CVEthông tin

2026

CVEMô tảĐệ trìnhKiểm duyệtmục
CVE-2026-40199Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow ...11/04/2026
 
CVE-2026-40198Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ...11/04/2026
 
CVE-2026-40242Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17. ...10/04/202610/04/2026356949
CVE-2026-40194phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net ...10/04/202610/04/2026356945
CVE-2026-40252FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (I ...10/04/202610/04/2026356948
CVE-2026-5724The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor ...10/04/202610/04/2026356946
CVE-2026-33119User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) all ...10/04/202610/04/2026356947
CVE-2026-33118Microsoft Edge (Chromium-based) Spoofing Vulnerability10/04/202610/04/2026356944
CVE-2026-40191ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. ...10/04/202610/04/2026356941
CVE-2026-40190LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, th ...10/04/202610/04/2026356928
CVE-2026-40189goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per- ...10/04/202610/04/2026356927
CVE-2026-40188goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command renam ...10/04/202610/04/2026356922
CVE-2026-40185TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the ...10/04/202610/04/2026356943
CVE-2026-40184TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requirin ...10/04/202610/04/2026356942
CVE-2026-40180Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs gen ...10/04/202610/04/2026356936
CVE-2026-39922GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnera ...10/04/202610/04/2026356940
CVE-2026-39921GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnera ...10/04/202610/04/2026356937
CVE-2026-40178ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.1 ...10/04/202610/04/2026356935
CVE-2026-40177ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.1 ...10/04/202610/04/2026356933
CVE-2026-40175Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, the Axios library ...10/04/202610/04/2026356921
CVE-2026-40168Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vu ...10/04/202610/04/2026356926
CVE-2026-32252Chartbrew is an open-source web application that can connect directly to databases and APIs and use ...10/04/202610/04/2026356925
CVE-2026-30232Chartbrew is an open-source web application that can connect directly to databases and APIs and use ...10/04/202610/04/2026356938
CVE-2026-33705Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /mai ...10/04/202610/04/2026356932
CVE-2026-33704Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including stu ...10/04/202610/04/2026356920
CVE-2026-33737Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use sim ...10/04/202610/04/2026356939
CVE-2026-33736Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ...10/04/202610/04/2026356931
CVE-2026-33710Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are gene ...10/04/202610/04/2026356924
CVE-2026-33708Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST ...10/04/202610/04/2026356934
CVE-2026-33707Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password r ...10/04/202610/04/2026356923
CVE-2026-33706Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST AP ...10/04/202610/04/2026356930
CVE-2026-27460Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. ...10/04/202610/04/2026356929
CVE-2026-3446When calling base64.b64decode() or related functions the decoding process would stop after encounter ...10/04/202610/04/2026356919
CVE-2026-33703Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Referenc ...10/04/202610/04/2026356918
CVE-2026-33702Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a ...10/04/202610/04/2026356917
CVE-2026-33698Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise ...10/04/202610/04/2026356916
CVE-2026-33618Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController ...10/04/202610/04/2026356915
CVE-2026-33141Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Referenc ...10/04/202610/04/2026356904
CVE-2026-32932Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulne ...10/04/202610/04/2026356903
CVE-2026-32931Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file u ...10/04/202610/04/2026356865
CVE-2026-32930Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Obj ...10/04/202610/04/2026356902
CVE-2026-32892Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a ...10/04/202610/04/2026356866
CVE-2026-1502CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.10/04/202610/04/2026356914
CVE-2026-5483A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` ...10/04/202610/04/2026356852
CVE-2026-32894Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Obj ...10/04/202610/04/2026356901
CVE-2026-32893Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting ( ...10/04/202610/04/2026356913
CVE-2026-31941Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a ...10/04/202610/04/2026356908
CVE-2026-31940Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.p ...10/04/202610/04/2026356846
CVE-2026-31939Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exe ...10/04/202610/04/2026356849
CVE-2026-40163Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, ...10/04/202610/04/2026356882
CVE-2026-40162Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability wa ...10/04/202610/04/2026356897
CVE-2026-40200An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur d ...10/04/202610/04/2026356863
CVE-2026-40103Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API ...10/04/202610/04/2026356883
CVE-2026-40086Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the ...10/04/202610/04/2026356862
CVE-2026-35670OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to r ...10/04/202610/04/2026356900
CVE-2026-35669OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plu ...10/04/202610/04/2026356905
CVE-2026-35668OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sa ...10/04/202610/04/2026356906
CVE-2026-35667OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command ...10/04/202610/04/2026347304
CVE-2026-35666OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fa ...10/04/202610/04/2026356899
CVE-2026-35665OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook han ...10/04/202610/04/2026351914
CVE-2026-35664OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface t ...10/04/202610/04/2026356896
CVE-2026-40160PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path pas ...10/04/202610/04/2026356909
CVE-2026-40159PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol ...10/04/202610/04/2026356850
CVE-2026-40158PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can ...10/04/202610/04/2026356847
CVE-2026-40157PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .pr ...10/04/202610/04/2026356895
CVE-2026-40156PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file name ...10/04/202610/04/2026356859
CVE-2026-40100FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool end ...10/04/202610/04/2026356881
CVE-2026-40097Step CA is an online certificate authority for secure, automated certificate management for DevOps. ...10/04/202610/04/2026356894
CVE-2026-40074SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Pr ...10/04/202610/04/2026356893
CVE-2026-40073SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Pr ...10/04/202610/04/2026356858
CVE-2026-22560An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected ...10/04/202610/04/2026356912
CVE-2026-35663OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators ...10/04/202610/04/2026356880
CVE-2026-35662OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing le ...10/04/202610/04/2026356879
CVE-2026-35661OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query ...10/04/202610/04/2026356876
CVE-2026-35660OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent ...10/04/202610/04/2026356877
CVE-2026-35659OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour ...10/04/202610/04/2026356875
CVE-2026-35658OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that ...10/04/202610/04/2026356892
CVE-2026-35657OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sess ...10/04/202610/04/2026356878
CVE-2026-35656OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For hea ...10/04/202610/04/2026356857
CVE-2026-35655OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution t ...10/04/202610/04/2026356891
CVE-2026-35654OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback ...10/04/202610/04/2026356848
CVE-2026-35653OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profi ...10/04/202610/04/2026356874
CVE-2026-35652OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dis ...10/04/202610/04/2026356889
CVE-2026-35651OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerabilit ...10/04/202610/04/2026356890
CVE-2026-35650OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allo ...10/04/202610/04/2026356888
CVE-2026-35649OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to ...10/04/202610/04/2026356887
CVE-2026-35648OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not r ...10/04/202610/04/2026356886
CVE-2026-35647OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass ...10/04/202610/04/2026356885
CVE-2026-35643OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing ...10/04/202610/04/2026356884
CVE-2026-35641OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hoo ...10/04/202610/04/2026356910
CVE-2026-35621OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command ...10/04/202610/04/2026356873
CVE-2026-35620OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist ...10/04/202610/04/2026356856
CVE-2026-35619OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endp ...10/04/202610/04/2026356845
CVE-2026-35602Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file imp ...10/04/202610/04/2026356855
CVE-2026-35601Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output ge ...10/04/202610/04/2026356872
CVE-2026-35600Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embe ...10/04/202610/04/2026356871
CVE-2026-35599Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatInterva ...10/04/202610/04/2026356870
CVE-2026-35598Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResour ...10/04/202610/04/2026356869
CVE-2026-35597Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-atte ...10/04/202610/04/2026356854
CVE-2026-35596Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel ...10/04/202610/04/2026356853
CVE-2026-35595Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check ...10/04/202610/04/2026356868
CVE-2026-40228In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users ...10/04/202610/04/2026356911
CVE-2026-40023Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayou ...10/04/202610/04/2026356841
CVE-2026-40021Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#lay ...10/04/202610/04/2026356840
CVE-2026-35594Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share ...10/04/202610/04/2026356867
CVE-2026-34727Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback ha ...10/04/202610/04/2026356907
CVE-2026-34481Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout. ...10/04/202610/04/2026356839
CVE-2026-34480Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , ...10/04/202610/04/2026356844
CVE-2026-34479The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden b ...10/04/202610/04/2026356838
CVE-2026-34478Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424L ...10/04/202610/04/2026356843
CVE-2026-34477The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: ...10/04/202610/04/2026356842
CVE-2026-29043HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file ...10/04/202610/04/2026356851
CVE-2026-23781An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user cred ...10/04/202610/04/2026356864
CVE-2026-40227In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with ...10/04/202610/04/2026356837
CVE-2026-40226In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted op ...10/04/202610/04/2026356835
CVE-2026-40225In udev in systemd before 260, local root execution can occur via malicious hardware devices and uns ...10/04/202610/04/2026356836
CVE-2026-40224In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink c ...10/04/202610/04/2026356833
CVE-2026-40223In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and U ...10/04/202610/04/2026356834
CVE-2026-29002CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users t ...10/04/202610/04/2026356832
CVE-2026-36236SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php vi ...10/04/202610/04/2026356827
CVE-2026-36233A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Onl ...10/04/202610/04/2026356828
CVE-2026-36232A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Stu ...10/04/202610/04/2026356826
CVE-2026-31262Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remo ...10/04/202610/04/2026356830
CVE-2026-29861PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the use ...10/04/202610/04/2026356823
CVE-2026-36235A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Stude ...10/04/202610/04/2026356822
CVE-2026-36234itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php v ...10/04/202610/04/2026356824
CVE-2026-23782An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allow ...10/04/202610/04/2026356829
