609/07/2026377121
CVE-2026-15138A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affec ...09/07/202609/07/2026376953
CVE-2026-15137A weakness has been identified in code-projects Interview Management System 1.0. This vulnerabil ...09/07/202609/07/2026376952
CVE-2026-47646Improper neutralization of input during web page generation ('cross-site scripting') i ...09/07/202609/07/2026372322
CVE-2026-15135A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects ...09/07/202609/07/2026376951
CVE-2026-8472GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19. ...09/07/202609/07/2026377103
CVE-2026-7492GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.1 before 18.11.7, 1 ...09/07/202609/07/2026377102
CVE-2026-6896GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19 ...09/07/202609/07/2026377101
CVE-2026-6352GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.11.7, 19. ...09/07/202609/07/2026377100
CVE-2026-60105Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemote ...09/07/202609/07/2026377104
CVE-2026-59818etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and ...09/07/202609/07/2026377099
CVE-2026-58525Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to by ...09/07/202609/07/2026377108
CVE-2026-58192Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C W ...09/07/202609/07/2026377094
CVE-2026-58191Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C W ...09/07/202609/07/2026377097
CVE-2026-57481Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...09/07/202609/07/2026377092
CVE-2026-57480Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...09/07/202609/07/2026377090
CVE-2026-55778Parse Server is an open source backend that can be deployed to any infrastructure that can run N ...09/07/202609/07/2026377095
CVE-2026-5923Malicious use of a stolen cookie might allow modifications to the contents of the IP phone s web ...09/07/202609/07/2026377098
CVE-2026-55878Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 befor ...09/07/202609/07/2026372595
CVE-2026-59723Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, ...09/07/202609/07/2026377096
CVE-2026-54784CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. In ...09/07/202609/07/2026377093
CVE-2026-54783CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377091
CVE-2026-54782CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377089
CVE-2026-54781CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377105
CVE-2026-15133Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attac ...09/07/202609/07/2026377086
CVE-2026-15132Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...09/07/202609/07/2026377085
CVE-2026-15131Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a re ...09/07/202609/07/2026377084
CVE-2026-15130Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a ...09/07/202609/07/2026377082
CVE-2026-15129Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to po ...09/07/202609/07/2026377083
CVE-2026-15128Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote ...09/07/202609/07/2026377088
CVE-2026-15127Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote ...09/07/202609/07/2026377087
CVE-2026-15134A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected ...09/07/202609/07/2026376949
CVE-2026-15126Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...09/07/202609/07/2026377081
CVE-2026-15125Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote ...09/07/202609/07/2026377080
CVE-2026-15124Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a ...09/07/202609/07/2026377072
CVE-2026-15123Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote at ...09/07/202609/07/2026377079
CVE-2026-15122Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0. ...09/07/202609/07/2026377078
CVE-2026-15121Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to e ...09/07/202609/07/2026377077
CVE-2026-15120Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote atta ...09/07/202609/07/2026377076
CVE-2026-15119Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had ...09/07/202609/07/2026377075
CVE-2026-15118Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...09/07/202609/07/2026377074
CVE-2026-15117Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker wh ...09/07/202609/07/2026377073
CVE-2026-15116Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex ...09/07/202609/07/2026377069
CVE-2026-15115Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior t ...09/07/202609/07/2026377063
CVE-2026-15114Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote ...09/07/202609/07/2026377068
CVE-2026-15113Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote ...09/07/202609/07/2026377062
CVE-2026-15112Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to po ...09/07/202609/07/2026377067
CVE-2026-15111Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who c ...09/07/202609/07/2026377066
CVE-2026-15110Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who co ...09/07/202609/07/2026377071
CVE-2026-15109Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ...09/07/202609/07/2026377065
CVE-2026-15108Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker ...09/07/202609/07/2026377070
CVE-2026-15107Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker t ...09/07/202609/07/2026377064
CVE-2026-54780CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377061
CVE-2026-54779CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377056
CVE-2026-54778CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377060
