LIVE · cybersecurity feed

CVE & Advisory Tracker

Known vulnerabilities and government advisories — public-domain data, free to host in full.

CVE / IDSeverityTitleAdded
CVE-2026-50746criticalUbiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS3h ago
CVE-2026-55255criticalAttackers using Langflow flaw for credential harvesting (CVE-2026-55255)3h ago
CVE-2026-12958highBug in top AI coding agents shows that Unix-era security headaches never really die3h ago
CVE-2026-43499critical15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros11h ago
CVE-2026-48282highCISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV12h ago
CVE-2026-20896criticalCritical Gitea Flaw Under Active Exploitation, Researchers Warn1d ago
CVE-2026-48282criticalCritical Adobe ColdFusion Vulnerability Exploited in Attacks1d ago
CVE-2024-42009highSuspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities1d ago
CVE-2026-11405highCERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware1d ago
CVE-2026-40138criticalBeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA1d ago
CVE-2026-5335916-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems2d ago
CVE-2026-20896criticalThreat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure2d ago
CVE-2026-46242New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android4d ago
CVE-2025-5777Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials5d ago
CVE-2026-48558critical'Djinn' Stealer Targets Cloud, AI Credentials8d ago
CVE-2025-54957criticalA 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens56d ago
CVE-2026-33538highCVE-2026-33538: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.105d ago
CVE-2026-33527mediumCVE-2026-33527: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.105d ago
CVE-2026-33508highCVE-2026-33508: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.105d ago
CVE-2026-33498highCVE-2026-33498: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.105d ago
CVE-2026-33429mediumCVE-2026-33429: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.105d ago
CVE-2026-33421mediumCVE-2026-33421: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.105d ago
CVE-2026-33417mediumCVE-2026-33417: Wallos is an open-source, self-hostable personal subscription tracker.105d ago
CVE-2026-33409criticalCVE-2026-33409: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.105d ago
CVE-2026-33323mediumCVE-2026-33323: Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.105d ago
CVE-2026-30932highCVE-2026-30932: Froxlor is open source server administration software.105d ago
CVE-2026-2417CVE-2026-2417: A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware ver105d ago
CVE-2026-29772mediumCVE-2026-29772: Astro is a web framework.105d ago
CVE-2026-23924CVE-2026-23924: Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding the105d ago
CVE-2026-23923CVE-2026-23923: An unauthenticated attacker can exploit the Frontend 'validate' action to blindly instantiate arbitrary PHP classe105d ago
CVE-2026-23921CVE-2026-23921: A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api105d ago
CVE-2026-23920CVE-2026-23920: Host and event action script input is validated with a regex (set by the administrator), but the validation runs i105d ago
CVE-2026-23919CVE-2026-23919: For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript105d ago
CVE-2026-1995highCVE-2026-1995: IDrive’s id_service.exe process runs with elevated privileges and regularly reads from several files under the C:\P105d ago
CVE-2026-33407criticalCVE-2026-33407: Wallos is an open-source, self-hostable personal subscription tracker.105d ago
CVE-2026-33401mediumCVE-2026-33401: Wallos is an open-source, self-hostable personal subscription tracker.105d ago
CVE-2026-33400mediumCVE-2026-33400: Wallos is an open-source, self-hostable personal subscription tracker.105d ago
CVE-2026-33399highCVE-2026-33399: Wallos is an open-source, self-hostable personal subscription tracker.105d ago
CVE-2026-33162mediumCVE-2026-33162: Craft CMS is a content management system (CMS).105d ago
CVE-2026-33161mediumCVE-2026-33161: Craft CMS is a content management system (CMS).105d ago
CVE-2026-33160mediumCVE-2026-33160: Craft CMS is a content management system (CMS).105d ago
CVE-2026-33159mediumCVE-2026-33159: Craft CMS is a content management system (CMS).105d ago
CVE-2026-33158mediumCVE-2026-33158: Craft CMS is a content management system (CMS).105d ago
CVE-2026-33157highCVE-2026-33157: Craft CMS is a content management system (CMS).105d ago
CVE-2026-32854highCVE-2026-32854: LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities 105d ago
CVE-2026-32853highCVE-2026-32853: LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability i105d ago
CVE-2026-26809CVE-2026-26809: Rejected reason: DO NOT USE THIS CVE RECORD.105d ago
CVE-2026-33340criticalCVE-2026-33340: LoLLMs WEBUI provides the Web user interface for Lord of Large Language and Multi modal Systems.106d ago
CVE-2025-11571CVE-2025-11571: Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution.106d ago