CVE-2026-23780An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in ...10/04/202610/04/2026356825
CVE-2026-40217LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting ...10/04/202610/04/2026356821
CVE-2026-6069NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output ...10/04/202610/04/2026356818
CVE-2026-6068NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling ...10/04/202610/04/2026356817
CVE-2026-6067A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds ...10/04/202610/04/2026356816
CVE-2026-33092Local privilege escalation due to improper handling of environment variables. The following products ...10/04/202610/04/2026356819
CVE-2026-5412In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. ...10/04/202610/04/2026356813
CVE-2026-5774Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, ...10/04/202610/04/2026356811
CVE-2026-5777This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bri ...10/04/202610/04/2026356815
CVE-2026-39304Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, ...10/04/202610/04/2026356557
CVE-2026-31412In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fi ...10/04/202610/04/2026356808
CVE-2026-6057FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload A ...10/04/202610/04/2026356810
CVE-2026-4162The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and ...10/04/202610/04/2026356812
CVE-2026-6042A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the ...10/04/202610/04/2026356620
CVE-2026-6038A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts ...10/04/202610/04/2026356619
CVE-2026-6037A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects ...10/04/202610/04/2026356618
CVE-2026-6036A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted elem ...10/04/202610/04/2026356617
CVE-2026-33457Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allo ...10/04/202610/04/2026356806
CVE-2026-33456Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authe ...10/04/202610/04/2026356805
CVE-2026-33455Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attac ...10/04/202610/04/2026356807
CVE-2026-6035A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected ...10/04/202610/04/2026356616
CVE-2026-6034A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknow ...10/04/202610/04/2026356615
CVE-2026-6033A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of ...10/04/202610/04/2026356609
CVE-2026-5525A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handl ...10/04/202610/04/2026356803
CVE-2026-40212OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerab ...10/04/202610/04/2026356804
CVE-2026-22750When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl ...10/04/202610/04/2026356802
CVE-2026-6032A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown functi ...10/04/202610/04/2026356608
CVE-2026-6031A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unkn ...10/04/202610/04/2026356607
CVE-2026-6030A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an ...10/04/202610/04/2026356606
CVE-2026-6029A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the f ...10/04/202610/04/2026356605
CVE-2026-6028A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the ...10/04/202610/04/2026356604
CVE-2026-1115A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/l ...10/04/202610/04/2026356801
CVE-2026-6027A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the func ...10/04/202610/04/2026356603
CVE-2026-6026A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability aff ...10/04/202610/04/2026356602
CVE-2026-4432The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist own ...10/04/202610/04/2026356798
CVE-2026-28704Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same ...10/04/202610/04/2026356799
CVE-2026-6025A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function s ...10/04/202610/04/2026356601
CVE-2026-6024A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7W ...10/04/202610/04/2026356600
CVE-2026-6016A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd o ...10/04/202610/04/2026356572
CVE-2026-6015A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of ...10/04/202610/04/2026356571
CVE-2026-5477An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge C ...10/04/202610/04/2026356797
CVE-2026-6014A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of th ...10/04/202610/04/2026356570
CVE-2026-6013A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSet ...10/04/202610/04/2026356569
CVE-2026-6012A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSet ...10/04/202610/04/2026356568
CVE-2026-6011A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown f ...10/04/202610/04/2026356567
CVE-2026-4482The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricte ...10/04/202610/04/2026356796
CVE-2026-6004A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown ...10/04/202610/04/2026356560
CVE-2026-6003A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This iss ...10/04/202610/04/2026356559
CVE-2026-6000A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unkn ...10/04/202610/04/2026356554
CVE-2026-5999A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the com ...10/04/202610/04/2026356553
CVE-2026-33551An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0. ...10/04/202610/04/2026356015
CVE-2026-6010A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulner ...10/04/202610/04/2026356566
CVE-2026-6007A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknow ...10/04/202610/04/2026356563
CVE-2026-6006A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted e ...10/04/202610/04/2026356562
CVE-2026-6005A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is ...10/04/202610/04/2026356561
CVE-2026-5501wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the ...10/04/202610/04/2026356690
CVE-2026-5500wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication t ...10/04/202610/04/2026356721
CVE-2026-5479In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and r ...10/04/202610/04/2026356720
CVE-2026-5466wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the sig ...10/04/202610/04/2026356719
CVE-2026-5188An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extensi ...10/04/202610/04/2026356710
CVE-2026-2305The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...10/04/202610/04/2026356718
CVE-2026-5998A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function ...10/04/202610/04/2026356552
CVE-2026-5997A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the f ...10/04/202610/04/2026356551
CVE-2026-5996A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected el ...10/04/202610/04/2026356550
CVE-2026-5995A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function se ...10/04/202610/04/2026356549
CVE-2026-5994A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the ...10/04/202610/04/2026356548
CVE-2026-5993A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects ...10/04/202610/04/2026356547
CVE-2026-5992A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of ...10/04/202610/04/2026356546
CVE-2026-5991A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtra ...10/04/202610/04/2026356545
CVE-2026-5990A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function ...10/04/202610/04/2026356544
CVE-2026-5989A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /g ...10/04/202610/04/2026356543
CVE-2026-5460A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare pr ...10/04/202610/04/2026356759
CVE-2026-5448X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may ...10/04/202610/04/2026356760
CVE-2026-5393Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVer ...10/04/202610/04/2026356776
CVE-2026-5392Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the hea ...10/04/202610/04/2026356775
CVE-2026-4977The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for ...10/04/202610/04/2026356708
CVE-2026-4664The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in ...10/04/202610/04/2026356707
CVE-2026-4351The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in ...10/04/202610/04/2026356689
CVE-2026-4305The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Si ...10/04/202610/04/2026356717
CVE-2026-4057The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to ...10/04/202610/04/2026356709
CVE-2026-3360The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Inse ...10/04/202610/04/2026356706
CVE-2026-2712The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to mi ...10/04/202610/04/2026356687
CVE-2026-25203Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability ...10/04/202610/04/2026356728
CVE-2026-1924The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers ...10/04/202610/04/2026356716
CVE-2026-1263The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, ...10/04/202610/04/2026356715
CVE-2026-5983A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDD ...10/04/202610/04/2026356537
CVE-2026-5982A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAd ...10/04/202610/04/2026356536
CVE-2026-5981A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall ...10/04/202610/04/2026356535
CVE-2026-5778Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in ...10/04/202610/04/2026356763
CVE-2026-5772A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) duri ...10/04/202610/04/2026356762
CVE-2026-5264Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1 ...10/04/202610/04/2026356795
CVE-2026-5263URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate ...10/04/202610/04/2026356771
CVE-2026-40154PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched templat ...10/04/202610/04/2026356761
CVE-2026-40153PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in she ...10/04/202610/04/2026356784
CVE-2026-40152PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools v ...10/04/202610/04/2026356753
CVE-2026-40151PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a ...10/04/202610/04/2026356787
CVE-2026-40150PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praison ...10/04/202610/04/2026356792
CVE-2026-40149PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list en ...10/04/202610/04/2026356758
CVE-2026-40148PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in Praiso ...10/04/202610/04/2026356794
CVE-2026-40117PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py ...10/04/202610/04/2026356769
CVE-2026-40116PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in P ...10/04/202610/04/2026356756
CVE-2026-40115PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (se ...10/04/202610/04/2026356791
CVE-2026-40114PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbi ...10/04/202610/04/2026356770
CVE-2026-40113PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delim ...10/04/202610/04/2026356768
CVE-2026-40112PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/a ...10/04/202610/04/2026356785
CVE-2026-40111PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praison ...10/04/202610/04/2026356767
CVE-2026-39848Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop opera ...10/04/202610/04/2026356750
CVE-2026-35646OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook t ...10/04/202610/04/2026356755
CVE-2026-35645OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subage ...10/04/202610/04/2026356790
CVE-2026-35644OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers wit ...10/04/202610/04/2026356757
CVE-2026-35642OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events ...10/04/202610/04/2026356782
CVE-2026-35640OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing ...10/04/202610/04/2026356734
CVE-2026-35639OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve m ...10/04/202610/04/2026356745
CVE-2026-35638OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allow ...10/04/202610/04/2026356781
CVE-2026-35637OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization che ...10/04/202610/04/2026356783
CVE-2026-35636OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where ...10/04/202610/04/2026356780
CVE-2026-35635OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Ch ...10/04/202610/04/2026356779
CVE-2026-35634OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway wher ...10/04/202610/04/2026356793
CVE-2026-35633OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP ...10/04/202610/04/2026356766
CVE-2026-35632OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.up ...10/04/202610/04/2026356752
CVE-2026-35631OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat comman ...10/04/202610/04/2026356751
CVE-2026-35629OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel e ...10/04/202610/04/2026356789
CVE-2026-35628OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authent ...10/04/202610/04/2026356754
CVE-2026-35627OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct mes ...10/04/202610/04/2026356748
CVE-2026-35626OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice cal ...10/04/202610/04/2026356765
CVE-2026-35625OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-au ...10/04/202610/04/2026356774
CVE-2026-35624OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that match ...10/04/202610/04/2026356778
CVE-2026-35623OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication t ...10/04/202610/04/2026356743