CVE-2026-54776CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377059
CVE-2026-54775CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377058
CVE-2026-54774CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377057
CVE-2026-54773CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377055
CVE-2026-54772CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377054
CVE-2026-54499Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsin ...09/07/202609/07/2026377053
CVE-2026-15105A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::Pe ...09/07/202609/07/2026376946
CVE-2026-55877Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 befor ...09/07/202609/07/2026372593
CVE-2026-5922The IP phone might use malicious input stored in configuration parameters and render it as conte ...09/07/202609/07/2026377051
CVE-2026-54777CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. Pr ...09/07/202609/07/2026377046
CVE-2026-52200An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbi ...09/07/202609/07/2026377048
CVE-2026-51535In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists ...09/07/202609/07/2026377047
CVE-2026-39179A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitr ...09/07/202609/07/2026377050
CVE-2026-39178A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitr ...09/07/202609/07/2026377049
CVE-2026-35552In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0 ...09/07/202609/07/2026377045
CVE-2026-31309Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 a ...09/07/202609/07/2026377107
CVE-2026-15168BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disc ...09/07/202609/07/2026377044
CVE-2026-55849@cyclonedx/cyclonedx-npm creates CycloneDX Software Bill of Materials from npm projects. From 2. ...08/07/202609/07/2026377106
CVE-2026-55830RestrictedPython is a tool that helps to define a subset of the Python language which allows to ...08/07/202608/07/2026377036
CVE-2026-55471HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability ...08/07/202609/07/2026377043
CVE-2026-55470HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability ...08/07/202608/07/2026372591
CVE-2026-48492Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/{obje ...08/07/202609/07/2026377039
CVE-2026-44161Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...08/07/202609/07/2026377042
CVE-2026-44160Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...08/07/202609/07/2026377040
CVE-2026-44025Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...08/07/202609/07/2026377041
CVE-2026-44024Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, ...08/07/202609/07/2026377037
CVE-2026-10037A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME ...08/07/202609/07/2026377038
CVE-2026-54528JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.f ...08/07/202608/07/2026377030
CVE-2026-54527JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff ...08/07/202608/07/2026377029
CVE-2026-49866libp2p is a JavaScript Implementation of libp2p networking stack. Prior to 16.0.0, @libp2p/gossi ...08/07/202608/07/2026377028
CVE-2026-35211OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observab ...08/07/202608/07/2026377026
CVE-2026-35210OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observab ...08/07/202608/07/2026377027
CVE-2026-15174Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows ...08/07/202608/07/2026377035
CVE-2026-15173pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service08/07/202608/07/2026377034
CVE-2026-15172FMP/NOTIFY protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denia ...08/07/202608/07/2026377033
CVE-2026-15171SSH protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of se ...08/07/202608/07/2026377032
CVE-2026-15170Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of ...08/07/202608/07/2026377031
CVE-2026-15169UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial o ...08/07/202608/07/2026377025
CVE-2026-15167DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial o ...08/07/202608/07/2026377024
CVE-2026-15166IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows deni ...08/07/202608/07/2026377023
CVE-2026-15165TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service08/07/202608/07/2026377022
CVE-2026-15164Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service08/07/202608/07/2026377016
CVE-2026-15163Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow ...08/07/202608/07/2026377021
CVE-2026-13320GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, ...08/07/202608/07/2026377020
CVE-2026-13151GitLab has remediated an issue in GitLab EE affecting all versions from 16.10 before 18.11.7, 19 ...08/07/202608/07/2026377019
CVE-2026-11827GitLab has remediated an issue in GitLab EE affecting all versions from 9.5 before 18.11.7, 19.0 ...08/07/202608/07/2026377018
CVE-2026-58494Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-w ...08/07/202608/07/2026377012
CVE-2026-58211NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026377011
CVE-2026-58208NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026377014
CVE-2026-58207NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026377004
CVE-2026-56669Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, ...08/07/202608/07/2026377005
CVE-2026-55596Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed ren ...08/07/202608/07/2026377003
CVE-2026-55542Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, Snipe-IT S3 signature ...08/07/202608/07/2026377006