CVE-2026-33700mediumCVE-2026-33700: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33680highCVE-2026-33680: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33679mediumCVE-2026-33679: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33678highCVE-2026-33678: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33677mediumCVE-2026-33677: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33676mediumCVE-2026-33676: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33675mediumCVE-2026-33675: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33668highCVE-2026-33668: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33474mediumCVE-2026-33474: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33473mediumCVE-2026-33473: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33336highCVE-2026-33336: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33335highCVE-2026-33335: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33334criticalCVE-2026-33334: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-29840mediumCVE-2026-29840: JiZhiCMS v2.5.6 and before contains a Stored Cross-Site Scripting (XSS) vulnerability in the release function with106d ago
CVE-2026-29839highCVE-2026-29839: DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php.106d ago
CVE-2025-71275CVE-2025-71275: Rejected reason: This CVE was rejected due to being a duplicate of CVE-2024-45519.106d ago
CVE-2026-4775highCVE-2026-4775: A flaw was found in the libtiff library.106d ago
CVE-2026-33554highCVE-2026-33554: ipmi-oem in FreeIPMI before 1.6.17 has exploitable buffer overflows on response messages.106d ago
CVE-2026-33316highCVE-2026-33316: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33315mediumCVE-2026-33315: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-33313mediumCVE-2026-33313: Vikunja is an open-source self-hosted task management platform.106d ago
CVE-2026-32647highCVE-2026-32647: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an atta106d ago
CVE-2026-30662mediumCVE-2026-30662: ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in the File Manager component.106d ago
CVE-2026-30661mediumCVE-2026-30661: iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically wit106d ago
CVE-2026-30655mediumCVE-2026-30655: SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remot106d ago
CVE-2026-30653highCVE-2026-30653: An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function Hand106d ago
CVE-2026-28755mediumCVE-2026-28755: NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper hand106d ago
CVE-2026-28753lowCVE-2026-28753: NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handl106d ago
CVE-2026-27784highCVE-2026-27784: The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might 106d ago
CVE-2026-27654highCVE-2026-27654: NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attack106d ago
CVE-2026-27651highCVE-2026-27651: When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can 106d ago
CVE-2026-33497highCVE-2026-33497: Langflow is a tool for building and deploying AI-powered agents and workflows.106d ago
CVE-2026-33484highCVE-2026-33484: Langflow is a tool for building and deploying AI-powered agents and workflows.106d ago
CVE-2026-33418highCVE-2026-33418: DiceBear is an avatar library for designers and developers.106d ago
CVE-2026-33311mediumCVE-2026-33311: DiceBear is an avatar library for designers and developers.106d ago
CVE-2026-33310highCVE-2026-33310: Intake is a package for finding, investigating, loading and disseminating data.106d ago
CVE-2026-4729criticalCVE-2026-4729: Memory safety bugs present in Firefox 148 and Thunderbird 148.106d ago
CVE-2026-4728mediumCVE-2026-4728: Spoofing issue in the Privacy: Anti-Tracking component.106d ago
CVE-2026-4727highCVE-2026-4727: Denial-of-service in the Libraries component in NSS.106d ago
CVE-2026-4726highCVE-2026-4726: Denial-of-service in the XML component.106d ago
CVE-2026-4725criticalCVE-2026-4725: Sandbox escape due to use-after-free in the Graphics: Canvas2D component.106d ago
CVE-2026-4724criticalCVE-2026-4724: Undefined behavior in the Audio/Video component.106d ago
CVE-2026-4723criticalCVE-2026-4723: Use-after-free in the JavaScript Engine component.106d ago
CVE-2026-4722highCVE-2026-4722: Privilege escalation in the IPC component.106d ago
CVE-2026-4721criticalCVE-2026-4721: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunder106d ago
CVE-2026-4720criticalCVE-2026-4720: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148.106d ago
CVE-2026-4719highCVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component.106d ago
CVE-2026-4718highCVE-2026-4718: Undefined behavior in the WebRTC: Signaling component.106d ago
CVE-2026-4717criticalCVE-2026-4717: Privilege escalation in the Netmonitor component.106d ago
CVE-2026-4716criticalCVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component.106d ago
CVE-2026-4715criticalCVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component.106d ago
CVE-2026-4714highCVE-2026-4714: Incorrect boundary conditions in the Audio/Video component.106d ago
CVE-2026-4713highCVE-2026-4713: Incorrect boundary conditions in the Graphics component.106d ago
CVE-2026-4712highCVE-2026-4712: Information disclosure in the Widget: Cocoa component.106d ago
CVE-2026-4711criticalCVE-2026-4711: Use-after-free in the Widget: Cocoa component.106d ago
CVE-2026-4710criticalCVE-2026-4710: Incorrect boundary conditions in the Audio/Video component.106d ago
CVE-2026-4709highCVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component.106d ago
CVE-2026-4708highCVE-2026-4708: Incorrect boundary conditions in the Graphics component.106d ago
CVE-2026-4707highCVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component.106d ago