CVE-2026-35622OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google C ...10/04/202610/04/2026356747
CVE-2026-35618OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verificatio ...10/04/202610/04/2026356777
CVE-2026-35617OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy ...10/04/202610/04/2026356746
CVE-2026-34512OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:s ...10/04/202610/04/2026356764
CVE-2026-33797An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows ...10/04/202610/04/2026356737
CVE-2026-33793An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networ ...10/04/202610/04/2026356729
CVE-2026-33791An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos O ...10/04/202610/04/2026356740
CVE-2026-33790An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of ...10/04/202610/04/2026356736
CVE-2026-33788A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs ...10/04/202610/04/2026356749
CVE-2026-33786An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon ...10/04/202610/04/2026356741
CVE-2026-33782A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Ju ...10/04/202610/04/2026356739
CVE-2026-33780A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning ...10/04/202610/04/2026356733
CVE-2026-33779An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks J ...10/04/202610/04/2026356732
CVE-2026-33775A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber ...10/04/202610/04/2026356731
CVE-2026-33773An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Junip ...10/04/202610/04/2026356742
CVE-2026-21919An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos ...10/04/202610/04/2026356730
CVE-2026-21916A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allow ...10/04/202610/04/2026356735
CVE-2026-21915A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JS ...10/04/202610/04/2026356773
CVE-2026-21904An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit ...10/04/202610/04/2026356744
CVE-2026-5980A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACF ...10/04/202610/04/2026356534
CVE-2026-5979A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the funct ...10/04/202610/04/2026356533
CVE-2026-5978A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the ...10/04/202610/04/2026356532
CVE-2026-5977A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function s ...10/04/202610/04/2026356531
CVE-2026-5447Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overfl ...10/04/202610/04/2026356788
CVE-2026-5446In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce ...10/04/202610/04/2026356786
CVE-2026-40093nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and ear ...10/04/202610/04/2026356772
CVE-2026-33787An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon ...10/04/202610/04/2026356698
CVE-2026-5985A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected el ...10/04/202610/04/2026356539
CVE-2026-5507When restoring a session from cache, a pointer from the serialized session data is used in a free op ...10/04/202610/04/2026356703
CVE-2026-5986A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the func ...10/04/202610/04/2026356540
CVE-2026-5504A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover pl ...10/04/202610/04/2026356688
CVE-2026-5503In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find ...10/04/202610/04/2026356714
CVE-2026-5988A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the ...10/04/202610/04/2026356542
CVE-2026-5987A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the f ...10/04/202610/04/2026356541
CVE-2026-5295A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() functi ...10/04/202610/04/2026356726
CVE-2026-34424Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access to ...10/04/202610/04/2026356686
CVE-2026-33785A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a ...10/04/202610/04/2026356695
CVE-2026-33784A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual L ...10/04/202610/04/2026356700
CVE-2026-33783A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networ ...10/04/202610/04/2026356694
CVE-2026-33781An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin ...10/04/202610/04/2026356693
CVE-2026-33778An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by ...10/04/202610/04/2026356692
CVE-2026-33776A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved a ...10/04/202610/04/2026356697
CVE-2026-33774An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engin ...10/04/202610/04/2026356691
CVE-2026-33771A Weak Password Requirements vulnerability in the password management function of Juniper Networks C ...10/04/202610/04/2026356704
CVE-2026-5984A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of th ...10/04/202610/04/2026356538
CVE-2026-40109Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolk ...09/04/202610/04/2026356696
CVE-2026-40107SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with ...09/04/202610/04/2026356713
CVE-2026-35206Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specia ...09/04/202610/04/2026356712
CVE-2026-5976A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the funct ...09/04/202609/04/2026356530
CVE-2026-5975A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the ...09/04/202609/04/2026356529
CVE-2026-5974A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the ...09/04/202609/04/2026356528
CVE-2026-5194Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA cert ...09/04/202610/04/2026356705
CVE-2026-4436A low-privileged remote attacker can send Modbus packets to manipulate register values that are inp ...09/04/202610/04/2026356702
CVE-2026-5187Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. ...09/04/202609/04/2026356683
CVE-2026-40089Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audi ...09/04/202609/04/2026356684
CVE-2026-40088PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow ...09/04/202609/04/2026356682
CVE-2026-40087LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.2 ...09/04/202609/04/2026356681
CVE-2026-35577Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. P ...09/04/202609/04/2026356680
CVE-2026-34500CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled a ...09/04/202609/04/2026356679
CVE-2026-34487Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clusterin ...09/04/202609/04/2026356678
CVE-2026-34486Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-291 ...09/04/202609/04/2026356676
CVE-2026-34483Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache ...09/04/202609/04/2026356677
CVE-2026-5973A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime ...09/04/202609/04/2026356527
CVE-2026-5972A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the funct ...09/04/202609/04/2026356526
CVE-2026-40077Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept ...09/04/202609/04/2026356671
CVE-2026-39977flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-fil ...09/04/202609/04/2026356657
CVE-2026-35063OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authe ...09/04/202609/04/2026356670
CVE-2026-34734HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the ...09/04/202609/04/2026356665
CVE-2026-32990Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. ...09/04/202609/04/2026356662
CVE-2026-29923The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privil ...09/04/202609/04/2026356674
CVE-2026-29146Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This ...09/04/202609/04/2026356653
CVE-2026-29145CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled v ...09/04/202609/04/2026356661
CVE-2026-29129Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects ...09/04/202609/04/2026356660
CVE-2026-25854Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via th ...09/04/202609/04/2026356659
CVE-2026-24880Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Ap ...09/04/202609/04/2026356654
CVE-2026-39912V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response b ...09/04/202609/04/2026356673
CVE-2026-35556OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an atta ...09/04/202609/04/2026356675
CVE-2026-35195Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's imple ...09/04/202609/04/2026356672
CVE-2026-35186Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's ...09/04/202609/04/2026356655
CVE-2026-34988Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's ...09/04/202609/04/2026356669
CVE-2026-34987Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime wi ...09/04/202609/04/2026356664
CVE-2026-34983Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can resu ...09/04/202609/04/2026356668
CVE-2026-34971Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's ...09/04/202609/04/2026356652
CVE-2026-34946Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's ...09/04/202609/04/2026356663
CVE-2026-34945Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's ...09/04/202609/04/2026356656
CVE-2026-34944Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platfo ...09/04/202609/04/2026356667
CVE-2026-34943Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contain ...09/04/202609/04/2026356666
CVE-2026-31170An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...09/04/202609/04/2026355506
CVE-2026-28205OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability w ...09/04/202609/04/2026356658
CVE-2026-34942Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's imple ...09/04/202609/04/2026356650
CVE-2026-34941Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contain ...09/04/202609/04/2026356649
CVE-2026-5971A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the functi ...09/04/202609/04/2026356525
CVE-2026-5329Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in ...09/04/202609/04/2026356646
CVE-2026-39911Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability ...09/04/202609/04/2026356648
CVE-2026-39315Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable tha ...09/04/202609/04/2026356647
CVE-2026-35207dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a ...09/04/202609/04/2026356651
CVE-2026-1584A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sen ...09/04/202609/04/2026345137
CVE-2026-40072web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.1 ...09/04/202609/04/2026356645
CVE-2026-40071pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /js ...09/04/202609/04/2026356642
CVE-2026-40070BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::Wallet ...09/04/202609/04/2026356644
CVE-2026-40069BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's ...09/04/202609/04/2026356643
CVE-2026-5970A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function chec ...09/04/202609/04/2026356524
CVE-2026-39987marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The ...09/04/202609/04/2026356624
CVE-2026-39985LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...09/04/202609/04/2026356636
CVE-2026-39983basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via C ...09/04/202609/04/2026356635
CVE-2026-39981AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the ess ...09/04/202609/04/2026356634
CVE-2026-39980OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. ...09/04/202609/04/2026356629
CVE-2026-39961Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From ...09/04/202609/04/2026356623
CVE-2026-30478A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows ...09/04/202609/04/2026356640
CVE-2026-5962A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecur ...09/04/202609/04/2026356515
CVE-2026-39976Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is a ...09/04/202609/04/2026356633
CVE-2026-39974n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive acce ...09/04/202609/04/2026356621
CVE-2026-39972Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-e ...09/04/202609/04/2026356632
CVE-2026-39962MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutraliz ...09/04/202609/04/2026356622
CVE-2026-39959Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol ...09/04/202609/04/2026356628
CVE-2026-39958oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metada ...09/04/202609/04/2026356626
CVE-2026-5961A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vul ...09/04/202609/04/2026356514
CVE-2026-40046Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveM ...09/04/202609/04/2026356558
CVE-2026-39957Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug i ...09/04/202609/04/2026356625
CVE-2026-39943Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, D ...09/04/202609/04/2026356638
CVE-2026-39942Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, t ...09/04/202609/04/2026356637
CVE-2026-39856osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out- ...09/04/202609/04/2026356631
CVE-2026-39855osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an inte ...09/04/202609/04/2026356630
CVE-2026-30479A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attacke ...09/04/202609/04/2026356639
CVE-2026-39941ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows at ...09/04/202609/04/2026356610
CVE-2026-39853osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack ...09/04/202609/04/2026356613
CVE-2026-39843Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of ...09/04/202609/04/2026356612
CVE-2026-39398The affected product and advisory are not public.09/04/202609/04/2026
 