CVE-2026-55206py7zr is a Python-based library and utility to support 7zip archive compression, decompression, ...08/07/202608/07/2026377001
CVE-2026-55195py7zr is a Python-based library and utility to support 7zip archive compression, decompression, ...08/07/202608/07/2026377000
CVE-2026-54591AsyncSSH is a Python package which provides an asynchronous client and server implementation of ...08/07/202608/07/2026376999
CVE-2026-54590AsyncSSH is a Python package which provides an asynchronous client and server implementation of ...08/07/202608/07/2026376998
CVE-2026-14896HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in ...08/07/202608/07/2026377002
CVE-2026-0288Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of ...08/07/202608/07/2026376997
CVE-2026-8801Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue af ...08/07/202608/07/2026376996
CVE-2026-8800Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). This issu ...08/07/202608/07/2026376995
CVE-2026-8651Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS modul ...08/07/202608/07/2026376993
CVE-2026-8650Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This ...08/07/202608/07/2026376994
CVE-2026-8649Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit ...08/07/202608/07/2026377015
CVE-2026-60104Bitwarden Server before 2026.6.0 does not verify that the email in a POST /auth-requests/admin-r ...08/07/202608/07/2026377013
CVE-2026-59948Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a maliciously ...08/07/202608/07/2026377009
CVE-2026-59947Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer ...08/07/202608/07/2026377008
CVE-2026-59946Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer pa ...08/07/202608/07/2026377007
CVE-2026-59939httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs u ...08/07/202608/07/2026377010
CVE-2026-59936pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft ...08/07/202608/07/2026376987
CVE-2026-59807Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows ...08/07/202608/07/2026376991
CVE-2026-59806Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability tha ...08/07/202608/07/2026376992
CVE-2026-59805Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesContr ...08/07/202608/07/2026376990
CVE-2026-58254NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026376988
CVE-2026-58253NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026376989
CVE-2026-58252NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026376981
CVE-2026-58250NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026376986
CVE-2026-58214NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026376985
CVE-2026-58213NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026376980
CVE-2026-58212Further research determined the issue is not a vulnerability based on CNA Rule 4.1.12 The act of ...08/07/202608/07/2026
 
CVE-2026-58210NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026376984
CVE-2026-58209NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026376983
CVE-2026-15154A flaw was found in `guardrails-detectors`, a component of Red Hat OpenShift AI. This vulnerabil ...08/07/202608/07/2026376978
CVE-2026-14891HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task drive ...08/07/202608/07/2026376979
CVE-2026-14361The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in t ...08/07/202608/07/2026376982
CVE-2026-59935pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft ...08/07/202608/07/2026376970
CVE-2026-59822LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...08/07/202608/07/2026376976
CVE-2026-59821LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...08/07/202608/07/2026376969
CVE-2026-59820LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...08/07/202608/07/2026376975
CVE-2026-59819LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1 ...08/07/202608/07/2026376977
CVE-2026-59804Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authenticatio ...08/07/202608/07/2026376971
CVE-2026-59803rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in proto ...08/07/202608/07/2026376972
CVE-2026-59802PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient va ...08/07/202608/07/2026376974
CVE-2026-58501Zeep is a Python SOAP client. From 4.0.0 before 4.3.3, Settings.forbid_external is defined but n ...08/07/202609/07/2026377052
CVE-2026-58251NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system ...08/07/202608/07/2026376973
CVE-2026-55760Handlebars.java provides logic-less and semantic Mustache templates with Java. Prior to 4.5.2, a ...08/07/202608/07/2026376965
CVE-2026-55575LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10. ...08/07/202608/07/2026376964
CVE-2026-55404yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-l ...08/07/202608/07/2026376963
CVE-2026-53624Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware ...08/07/202608/07/2026376966
CVE-2026-45045Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the Balanc ...08/07/202608/07/2026376962
CVE-2026-44512Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. F ...08/07/202608/07/2026376961
CVE-2026-44332Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer ...08/07/202608/07/2026376433
CVE-2026-36028A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical acc ...08/07/202608/07/2026376968
CVE-2026-36027An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to ex ...08/07/202608/07/2026376967
CVE-2026-14373HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Do ...08/07/202608/07/2026376960