CVE-2026-4706highCVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component.106d ago
CVE-2026-4705criticalCVE-2026-4705: Undefined behavior in the WebRTC: Signaling component.106d ago
CVE-2026-4704highCVE-2026-4704: Denial-of-service in the WebRTC: Signaling component.106d ago
CVE-2026-4702criticalCVE-2026-4702: JIT miscompilation in the JavaScript Engine component.106d ago
CVE-2026-4701criticalCVE-2026-4701: Use-after-free in the JavaScript Engine component.106d ago
CVE-2026-4700criticalCVE-2026-4700: Mitigation bypass in the Networking: HTTP component.106d ago
CVE-2026-4699highCVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component.106d ago
CVE-2026-4698criticalCVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component.106d ago
CVE-2026-4697highCVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component.106d ago
CVE-2026-4696criticalCVE-2026-4696: Use-after-free in the Layout: Text and Fonts component.106d ago
CVE-2026-4695highCVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component.106d ago
CVE-2026-4694highCVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component.106d ago
CVE-2026-4693highCVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component.106d ago
CVE-2026-4692criticalCVE-2026-4692: Sandbox escape in the Responsive Design Mode component.106d ago
CVE-2026-4691criticalCVE-2026-4691: Use-after-free in the CSS Parsing and Computation component.106d ago
CVE-2026-4690highCVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component.106d ago
CVE-2026-4689criticalCVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component.106d ago
CVE-2026-4688criticalCVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component.106d ago
CVE-2026-4687highCVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component.106d ago
CVE-2026-4686highCVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component.106d ago
CVE-2026-4685highCVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component.106d ago
CVE-2026-4684highCVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component.106d ago
CVE-2026-33475criticalCVE-2026-33475: Langflow is a tool for building and deploying AI-powered agents and workflows.106d ago
CVE-2026-33309criticalCVE-2026-33309: Langflow is a tool for building and deploying AI-powered agents and workflows.106d ago
CVE-2025-64998highCVE-2025-64998: Exposure of session signing secret in Checkmk <2.4.0p23, <2.3.0p45 and 2.2.0 allows an administrator of a remote s106d ago
CVE-2019-25647highCVE-2019-25647: PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated106d ago
CVE-2019-25646criticalCVE-2019-25646: Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote 106d ago
CVE-2019-25645mediumCVE-2019-25645: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to 106d ago
CVE-2019-25644mediumCVE-2019-25644: WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog t106d ago
CVE-2019-25643highCVE-2019-25643: eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to exec106d ago
CVE-2019-25642highCVE-2019-25642: Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arb106d ago
CVE-2019-25641highCVE-2019-25641: Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulat106d ago
CVE-2019-25640highCVE-2019-25640: Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate d106d ago
CVE-2019-25639highCVE-2019-25639: Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attacke106d ago
CVE-2019-25638highCVE-2019-25638: Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to e106d ago
CVE-2019-25637highCVE-2019-25637: X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary106d ago
CVE-2019-25636highCVE-2019-25636: Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate da106d ago
CVE-2019-25635highCVE-2019-25635: Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to mani106d ago
CVE-2019-25634highCVE-2019-25634: Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute a106d ago
CVE-2019-25633highCVE-2019-25633: AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local 106d ago
CVE-2019-25632mediumCVE-2019-25632: phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read a106d ago
CVE-2019-25631highCVE-2019-25631: AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local106d ago
CVE-2019-25630highCVE-2019-25630: PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows au106d ago
CVE-2019-25629highCVE-2019-25629: AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging func106d ago
CVE-2019-25628criticalCVE-2019-25628: Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that 106d ago
CVE-2019-25627highCVE-2019-25627: FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers t106d ago
CVE-2019-25626highCVE-2019-25626: River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that all106d ago
CVE-2026-4649CVE-2026-4649: Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages106d ago
CVE-2026-3509highCVE-2026-3509: An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log 106d ago
CVE-2026-32642mediumCVE-2026-32642: Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an applicat106d ago
CVE-2025-41660highCVE-2025-41660: A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system106d ago
CVE-2026-4756highCVE-2026-4756: Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: be106d ago
CVE-2026-4755criticalCVE-2026-4755: CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11106d ago
CVE-2026-4754mediumCVE-2026-4754: CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11106d ago