CVE-2026-34020Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The RE ...09/04/202609/04/2026356599
CVE-2026-33266Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie en ...09/04/202609/04/2026356598
CVE-2026-33005Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered u ...09/04/202609/04/2026356597
CVE-2026-5959A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affect ...09/04/202609/04/2026356512
CVE-2026-5445An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDec ...09/04/202609/04/2026356596
CVE-2026-5444A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a ...09/04/202609/04/2026356591
CVE-2026-5443A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pix ...09/04/202609/04/2026356595
CVE-2026-5442A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded ...09/04/202609/04/2026356594
CVE-2026-5441An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.c ...09/04/202609/04/2026356593
CVE-2026-5440A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Len ...09/04/202609/04/2026356590
CVE-2026-5439A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts Z ...09/04/202609/04/2026356592
CVE-2026-5438A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Enc ...09/04/202609/04/2026356576
CVE-2026-5437An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. ...09/04/202609/04/2026356580
CVE-2026-5960A weakness has been identified in code-projects Patient Record Management System 1.0. This affects a ...09/04/202609/04/2026356513
CVE-2026-4878A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TO ...09/04/202609/04/2026356016
CVE-2026-35205Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins ...09/04/202609/04/2026356583
CVE-2026-35204Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm p ...09/04/202609/04/2026356582
CVE-2026-35041fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service ...09/04/202609/04/2026356579
CVE-2026-35040fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers ...09/04/202609/04/2026356578
CVE-2026-4116Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authent ...09/04/202609/04/2026356588
CVE-2026-4114Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authent ...09/04/202609/04/2026356587
CVE-2026-4113An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a ...09/04/202609/04/2026356586
CVE-2026-4112Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWal ...09/04/202609/04/2026356577
CVE-2026-34757LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portabl ...09/04/202609/04/2026356507
CVE-2026-34578OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authenti ...09/04/202609/04/2026356573
CVE-2026-4660HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system durin ...09/04/202609/04/2026356564
CVE-2026-3005The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl ...09/04/202609/04/2026356556
CVE-2026-2519The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable t ...09/04/202609/04/2026356555
CVE-2026-24661Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhoo ...09/04/202609/04/2026356523
CVE-2026-21388Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhoo ...09/04/202609/04/2026356522
CVE-2026-4901Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials ...09/04/202609/04/2026356521
CVE-2026-34185Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. ...09/04/202609/04/2026356520
CVE-2026-34184Hydrosystem Control System does not enforce authorization for some directories. This allows an unaut ...09/04/202609/04/2026356517
CVE-2026-34538Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to ...09/04/202609/04/2026356508
CVE-2026-34179In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go ...09/04/202609/04/2026356511
CVE-2026-34178In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/in ...09/04/202609/04/2026356510
CVE-2026-34177Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidde ...09/04/202609/04/2026356509
CVE-2026-5854A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the ...09/04/202609/04/2026356380
CVE-2026-5853A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by thi ...09/04/202609/04/2026356379
CVE-2026-5852A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function se ...09/04/202609/04/2026356378
CVE-2026-5851A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the funct ...09/04/202609/04/2026356377
CVE-2026-5850A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function s ...09/04/202609/04/2026356376
CVE-2026-5849A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown funct ...09/04/202609/04/2026356375
CVE-2026-5848A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function ...09/04/202609/04/2026356374
CVE-2026-5847A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown f ...09/04/202609/04/2026356373
CVE-2026-5844A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file pr ...09/04/202609/04/2026356329
CVE-2026-5842A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is ...09/04/202609/04/2026356298
CVE-2026-5841A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7Web ...09/04/202609/04/2026356297
CVE-2026-5840A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown fu ...09/04/202609/04/2026356296
CVE-2026-5839A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknow ...09/04/202609/04/2026356295
CVE-2026-5838A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unk ...09/04/202609/04/2026356294
CVE-2026-5742The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and ...09/04/202609/04/2026356506
CVE-2026-4336The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ ...09/04/202609/04/2026356500
CVE-2026-1830The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up ...09/04/202609/04/2026356498
CVE-2026-5837A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the ...09/04/202609/04/2026356293
CVE-2026-5836A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is som ...09/04/202609/04/2026356292
CVE-2026-5835A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an u ...09/04/202609/04/2026356291
CVE-2026-5834A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function ...09/04/202609/04/2026356290
CVE-2026-5833A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impac ...09/04/202609/04/2026356289
CVE-2026-5357The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' ...09/04/202609/04/2026356501
CVE-2026-4429The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...09/04/202609/04/2026356505
CVE-2026-4124The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and in ...09/04/202609/04/2026356503
CVE-2026-3574The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Script ...09/04/202609/04/2026356504
CVE-2026-3568The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versio ...09/04/202609/04/2026356499
CVE-2026-5832A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze ...09/04/202609/04/2026356288
CVE-2026-5831A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown funct ...09/04/202609/04/2026356278
CVE-2026-5830A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of th ...09/04/202609/04/2026356277
CVE-2026-4326The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all v ...09/04/202609/04/2026356502
CVE-2026-5827A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unkno ...09/04/202609/04/2026356274
CVE-2026-5826A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unkno ...09/04/202609/04/2026356273
CVE-2026-5825A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects ...09/04/202609/04/2026356272
CVE-2026-5829A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element ...09/04/202609/04/2026356276
CVE-2026-5828A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is a ...09/04/202609/04/2026356275
CVE-2026-5823A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this ...09/04/202609/04/2026356270
CVE-2026-5824A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects ...09/04/202609/04/2026356271
CVE-2026-5812A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This a ...09/04/202609/04/2026356260
CVE-2026-5811A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this i ...09/04/202609/04/2026356259
CVE-2026-5173GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18. ...09/04/202609/04/2026356480
CVE-2026-4916GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 ...09/04/202609/04/2026356393
CVE-2026-4398Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.09/04/202609/04/2026
 