CVE-2026-59938pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft ...08/07/202608/07/2026376955
CVE-2026-59937pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft ...08/07/202608/07/2026376954
CVE-2026-50813An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensiti ...08/07/202608/07/2026376959
CVE-2026-50812A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk bui ...08/07/202608/07/2026376958
CVE-2026-14362HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push ...08/07/202608/07/2026376956
CVE-2026-60102Horde Virtual File System (VFS) API before 3.0.1 contains an OS command injection vulnerability ...08/07/202608/07/2026376950
CVE-2026-59928Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a Markdown docum ...08/07/202608/07/2026376948
CVE-2026-59927Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include dire ...08/07/202608/07/2026376947
CVE-2026-59924Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse() ...08/07/202608/07/2026376945
CVE-2026-59731Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decis ...08/07/202608/07/2026376944
CVE-2026-9074IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthentica ...08/07/202608/07/2026376935
CVE-2026-59880Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immut ...08/07/202608/07/2026376943
CVE-2026-59877protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.5 and 8.6. ...08/07/202608/07/2026376934
CVE-2026-59876protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 until 8.6.5, ...08/07/202608/07/2026376942
CVE-2026-59875node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not s ...08/07/202608/07/2026376941
CVE-2026-59874node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts ...08/07/202608/07/2026376940
CVE-2026-59930Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin a ...08/07/202608/07/2026376931
CVE-2026-59929Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the safe_url fil ...08/07/202608/07/2026376928
CVE-2026-59926Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_admonitio ...08/07/202608/07/2026376939
CVE-2026-59925Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences o ...08/07/202608/07/2026376930
CVE-2026-59923Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.saf ...08/07/202608/07/2026376927
CVE-2026-59922Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, a run of closed ...08/07/202608/07/2026376929
CVE-2026-59897Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 ...08/07/202608/07/2026376933
CVE-2026-59896Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11. ...08/07/202608/07/2026376938
CVE-2026-59895Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 ...08/07/202608/07/2026376937
CVE-2026-59892OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/ ...08/07/202608/07/2026376932
CVE-2026-59890setuptools is a package that allows users to download, build, install, upgrade, and uninstall Py ...08/07/202608/07/2026376926
CVE-2026-59887linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: ...08/07/202608/07/2026376936
CVE-2026-59883Guzzle is an extensible PHP HTTP client. Prior to 7.12.3, CookieJar did not restrict cookies sco ...08/07/202608/07/2026376917
CVE-2026-59882guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::ass ...08/07/202608/07/2026376916
CVE-2026-59879Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, List# ...08/07/202608/07/2026376924
CVE-2026-59261OpenClaw before 2026.5.28 contains a credential exposure vulnerability where workspace dotenv fi ...08/07/202608/07/2026376923
CVE-2026-42505Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observe ...08/07/202608/07/2026376925
CVE-2026-39822On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside o ...08/07/202608/07/2026376920
CVE-2026-29009U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net ...08/07/202608/07/2026376922
CVE-2026-29008U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machi ...08/07/202608/07/2026376921
CVE-2026-29007U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcp_rx_state_machine( ...08/07/202608/07/2026376919
CVE-2026-59873node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not e ...08/07/202608/07/2026376908
CVE-2026-59871node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces al ...08/07/202608/07/2026376907
CVE-2026-59870js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support f ...08/07/202608/07/2026376914
CVE-2026-59869js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4 ...08/07/202608/07/2026376913
CVE-2026-59868js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are ena ...08/07/202608/07/2026376912
CVE-2026-59725Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 bef ...08/07/202608/07/2026376911
CVE-2026-59724Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 bef ...08/07/202608/07/2026376910
CVE-2026-59702repomix contains a server-side request forgery vulnerability in the POST /api/pack endpoint that ...08/07/202608/07/2026376915
CVE-2026-59262AFFiNE's histories GraphQL field fails to validate Doc.Read permission before exposing docu ...08/07/202608/07/2026376909
CVE-2026-57439CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0 ...08/07/202608/07/2026376906
CVE-2026-55761Portainer Community Edition is a lightweight service delivery platform for containerized applica ...08/07/202608/07/2026376904
CVE-2026-54344ToolJet is an open-source low-code platform for building internal tools. Prior to 3.20.180, Tool ...08/07/202608/07/2026376903