CVE-2026-4332GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 bef ...09/04/202609/04/2026356478
CVE-2026-3438A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 th ...09/04/202609/04/2026356494
CVE-2026-3199A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 throug ...09/04/202609/04/2026356479
CVE-2026-2619GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 bef ...09/04/202609/04/2026356477
CVE-2026-5919Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 all ...09/04/202609/04/2026356451
CVE-2026-5918Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote ...09/04/202609/04/2026356450
CVE-2026-5915Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed ...09/04/202609/04/2026356448
CVE-2026-5914Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a us ...09/04/202609/04/2026356452
CVE-2026-5913Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to per ...09/04/202609/04/2026356447
CVE-2026-5912Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perf ...09/04/202609/04/2026356446
CVE-2026-5911Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ...09/04/202609/04/2026356449
CVE-2026-5910Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten ...09/04/202609/04/2026356444
CVE-2026-5909Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten ...09/04/202609/04/2026356445
CVE-2026-5908Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten ...09/04/202609/04/2026356442
CVE-2026-5907Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attac ...09/04/202609/04/2026356443
CVE-2026-5906Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote ...09/04/202609/04/2026356401
CVE-2026-5905Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a re ...09/04/202609/04/2026356441
CVE-2026-5904Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a use ...09/04/202609/04/2026356453
CVE-2026-5903Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who ...09/04/202609/04/2026356440
CVE-2026-5902Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had c ...09/04/202609/04/2026356400
CVE-2026-5901Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attac ...09/04/202609/04/2026356439
CVE-2026-5900Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypa ...09/04/202609/04/2026356438
CVE-2026-5899Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowe ...09/04/202609/04/2026356454
CVE-2026-5898Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att ...09/04/202609/04/2026356437
CVE-2026-5897Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker ...09/04/202609/04/2026356436
CVE-2026-5896Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinc ...09/04/202609/04/2026356435
CVE-2026-5895Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote att ...09/04/202609/04/2026356433
CVE-2026-5894Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacke ...09/04/202609/04/2026356432
CVE-2026-5893Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit ...09/04/202609/04/2026356459
CVE-2026-5892Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote att ...09/04/202609/04/2026356404
CVE-2026-5891Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo ...09/04/202609/04/2026356403
CVE-2026-5890Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potent ...09/04/202609/04/2026356434
CVE-2026-5889Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read pot ...09/04/202609/04/2026356431
CVE-2026-5888Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ...09/04/202609/04/2026356430
CVE-2026-5887Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7 ...09/04/202609/04/2026356427
CVE-2026-5886Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attac ...09/04/202609/04/2026356429
CVE-2026-5885Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727. ...09/04/202609/04/2026356428
CVE-2026-5884Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed ...09/04/202609/04/2026356426
CVE-2026-5883Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ...09/04/202609/04/2026356425
CVE-2026-5882Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacke ...09/04/202609/04/2026356424
CVE-2026-5881Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacke ...09/04/202609/04/2026356455
CVE-2026-5880Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remo ...09/04/202609/04/2026356402
CVE-2026-5879Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 a ...09/04/202609/04/2026356422
CVE-2026-5878Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ...09/04/202609/04/2026356458
CVE-2026-5877Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to ex ...09/04/202609/04/2026356421
CVE-2026-5876Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a rem ...09/04/202609/04/2026356423
CVE-2026-5875Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform ...09/04/202609/04/2026356457
CVE-2026-5874Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who co ...09/04/202609/04/2026356420
CVE-2026-5873Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker ...09/04/202609/04/2026356418
CVE-2026-5872Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ...09/04/202609/04/2026356419
CVE-2026-5871Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar ...09/04/202609/04/2026356417
CVE-2026-5870Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut ...09/04/202609/04/2026356416
CVE-2026-5869Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o ...09/04/202609/04/2026356415
CVE-2026-5868Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attack ...09/04/202609/04/2026356414
CVE-2026-5867Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to o ...09/04/202609/04/2026356413
CVE-2026-5866Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ...09/04/202609/04/2026356411
CVE-2026-5865Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar ...09/04/202609/04/2026356412
CVE-2026-5864Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker t ...09/04/202609/04/2026356410
CVE-2026-5863Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker ...09/04/202609/04/2026356409
CVE-2026-5862Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker ...09/04/202609/04/2026356408
CVE-2026-5861Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute ar ...09/04/202609/04/2026356407
CVE-2026-5860Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execut ...09/04/202609/04/2026356405
CVE-2026-5859Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to poten ...09/04/202609/04/2026356406
CVE-2026-5858Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to e ...09/04/202609/04/2026356456
CVE-2026-5810A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown funct ...09/04/202609/04/2026356246
CVE-2026-5808A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae63405933 ...09/04/202609/04/2026356245
CVE-2026-5806A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unkn ...09/04/202609/04/2026356244
CVE-2026-5711The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 's ...09/04/202609/04/2026356485
CVE-2026-40037OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetc ...09/04/202609/04/2026356484
CVE-2026-40036Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py ...09/04/202609/04/2026356467
CVE-2026-40035Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that en ...09/04/202609/04/2026356463
CVE-2026-40032UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in t ...09/04/202609/04/2026356483
CVE-2026-40031MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-l ...09/04/202609/04/2026356462
CVE-2026-40030parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path ar ...09/04/202609/04/2026356482
CVE-2026-40029parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file p ...09/04/202609/04/2026356481
CVE-2026-40028Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML repo ...09/04/202609/04/2026356495
CVE-2026-40027ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerabili ...09/04/202609/04/2026356471
CVE-2026-40026The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem ...09/04/202609/04/2026356470
CVE-2026-40025The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem ke ...09/04/202609/04/2026356469
CVE-2026-40024The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an ...09/04/202609/04/2026356468
CVE-2026-39901monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a tra ...09/04/202609/04/2026356486
CVE-2026-5805A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an ...09/04/202609/04/2026356243
CVE-2026-5451The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...09/04/202609/04/2026356489
CVE-2026-5436The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to ...09/04/202609/04/2026356460
CVE-2026-39892cryptography is a package designed to expose cryptographic primitives and recipes to Python develope ...09/04/202609/04/2026356464
CVE-2026-39891PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function ...09/04/202609/04/2026356488
CVE-2026-39890PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method ...09/04/202609/04/2026356466
CVE-2026-39889PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream serv ...09/04/202609/04/2026356487
CVE-2026-39888PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.p ...09/04/202609/04/2026356461
CVE-2026-39885FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the m ...09/04/202609/04/2026356497
CVE-2026-39883OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2 ...09/04/202609/04/2026343871
CVE-2026-39882OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters ...09/04/202609/04/2026356472
CVE-2026-39860Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allow ...09/04/202609/04/2026256417
CVE-2026-2104GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 ...09/04/202609/04/2026356476
CVE-2026-1752GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 bef ...09/04/202609/04/2026356475
CVE-2026-1516GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 b ...09/04/202609/04/2026356474
CVE-2026-1101GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 bef ...09/04/202609/04/2026356399
CVE-2026-1092GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 ...09/04/202609/04/2026356398
CVE-2026-5813A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affe ...09/04/202609/04/2026356261
CVE-2026-5815A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_ma ...09/04/202609/04/2026356263
CVE-2026-5814A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue ...09/04/202609/04/2026356262
CVE-2026-5803A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f38934 ...08/04/202608/04/2026356242
CVE-2026-39881Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerabilit ...08/04/202609/04/2026356390
CVE-2026-39844NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward ...08/04/202609/04/2026356381
CVE-2026-39429kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and containe ...08/04/202609/04/2026356389
CVE-2026-39416AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. P ...08/04/202609/04/2026356496
CVE-2026-39415Frappe Learning Management System (LMS) is a learning system that helps users structure their conten ...08/04/202609/04/2026356395
CVE-2026-39414MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEA ...08/04/202609/04/2026356388
CVE-2026-39412LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4 ...08/04/202609/04/2026356473
CVE-2026-39411LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow ...08/04/202609/04/2026356490
CVE-2026-39362InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DO ...08/04/202608/04/2026356037
CVE-2026-35525LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3 ...08/04/202609/04/2026356392
CVE-2026-35479InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who hav ...08/04/202609/04/2026356493
CVE-2026-35478InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authentica ...08/04/202609/04/2026356391
CVE-2026-35477InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-2 ...08/04/202609/04/2026356387
CVE-2026-35476InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authe ...08/04/202609/04/2026356386
CVE-2026-23869A denial of service vulnerability exists in React Server Components, affecting the following package ...08/04/202609/04/2026356384
CVE-2026-5802A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of ...08/04/202608/04/2026356241
CVE-2026-39880Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7. ...08/04/202609/04/2026356385
CVE-2026-39864Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an ou ...08/04/202609/04/2026356383
CVE-2026-39863Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8. ...08/04/202609/04/2026356382
CVE-2026-39862Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code e ...08/04/202609/04/2026356492
CVE-2026-39859LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3 ...08/04/202609/04/2026356267
CVE-2026-39413LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API ...08/04/202609/04/2026356394
CVE-2026-35455immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStore ...08/04/202608/04/2026356372
CVE-2026-35446LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...08/04/202608/04/2026356363
CVE-2026-35403LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...08/04/202608/04/2026356371
CVE-2026-35400LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...08/04/202608/04/2026356367
CVE-2026-35169LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...08/04/202608/04/2026356370
CVE-2026-35165LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...08/04/202608/04/2026356366
CVE-2026-34985LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...08/04/202608/04/2026356368
CVE-2026-34837Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint ...08/04/202608/04/2026356365
CVE-2026-34782Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the RE ...08/04/202608/04/2026356364
CVE-2026-20709Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Serie ...08/04/202608/04/2026356369
CVE-2026-39851Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, th ...08/04/202608/04/2026356344
CVE-2026-35407Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a ...08/04/202608/04/2026356343
CVE-2026-35401Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a m ...08/04/202608/04/2026356342
CVE-2026-2942The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missin ...08/04/202608/04/2026356330
CVE-2026-0814The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due ...08/04/202608/04/2026356334
CVE-2026-0811The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in a ...08/04/202608/04/2026356353
CVE-2026-34724Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side te ...08/04/202608/04/2026356331
CVE-2026-34723Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauth ...08/04/202608/04/2026356336
CVE-2026-34722Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the us ...08/04/202608/04/2026356341
CVE-2026-34721Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OA ...08/04/202608/04/2026356333
CVE-2026-34720Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SS ...08/04/202608/04/2026356340
CVE-2026-34719Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the we ...08/04/202608/04/2026356355
CVE-2026-34718Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HT ...08/04/202608/04/2026356339
CVE-2026-34392LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...08/04/202608/04/2026356352
CVE-2026-34248Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in sha ...08/04/202608/04/2026356338
CVE-2026-34166LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3 ...08/04/202608/04/2026356337
CVE-2026-33350LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provid ...08/04/202608/04/2026356351
CVE-2026-30818An OS command injection vulnerability in the dnsmasq module of TP-Link Archer AX53 v1.0 allows an au ...08/04/202608/04/2026356350
CVE-2026-30817An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows ...08/04/202608/04/2026356349
CVE-2026-30816An external control of configuration vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allo ...08/04/202608/04/2026356348
CVE-2026-30815An OS command injection vulnerability in the OpenVPN module of TP-Link Archer AX53 v1.0 allows an a ...08/04/202608/04/2026356335
CVE-2026-30814A stack-based buffer overflow in the tmpServer module of TP-Link Archer AX53 v1.0 allows an authent ...08/04/202608/04/2026356332
CVE-2026-27806Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk e ...08/04/202608/04/2026356354
CVE-2026-33756Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Sal ...08/04/202608/04/2026356302
CVE-2026-33466Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitra ...08/04/202608/04/2026356301
CVE-2026-33459Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Al ...08/04/202608/04/2026356305
CVE-2026-33458Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An ...08/04/202608/04/2026356314
CVE-2026-32591A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administr ...08/04/202608/04/2026356300
CVE-2026-32590A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload p ...08/04/202608/04/2026356304
CVE-2026-32589A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push a ...08/04/202608/04/2026356303
CVE-2026-4498Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can ...08/04/202608/04/2026356285
CVE-2026-33461Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse ( ...08/04/202608/04/2026356279
CVE-2026-33460Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privi ...08/04/202608/04/2026356280
CVE-2026-31017A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNe ...08/04/202608/04/2026356283
CVE-2026-30075OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport ...08/04/202608/04/2026356282
CVE-2026-2377A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by provi ...08/04/202608/04/2026356284
CVE-2026-4837An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions cou ...08/04/202608/04/2026356268
CVE-2026-30080OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configurati ...08/04/202608/04/2026356269
CVE-2026-33753rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. ...08/04/202608/04/2026356264
CVE-2026-33229XWiki Platform is a generic wiki platform offering runtime services for applications built on top of ...08/04/202608/04/2026356265
CVE-2026-31040A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-s ...08/04/202608/04/2026356266
CVE-2026-39865Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.2, Axios HTTP/2 sess ...08/04/202608/04/2026356249
CVE-2026-39410Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12. ...08/04/202608/04/2026356248
CVE-2026-39409Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12. ...08/04/202608/04/2026356252
CVE-2026-39408Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12. ...08/04/202608/04/2026356250
CVE-2026-39407Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12. ...08/04/202608/04/2026356251
CVE-2026-39406@hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling ...08/04/202608/04/2026356247
CVE-2026-39394CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...08/04/202608/04/2026356258
CVE-2026-39393CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...08/04/202608/04/2026356257
CVE-2026-39392CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...08/04/202608/04/2026356254
CVE-2026-39391CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...08/04/202608/04/2026356256
CVE-2026-39390CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...08/04/202608/04/2026356253
CVE-2026-39389CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture w ...08/04/202608/04/2026356255
CVE-2026-5795In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two Th ...08/04/202608/04/2026356235
CVE-2026-35023Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulne ...08/04/202608/04/2026356231
CVE-2026-31411In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unva ...08/04/202608/04/2026356230
CVE-2026-2509The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th ...08/04/202608/04/2026356234
CVE-2026-4402** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: Al ...08/04/202608/04/2026
 
CVE-2026-28261Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1. ...08/04/202608/04/2026356225
CVE-2026-5600A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a sp ...08/04/202608/04/2026356219
CVE-2026-5302CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers ...08/04/202608/04/2026356226
CVE-2026-5301Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers t ...08/04/202608/04/2026356228
CVE-2026-5300Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attacke ...08/04/202608/04/2026356227
CVE-2026-27102Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1,  ...08/04/202608/04/2026356223
CVE-2026-24511Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, co ...08/04/202608/04/2026356224
CVE-2026-5208Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to ...08/04/202608/04/2026356229
CVE-2026-3396WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the ' ...08/04/202608/04/2026356222
CVE-2026-3243The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to in ...08/04/202608/04/2026356216
CVE-2026-2481The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable ...08/04/202608/04/2026356217
CVE-2026-28264Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assign ...08/04/202608/04/2026356221
CVE-2026-1865The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, ...08/04/202608/04/2026356218
CVE-2026-1673The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin fo ...08/04/202608/04/2026356215
CVE-2026-1672The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin fo ...08/04/202608/04/2026356220
CVE-2026-4303The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Sit ...08/04/202608/04/2026356155
CVE-2026-4300The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading ...08/04/202608/04/2026356154
CVE-2026-4073The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' short ...08/04/202608/04/2026356153
CVE-2026-4025The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'a ...08/04/202608/04/2026356152
CVE-2026-39716Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Conf ...08/04/202608/04/2026356198
CVE-2026-39715Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-l ...08/04/202608/04/2026356192
CVE-2026-39714Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrect ...08/04/202608/04/2026356197
CVE-2026-39713Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchroniz ...08/04/202608/04/2026356174
CVE-2026-39712Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDi ...08/04/202608/04/2026356173
CVE-2026-39711Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 | Extensions r ...08/04/202608/04/2026356176
CVE-2026-39710Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 | Extensions rt18-extensions a ...08/04/202608/04/2026356205
CVE-2026-39709Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech- ...08/04/202608/04/2026356172
CVE-2026-39708Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356204
CVE-2026-39707Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contac ...08/04/202608/04/2026356175
CVE-2026-39706Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incor ...08/04/202608/04/2026356180
CVE-2026-39705Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync all ...08/04/202608/04/2026356177
CVE-2026-39704Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing � ...08/04/202608/04/2026356171
CVE-2026-39703Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356203
CVE-2026-39702Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356202
CVE-2026-39701Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configu ...08/04/202608/04/2026356161
CVE-2026-39700Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured ...08/04/202608/04/2026356164
CVE-2026-39699Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-li ...08/04/202608/04/2026356167
CVE-2026-39698Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-a ...08/04/202608/04/2026356166
CVE-2026-39697Missing Authorization vulnerability in HBSS Technologies MAIO – The new AI GEO / SEO tool maio-the ...08/04/202608/04/2026356160
CVE-2026-39696Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356201
CVE-2026-39695Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Reque ...08/04/202608/04/2026356207
CVE-2026-39694Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appoint ...08/04/202608/04/2026356159
CVE-2026-39693Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356193
CVE-2026-39692Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356191
CVE-2026-39691Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypt ...08/04/202608/04/2026356158
CVE-2026-39690Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows E ...08/04/202608/04/2026356157
CVE-2026-39689Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploitin ...08/04/202608/04/2026356151
CVE-2026-39688Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exp ...08/04/202608/04/2026356156
CVE-2026-39687Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-dat ...08/04/202608/04/2026356141
CVE-2026-39686Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersk ...08/04/202608/04/2026356140
CVE-2026-39685Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Inco ...08/04/202608/04/2026356137
CVE-2026-39684Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...08/04/202608/04/2026356112
CVE-2026-39683Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356195
CVE-2026-39682Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploi ...08/04/202608/04/2026356138
CVE-2026-39681Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...08/04/202608/04/2026356113
CVE-2026-39680Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculat ...08/04/202608/04/2026356136
CVE-2026-39679Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...08/04/202608/04/2026356111
CVE-2026-39678Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Expl ...08/04/202608/04/2026356139
CVE-2026-39677Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...08/04/202608/04/2026356078
CVE-2026-39676Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting ...08/04/202608/04/2026356135
CVE-2026-39675Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiti ...08/04/202608/04/2026356134
CVE-2026-39674Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356168
CVE-2026-39673Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorre ...08/04/202608/04/2026356133
CVE-2026-39672Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discoun ...08/04/202608/04/2026356090
CVE-2026-39671Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-co ...08/04/202608/04/2026356206
CVE-2026-39670Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview a ...08/04/202608/04/2026356162
CVE-2026-39669Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly C ...08/04/202608/04/2026356132
CVE-2026-39668Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woo ...08/04/202608/04/2026356088
CVE-2026-39667Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356196
CVE-2026-39666Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356199
CVE-2026-39665Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356200
CVE-2026-39664Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly C ...08/04/202608/04/2026356131
CVE-2026-39663Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allo ...08/04/202608/04/2026356128
CVE-2026-39662Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product ...08/04/202608/04/2026356083
CVE-2026-39660Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting In ...08/04/202608/04/2026356127
CVE-2026-39659Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploi ...08/04/202608/04/2026356124
CVE-2026-39658Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-fi ...08/04/202608/04/2026356122
CVE-2026-39657Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploitin ...08/04/202608/04/2026356130
CVE-2026-39656Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploit ...08/04/202608/04/2026356082
CVE-2026-39654Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356194
CVE-2026-39653Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-confere ...08/04/202608/04/2026356123
CVE-2026-39652Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploitin ...08/04/202608/04/2026356126
CVE-2026-39651Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting I ...08/04/202608/04/2026356129
CVE-2026-39650Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allo ...08/04/202608/04/2026356079
CVE-2026-39649Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrect ...08/04/202608/04/2026356125
CVE-2026-39648Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly ...08/04/202608/04/2026356121
CVE-2026-39647Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podca ...08/04/202608/04/2026356150
CVE-2026-39646Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356189
CVE-2026-39645Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce globa ...08/04/202608/04/2026356143
CVE-2026-39644Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploitin ...08/04/202608/04/2026356119
CVE-2026-39643Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntp ...08/04/202608/04/2026356142
CVE-2026-39641Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site ...08/04/202608/04/2026356213
CVE-2026-39640Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Cod ...08/04/202608/04/2026356211
CVE-2026-39639Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allow ...08/04/202608/04/2026356116
CVE-2026-39638Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356187
CVE-2026-39637Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured A ...08/04/202608/04/2026356186
CVE-2026-39636Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356188
CVE-2026-39635Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cr ...08/04/202608/04/2026356184
CVE-2026-39634Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows ...08/04/202608/04/2026356190
CVE-2026-39633Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows ...08/04/202608/04/2026356185
CVE-2026-39632Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site ...08/04/202608/04/2026356212
CVE-2026-39631Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiti ...08/04/202608/04/2026356080
CVE-2026-39630Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Se ...08/04/202608/04/2026356149
CVE-2026-39629Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet ...08/04/202608/04/2026356148
CVE-2026-39628Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet ...08/04/202608/04/2026356147
CVE-2026-39627Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Ac ...08/04/202608/04/2026356183
CVE-2026-39626Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet ...08/04/202608/04/2026356146
CVE-2026-39625Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutet ...08/04/202608/04/2026356145
CVE-2026-39624Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Conf ...08/04/202608/04/2026356117
CVE-2026-39623Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...08/04/202608/04/2026356076
CVE-2026-39622Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting In ...08/04/202608/04/2026356115
CVE-2026-39621Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a ...08/04/202608/04/2026356182
CVE-2026-39620Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Up ...08/04/202608/04/2026356163
CVE-2026-39619Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a ...08/04/202608/04/2026356208
CVE-2026-39618Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Requ ...08/04/202608/04/2026356210
CVE-2026-39617Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cros ...08/04/202608/04/2026356214
CVE-2026-39616Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments down ...08/04/202608/04/2026356120
CVE-2026-39615Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356181
CVE-2026-39614Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exp ...08/04/202608/04/2026356077
CVE-2026-39613Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...08/04/202608/04/2026356075
CVE-2026-39612Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Co ...08/04/202608/04/2026356114
CVE-2026-39611Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...08/04/202608/04/2026356074
CVE-2026-39610Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorr ...08/04/202608/04/2026356118
CVE-2026-39609Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrect ...08/04/202608/04/2026356110
CVE-2026-39608Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exp ...08/04/202608/04/2026356109
CVE-2026-39607Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly ...08/04/202608/04/2026356106
CVE-2026-39606Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectl ...08/04/202608/04/2026356105
CVE-2026-39605Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiti ...08/04/202608/04/2026356107
CVE-2026-39604Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356178
CVE-2026-39603Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography all ...08/04/202608/04/2026356179
CVE-2026-39602Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting In ...08/04/202608/04/2026356103
CVE-2026-39592Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows ...08/04/202608/04/2026356104