CVE-2026-53951Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15. ...08/07/202608/07/2026376905
CVE-2026-49946This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.08/07/202608/07/2026
 
CVE-2026-49945This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.08/07/202608/07/2026
 
CVE-2026-49944This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.08/07/202608/07/2026
 
CVE-2026-3144IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker ...08/07/202608/07/2026376899
CVE-2026-15063A flaw was found in the gorch service template, which is part of the trustyai-service-operator. ...08/07/202608/07/2026376902
CVE-2026-14967BBOT's `github_workflows` module could be induced to write a downloaded artifact outside it ...08/07/202608/07/2026376901
CVE-2026-14966BBOT's unarchive module rejects archives containing symlink entries before extraction, but ...08/07/202608/07/2026376900
CVE-2026-59703repomix contains a local file inclusion vulnerability in the git clone endpoint that allows unau ...08/07/202608/07/2026376896
CVE-2026-55874SeaweedFS is a distributed storage system. Prior to 4.34, the S3 API gateway does not reject dot ...08/07/202608/07/2026376890
CVE-2026-55873SeaweedFS is a distributed storage system. In versions 4.08 through 4.33, requests signed with S ...08/07/202608/07/2026376893
CVE-2026-55668File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the ne ...08/07/202608/07/2026376892
CVE-2026-54652Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/{service} ...08/07/202608/07/2026376889
CVE-2026-49147App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filen ...08/07/202608/07/2026376888
CVE-2026-49146App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value ...08/07/202608/07/2026376887
CVE-2026-49145App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ac ...08/07/202608/07/2026376885
CVE-2026-24700An OS command injection vulnerability exists in the start_lltd() function of the rc binary in ...08/07/202608/07/2026376883
CVE-2026-24699An OS command injection vulnerability exists in the sub_34984() function of the rc binary in C ...08/07/202608/07/2026376882
CVE-2026-24698An OS command injection vulnerability exists in the save_syslog_to_file() function of the httpd ...08/07/202608/07/2026376881
CVE-2026-24697An OS command injection vulnerability exists in the start_bonjour() function of the rc binary ...08/07/202608/07/2026376872
CVE-2026-15067Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, ...08/07/202608/07/2026376875
CVE-2026-15062SQL injection vulnerabilities in the Snowflake Snowpark Python SDK (snowpark-python) versions pr ...08/07/202608/07/2026376873
CVE-2026-15044A flaw was found in the TrustyAI Service Operator. When deploying services like gorch or NemoGua ...08/07/202608/07/2026376874
CVE-2026-15036A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function ...08/07/202608/07/2026376787
CVE-2026-11903Improper neutralization of input during web page generation ('cross-site scripting') v ...08/07/202608/07/2026376880
CVE-2026-10708This vulnerability enables large‑scale data harvesting without requiring app‑specific secret ...08/07/202608/07/2026376876
CVE-2026-10706In Adalo s no-code app builder, (Versions 1 and 2) the attackers may extract full user records a ...08/07/202608/07/2026376879
CVE-2026-10699Missing release of memory after effective lifetime vulnerability in Progress MOVEit Transfer (Cu ...08/07/202608/07/2026376878
CVE-2026-10698Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit ...08/07/202608/07/2026376877
CVE-2026-60125MISP s importModule() path used getEnabledModule() to resolve a single import module by name, bu ...08/07/202608/07/2026376897
CVE-2026-60124An authorization bypass in MISP s EventsController::importModule() allowed authenticated users o ...08/07/202608/07/2026376895
CVE-2026-60092AVideo (Meet plugin) through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored c ...08/07/202608/07/2026376886
CVE-2026-59257n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulner ...08/07/202608/07/2026376884
CVE-2026-59253n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users ...08/07/202608/07/2026376894
CVE-2026-58657Grav before 2.0.0 (affected through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injecti ...08/07/202608/07/2026376891
CVE-2026-58656Grav API plugin before v1.0.0-rc.16 accepts JWT tokens via the ?token= URL query parameter and r ...08/07/202608/07/2026376898
CVE-2026-58654The Grav API plugin (getgrav/grav-plugin-api) 1.0.0 contains an unrestricted file upload vulnera ...08/07/202608/07/2026376862
CVE-2026-56778n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API ex ...08/07/202608/07/2026376869
CVE-2026-56776n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/ ...08/07/202608/07/2026376868
CVE-2026-56775n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization vulnerability in three mutatin ...08/07/202608/07/2026376867
CVE-2026-56401Wazuh wazuh-modulesd before 5.0.0-beta3 contains a null pointer dereference vulnerability in inv ...08/07/202608/07/2026376864
CVE-2026-56374ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder du ...08/07/202608/07/2026376863
CVE-2026-56362ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex ...08/07/202608/07/2026376866
CVE-2026-56360n8n before versions 1.123.18 and 2.6.2 fails to verify HMAC-SHA256 signatures on Zendesk webhook ...08/07/202608/07/2026376865