CVE-2026-39588Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-an ...08/04/202608/04/2026356108
CVE-2026-39586Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer ...08/04/202608/04/2026356102
CVE-2026-39585Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Con ...08/04/202608/04/2026356101
CVE-2026-39575Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356170
CVE-2026-39572Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeop ...08/04/202608/04/2026356100
CVE-2026-39571Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic ...08/04/202608/04/2026356099
CVE-2026-39570Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting Li ...08/04/202608/04/2026356098
CVE-2026-39569Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allo ...08/04/202608/04/2026356097
CVE-2026-39566Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designin ...08/04/202608/04/2026356096
CVE-2026-39565Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploit ...08/04/202608/04/2026356095
CVE-2026-39564Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo ...08/04/202608/04/2026356094
CVE-2026-39563Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Inc ...08/04/202608/04/2026356093
CVE-2026-39562Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices ...08/04/202608/04/2026356092
CVE-2026-39561Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Co ...08/04/202608/04/2026356091
CVE-2026-39544Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...08/04/202608/04/2026356073
CVE-2026-39543Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Config ...08/04/202608/04/2026356086
CVE-2026-39542Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommer ...08/04/202608/04/2026356081
CVE-2026-39541Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356169
CVE-2026-39538Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...08/04/202608/04/2026356072
CVE-2026-39536Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill ...08/04/202608/04/2026356089
CVE-2026-39535Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api ...08/04/202608/04/2026356084
CVE-2026-39528Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting ...08/04/202608/04/2026356087
CVE-2026-39526Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows ...08/04/202608/04/2026356085
CVE-2026-39521Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allow ...08/04/202608/04/2026356144
CVE-2026-39520Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured ...08/04/202608/04/2026356209
CVE-2026-39517Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356165
CVE-2026-39516Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH ...08/04/202608/04/2026356063
CVE-2026-39510Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final ...08/04/202608/04/2026356066
CVE-2026-39509Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly C ...08/04/202608/04/2026356069
CVE-2026-39508Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356068
CVE-2026-39506Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting In ...08/04/202608/04/2026356065
CVE-2026-39505Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-pod ...08/04/202608/04/2026356070
CVE-2026-39504Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Inc ...08/04/202608/04/2026356064
CVE-2026-39501Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploitin ...08/04/202608/04/2026356062
CVE-2026-33088Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an a ...08/04/202608/04/2026356067
CVE-2026-25776Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an a ...08/04/202608/04/2026356071
CVE-2026-39500Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356059
CVE-2026-39497Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i ...08/04/202608/04/2026356051
CVE-2026-39496Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i ...08/04/202608/04/2026356045
CVE-2026-39495Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i ...08/04/202608/04/2026356060
CVE-2026-39488Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Conf ...08/04/202608/04/2026356055
CVE-2026-39487Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i ...08/04/202608/04/2026356056
CVE-2026-39486Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i ...08/04/202608/04/2026356054
CVE-2026-39485Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploi ...08/04/202608/04/2026356053
CVE-2026-39484URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hi ...08/04/202608/04/2026356052
CVE-2026-39483Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356061
CVE-2026-39482Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...08/04/202608/04/2026356058
CVE-2026-39479Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i ...08/04/202608/04/2026356044
CVE-2026-39477Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorr ...08/04/202608/04/2026356043
CVE-2026-39476Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting ...08/04/202608/04/2026356049
CVE-2026-39475Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i ...08/04/202608/04/2026356048
CVE-2026-39473Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History s ...08/04/202608/04/2026356047
CVE-2026-39469Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softacul ...08/04/202608/04/2026356050
CVE-2026-39466Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i ...08/04/202608/04/2026356042
CVE-2026-39464Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & ...08/04/202608/04/2026356057
CVE-2026-1396The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scr ...08/04/202608/04/2026356046
CVE-2026-4655The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Script ...08/04/202608/04/2026356040
CVE-2026-4654The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to In ...08/04/202608/04/2026356039
CVE-2026-4330The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorizat ...08/04/202608/04/2026356038
CVE-2026-4483An exposed IOCTL with an  insufficient access control vulnerability has been identified in the util ...08/04/202608/04/2026356041
CVE-2026-5508The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wow ...08/04/202608/04/2026356035
CVE-2026-5506The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` s ...08/04/202608/04/2026356034
CVE-2026-5169The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...08/04/202608/04/2026356022
CVE-2026-5167The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is v ...08/04/202608/04/2026356028
CVE-2026-4871The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...08/04/202608/04/2026356031
CVE-2026-4808The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads ...08/04/202608/04/2026356023
CVE-2026-4141The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versi ...08/04/202608/04/2026356036
CVE-2026-3781The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' para ...08/04/202608/04/2026356027
CVE-2026-3618The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ...08/04/202608/04/2026356033
CVE-2026-3594The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in ...08/04/202608/04/2026356025
CVE-2026-3535The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to m ...08/04/202608/04/2026356021
CVE-2026-3480The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to an ...08/04/202608/04/2026356026
CVE-2026-3477The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions ...08/04/202608/04/2026356024
CVE-2026-3142The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored C ...08/04/202608/04/2026356032
CVE-2026-2838The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...08/04/202608/04/2026356029
CVE-2026-4338The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowe ...08/04/202608/04/2026356019
CVE-2026-5083Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is gen ...08/04/202608/04/2026356018
CVE-2026-5082Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure sessi ...08/04/202608/04/2026356020
CVE-2026-3311The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooC ...08/04/202608/04/2026356017
CVE-2026-33273Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If ...08/04/202608/04/2026355991
CVE-2026-27787Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is ...08/04/202608/04/2026356003
CVE-2026-24913SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exp ...08/04/202608/04/2026355990
CVE-2026-39937Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia ...08/04/202608/04/2026355989
CVE-2026-39847Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, th ...08/04/202608/04/2026355971
CVE-2026-39846SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another ...08/04/202608/04/2026355993
CVE-2026-35406Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a t ...08/04/202608/04/2026356006
CVE-2026-34079Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching f ...08/04/202608/04/2026356004
CVE-2026-34078Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak p ...08/04/202608/04/2026355976
CVE-2026-39934Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Med ...08/04/202608/04/2026356002
CVE-2026-39933Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i ...08/04/202608/04/2026356012
CVE-2026-31790Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can ...08/04/202608/04/2026355901
CVE-2026-31789Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a ...08/04/202608/04/2026355907
CVE-2026-28390Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientIn ...08/04/202608/04/2026355906
CVE-2026-28389Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a ...08/04/202608/04/2026355905
CVE-2026-28388Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL po ...08/04/202608/04/2026355904
CVE-2026-28387Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication ...08/04/202608/04/2026355903
CVE-2026-28386Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VA ...08/04/202608/04/2026355902
CVE-2026-4785The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulner ...08/04/202608/04/2026355988
CVE-2026-4341The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Sc ...08/04/202608/04/2026355969
CVE-2026-4333The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scri ...08/04/202608/04/2026356001
CVE-2026-4299The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions ...08/04/202608/04/2026355978
CVE-2026-4003The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary Us ...08/04/202608/04/2026356010
CVE-2026-3646The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Author ...08/04/202608/04/2026355966
CVE-2026-3600The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-annou ...08/04/202608/04/2026356007
CVE-2026-3513The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross- ...08/04/202608/04/2026356005
CVE-2026-3239The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl ...08/04/202608/04/2026356000
CVE-2026-4379The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `g ...08/04/202608/04/2026355999
CVE-2026-2988The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'po ...08/04/202608/04/2026355998
CVE-2026-5726ASDA-Soft Stack-based Buffer Overflow Vulnerability08/04/202608/04/2026356014
CVE-2026-1163An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. Th ...08/04/202608/04/2026355995
CVE-2026-3499The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPr ...08/04/202608/04/2026355987
CVE-2026-3296The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, ...08/04/202608/04/2026355965
CVE-2026-33810When verifying a certificate chain containing excluded DNS constraints, these constraints are not co ...08/04/202608/04/2026355982
CVE-2026-32289Context was not properly tracked across template branches for JS template literals, leading to possi ...08/04/202608/04/2026356009
CVE-2026-32288tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive con ...08/04/202608/04/2026355986
CVE-2026-32283If one side of the TLS connection sends multiple key update messages post-handshake in a single reco ...08/04/202608/04/2026355985
CVE-2026-32282On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in pro ...08/04/202608/04/2026355973
CVE-2026-32281Validating certificate chains which use policies is unexpectedly inefficient when certificates in th ...08/04/202608/04/2026355981
CVE-2026-32280During chain building, the amount of work that is done is not correctly limited when a large number ...08/04/202608/04/2026355983
CVE-2026-27144The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface ...08/04/202608/04/2026355984
CVE-2026-27143Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. A ...08/04/202608/04/2026355997
CVE-2026-27140SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrar ...08/04/202608/04/2026356008
CVE-2026-4788IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that co ...08/04/202608/04/2026355975
CVE-2026-3357IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbit ...08/04/202608/04/2026355967
CVE-2026-1346IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 ...08/04/202608/04/2026355972
CVE-2026-1343IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 ...08/04/202608/04/2026355970
CVE-2026-4656This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.08/04/202608/04/2026
 