CVE-2026-56359n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow ...08/07/202608/07/2026376871
CVE-2026-56298Capgo before 12.128.2 fails to strip EXIF metadata from images uploaded via the app information ...08/07/202608/07/2026376870
CVE-2026-56297FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman ...08/07/202608/07/2026376853
CVE-2026-56293Capgo before 12.128.2 contains an authorization flaw in transfer_app() that fails to update depl ...08/07/202608/07/2026376857
CVE-2026-56284Capgo (Cap-go/capgo) before 12.128.2 contains an information disclosure vulnerability in the Sup ...08/07/202608/07/2026376856
CVE-2026-56283Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endp ...08/07/202608/07/2026376861
CVE-2026-56273Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector sto ...08/07/202608/07/2026376855
CVE-2026-56250Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable app_versions.r2_path f ...08/07/202608/07/2026376860
CVE-2026-56246Capgo before 12.128.2 contains a broken access control vulnerability in the organization managem ...08/07/202608/07/2026376852
CVE-2026-56226Capgo (Cap-go/capgo) before 12.128.2 exposes the Supabase PostgREST RPC function public.get_orgs ...08/07/202608/07/2026376859
CVE-2026-56220Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.manifest INSE ...08/07/202608/07/2026376858
CVE-2026-56217Capgo before 12.128.2 contains a policy bypass vulnerability in app_versions update enforcement ...08/07/202608/07/2026376854
CVE-2026-56086Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 thr ...08/07/202608/07/2026376848
CVE-2026-54061Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exp ...08/07/202608/07/2026376846
CVE-2026-53482Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...08/07/202608/07/2026376847
CVE-2026-53480Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...08/07/202608/07/2026376845
CVE-2026-44840Dgraph is an open source distributed GraphQL database. Prior to version 25.3.4, the `checkUserPa ...08/07/202608/07/2026374768
CVE-2026-41122Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 thr ...08/07/202608/07/2026376849
CVE-2026-22927Omnissa Workspace ONE Tunnel for Windows addresses a Local Privilege Escalation Vulnerability.08/07/202608/07/2026376851
CVE-2026-15053Tanium addressed a denial of service vulnerability in Tanium Server.08/07/202608/07/2026376850
CVE-2026-15035A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command ...08/07/202608/07/2026376786
CVE-2026-15034A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affecte ...08/07/202608/07/2026376785
CVE-2026-14476A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_component ...08/07/202608/07/2026376626
CVE-2026-14474A flaw was found in SSSD's LDAP sudo provider. When the ldap_sudo_search_base option is not ...08/07/202608/07/2026376627
CVE-2026-14651A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the fu ...08/07/202608/07/2026376164
CVE-2026-14650A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function gr ...08/07/202608/07/2026376163
CVE-2026-14935A logic vulnerability was found in GStreamer's webrtcbin component. The _check_sdp_crypto() ...08/07/202608/07/2026376648
CVE-2026-50811An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ec ...08/07/202608/07/2026376734
CVE-2026-14969A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded sta ...08/07/202608/07/2026376650
CVE-2026-14940A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a ...08/07/202608/07/2026376641

2025

CVEविवरणसबमिशनसंयमप्रविष्टि
CVE-2025-6784The Code Engine plugin for WordPress is vulnerable to Remote Code Execution in all versions up t ...11/07/202611/07/2026377755
CVE-2025-5017The Catalyst Connect Zoho CRM Client Portal plugin for WordPress is vulnerable to time-based SQL ...11/07/202611/07/2026377759
CVE-2025-13968The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Sit ...11/07/202611/07/2026377741
CVE-2025-30008HestiaCP before 1.9.5 contains a stored cross-site scripting vulnerability that allows authentic ...10/07/202610/07/2026377575
CVE-2025-30007HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows l ...10/07/202610/07/2026377576
CVE-2025-70796An unauthenticated path traversal vulnerability exists in the web management interface of WTI (W ...10/07/202610/07/2026377553
CVE-2025-12127** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes ...10/07/202610/07/2026
 
CVE-2025-11977The Happyforms Form Builder for WordPress: Drag Drop Contact Forms, Surveys, Payments Mult ...10/07/202610/07/2026377445
CVE-2025-45422Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass nor ...09/07/202609/07/2026377316
CVE-2025-63579Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book ...09/07/202609/07/2026377292
CVE-2025-58151varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a commu ...09/07/202609/07/2026342998
CVE-2025-58146There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try ...09/07/202609/07/2026323606
CVE-2025-27464[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09/07/202609/07/2026310613
CVE-2025-27463[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09/07/202609/07/2026310613
CVE-2025-27462[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabi ...09/07/202609/07/2026310613
CVE-2025-12506GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, ...08/07/202608/07/2026377017
CVE-2025-3110OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header va ...08/07/202608/07/2026376918

Do you need the next level of professionalism?

Upgrade your account now!