CVE-2026-39936Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i ...08/04/202608/04/2026356013
CVE-2026-39935Improper neutralization of input during web page generation ('cross-site scripting') vulnerability i ...08/04/202608/04/2026356011
CVE-2026-5747An out-of-bounds write issue in the virtio PCI transport in Amazon Firecracker 1.13.0 through 1.14.3 ...08/04/202608/04/2026355992
CVE-2026-4406The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form ...08/04/202608/04/2026355979
CVE-2026-4401The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `action ...08/04/202608/04/2026355968
CVE-2026-4394The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit C ...08/04/202608/04/2026355994

2025

CVEMô tảĐệ trìnhKiểm duyệtmục
CVE-2025-66447Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicio ...10/04/202610/04/2026356898
CVE-2025-44560owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.10/04/202610/04/2026356831
CVE-2025-5804Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...10/04/202610/04/2026315593
CVE-2025-58920Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...10/04/202610/04/2026356820
CVE-2025-58913Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio ...10/04/202610/04/2026341185
CVE-2025-14545The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via ...10/04/202610/04/2026356800
CVE-2025-59969A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanc ...10/04/202610/04/2026356738
CVE-2025-13914A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Netw ...10/04/202610/04/2026356699
CVE-2025-13926An attacker could use data obtained by sniffing the network traffic to forge packets in order to ma ...09/04/202609/04/2026356685
CVE-2025-70797Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execut ...09/04/202609/04/2026356641
CVE-2025-63238A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to t ...09/04/202609/04/2026356627
CVE-2025-70365A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output ...09/04/202609/04/2026356614
CVE-2025-70364An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execu ...09/04/202609/04/2026356611
CVE-2025-15480In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during cra ...09/04/202609/04/2026356575
CVE-2025-14551In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. U ...09/04/202609/04/2026356574
CVE-2025-70811Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute ...09/04/202609/04/2026356585
CVE-2025-70810Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute ...09/04/202609/04/2026356584
CVE-2025-62718Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0, Axios does not co ...09/04/202609/04/2026356581
CVE-2025-50228Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and ...09/04/202609/04/2026356589
CVE-2025-45806A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers ...09/04/202609/04/2026356565
CVE-2025-57735When user logged out, the JWT token the user had authtenticated with was not invalidated, which coul ...09/04/202609/04/2026356519
CVE-2025-62188An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache Dolphin ...09/04/202609/04/2026356516
CVE-2025-9484GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 bef ...09/04/202609/04/2026356397
CVE-2025-12664GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 ...09/04/202609/04/2026356396
CVE-2025-50673A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...08/04/202608/04/2026356362
CVE-2025-50672A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para ...08/04/202608/04/2026356361
CVE-2025-50671A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para ...08/04/202608/04/2026356347
CVE-2025-50670A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para ...08/04/202608/04/2026356346
CVE-2025-50669A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to i ...08/04/202608/04/2026356360
CVE-2025-50668A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...08/04/202608/04/2026356359
CVE-2025-50667A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...08/04/202608/04/2026356358
CVE-2025-50666A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of mult ...08/04/202608/04/2026356345
CVE-2025-50665A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of inpu ...08/04/202608/04/2026356313
CVE-2025-50664A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of para ...08/04/202608/04/2026356312
CVE-2025-50663A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...08/04/202608/04/2026356357
CVE-2025-50662A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...08/04/202608/04/2026356356
CVE-2025-50661A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of mult ...08/04/202608/04/2026356311
CVE-2025-50660A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...08/04/202608/04/2026356327
CVE-2025-50659A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...08/04/202608/04/2026356326
CVE-2025-50657A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...08/04/202608/04/2026356325
CVE-2025-50655A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...08/04/202608/04/2026356328
CVE-2025-50654A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of th ...08/04/202608/04/2026356324
CVE-2025-50653A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the ...08/04/202608/04/2026356323
CVE-2025-50652An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /savep ...08/04/202608/04/2026356322
CVE-2025-50650A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of ...08/04/202608/04/2026356321
CVE-2025-50649A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation ...08/04/202608/04/2026356320
CVE-2025-50648A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validati ...08/04/202608/04/2026356319
CVE-2025-50647A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of ...08/04/202608/04/2026356318
CVE-2025-50646A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input valida ...08/04/202608/04/2026356317
CVE-2025-50645A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflo ...08/04/202608/04/2026356310
CVE-2025-50644A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of us ...08/04/202608/04/2026356316
CVE-2025-30650A Missing Authentication for Critical Function vulnerability in command processing of Juniper Netwo ...08/04/202608/04/2026356299
CVE-2025-52222D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 ...08/04/202608/04/2026356309
CVE-2025-52221Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the func ...08/04/202608/04/2026356315
CVE-2025-45059D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the t ...08/04/202608/04/2026356308
CVE-2025-45058D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the j ...08/04/202608/04/2026356307
CVE-2025-45057D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the i ...08/04/202608/04/2026356306
CVE-2025-57175Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root passwor ...08/04/202608/04/2026356286
CVE-2025-14243A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, rem ...08/04/202608/04/2026356281
CVE-2025-58713A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images ...08/04/202608/04/2026356236
CVE-2025-57854A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. T ...08/04/202608/04/2026356240
CVE-2025-57853A container privilege escalation flaw was found in certain Web Terminal images. This issue stems fro ...08/04/202608/04/2026356239
CVE-2025-57851A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images ...08/04/202608/04/2026356238
CVE-2025-57847A container privilege escalation flaw was found in certain Ansible Automation Platform images. This ...08/04/202608/04/2026356237
CVE-2025-14816Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 ver ...08/04/202608/04/2026356233
CVE-2025-14815Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 1 ...08/04/202608/04/2026356232
CVE-2025-1794The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded S ...08/04/202608/04/2026356030
CVE-2025-14732The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable t ...08/04/202608/04/2026355996
CVE-2025-20628An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Id ...08/04/202608/04/2026355980

2024

CVEMô tảĐệ trìnhKiểm duyệtmục
CVE-2024-1490An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the ...09/04/202609/04/2026356518

2023

CVEMô tảĐệ trìnhKiểm duyệtmục
CVE-2023-54364Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenti ...09/04/202610/04/2026356727
CVE-2023-54363Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthent ...09/04/202610/04/2026356725
CVE-2023-54362Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that ...09/04/202610/04/2026356724
CVE-2023-54361Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allo ...09/04/202610/04/2026356723
CVE-2023-54360Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attacke ...09/04/202610/04/2026356722
CVE-2023-54359WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that all ...09/04/202610/04/2026356701
CVE-2023-54358WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that all ...09/04/202610/04/2026356711
CVE-2023-46945QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request08/04/202608/04/2026356287

2021

CVEMô tảĐệ trìnhKiểm duyệtmục
CVE-2021-47961A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows ...10/04/202610/04/2026356809
CVE-2021-47960A files or directories accessible to external parties vulnerability in Synology SSL VPN Client befor ...10/04/202610/04/2026356814

TrướcTổng QuanTiếp theo

Do you know our Splunk app?

Download it now for free!