CVE-2026-33852highCVE-2026-33852: Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue 106d ago
CVE-2026-4753criticalCVE-2026-4753: Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.106d ago
CVE-2026-4752mediumCVE-2026-4752: Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.106d ago
CVE-2026-4751mediumCVE-2026-4751: NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.106d ago
CVE-2026-4750criticalCVE-2026-4750: Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.106d ago
CVE-2026-4749mediumCVE-2026-4749: NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0.106d ago
CVE-2026-33856highCVE-2026-33856: Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue 106d ago
CVE-2026-33855mediumCVE-2026-33855: Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-Imag106d ago
CVE-2026-33854highCVE-2026-33854: Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: b106d ago
CVE-2026-33853mediumCVE-2026-33853: NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagic106d ago
CVE-2026-33851highCVE-2026-33851: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.Thi106d ago
CVE-2026-33850highCVE-2026-33850: Out-of-bounds Write vulnerability in WujekFoliarz DualSenseY-v2.This issue affects DualSenseY-v2: before 54.106d ago
CVE-2026-33849highCVE-2026-33849: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.Th106d ago
CVE-2026-33848highCVE-2026-33848: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.Th106d ago
CVE-2026-33847highCVE-2026-33847: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.Th106d ago
CVE-2026-4746CVE-2026-4746: Out-of-bounds Write vulnerability in timeplus-io proton (base/poco/Foundation/src‎ modules).106d ago
CVE-2026-4745CVE-2026-4745: Improper Control of Generation of Code ('Code Injection') vulnerability in dendibakh perf-ninja (labs/misc/pgo/lua 106d ago
CVE-2026-4662highCVE-2026-4662: The JetEngine plugin for WordPress is vulnerable to SQL Injection via the `listing_load_more` AJAX action in all ve106d ago
CVE-2026-4640highCVE-2026-4640: Vitals ESP developed by Galaxy Software Services has a Missing Authentication vulnerability, allowing unauthenticat106d ago
CVE-2026-4639highCVE-2026-4639: Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticate106d ago
CVE-2026-4632highCVE-2026-4632: A weakness has been identified in itsourcecode Online Enrollment System 1.0.106d ago
CVE-2026-4627highCVE-2026-4627: A vulnerability was found in D-Link DIR-825 and DIR-825R 1.0.5/4.5.1.106d ago
CVE-2026-4283criticalCVE-2026-4283: The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up106d ago
CVE-2026-3260CVE-2026-3260: Rejected reason: The Undertow web server enforces a default maximum HTTP request entity size limit.106d ago
CVE-2026-3138mediumCVE-2026-3138: The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a mis106d ago
CVE-2026-4744CVE-2026-4744: Out-of-bounds Read vulnerability in rizonesoft Notepad3 (‎scintilla/oniguruma/src modules).106d ago
CVE-2026-4743CVE-2026-4743: NULL Pointer Dereference vulnerability in taurusxin ncmdump (‎src/utils‎ modules).106d ago
CVE-2026-4742CVE-2026-4742: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide 106d ago
CVE-2026-4741CVE-2026-4741: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TeamJCD JoyConDroid106d ago
CVE-2026-4739CVE-2026-4739: Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat 106d ago
CVE-2026-4738CVE-2026-4738: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/con106d ago
CVE-2026-4737CVE-2026-4737: Use After Free vulnerability in No-Chicken Echo-Mate (‎SDK/rv1106-sdk/sysdrv/source/kernel/mm modules).106d ago
CVE-2026-4736CVE-2026-4736: Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/106d ago
CVE-2026-4735CVE-2026-4735: Deserialization of Untrusted Data vulnerability in DTStack chunjun (‎chunjun-core/src/main/java/com/dtstack/chunjun106d ago
CVE-2026-4734CVE-2026-4734: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libop106d ago
CVE-2026-4733mediumCVE-2026-4733: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue a106d ago
CVE-2026-4732CVE-2026-4732: Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules).106d ago
CVE-2026-4731CVE-2026-4731: Integer Overflow or Wraparound vulnerability in artraweditor ART (‎rtengine‎ modules).106d ago
CVE-2026-4626lowCVE-2026-4626: A vulnerability has been found in projectworlds Lawyer Management System 1.0.106d ago
CVE-2026-4625highCVE-2026-4625: A flaw has been found in SourceCodester Online Admission System 1.0.106d ago
CVE-2026-4624highCVE-2026-4624: A vulnerability was detected in SourceCodester Online Library Management System 1.0.106d ago
CVE-2026-4623highCVE-2026-4623: A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b106d ago
CVE-2026-33308mediumCVE-2026-33308: Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS.106d ago
CVE-2026-3079mediumCVE-2026-3079: The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filters[orderby_ord106d ago
CVE-2026-33307highCVE-2026-33307: Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS.106d ago
CVE-2026-4680highCVE-2026-4680: Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary cod106d ago
CVE-2026-4679highCVE-2026-4679: Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of b106d ago
CVE-2026-4678highCVE-2026-4678: Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary co106d ago
CVE-2026-4677highCVE-2026-4677: Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perf106d ago
CVE-2026-4676highCVE-2026-4676: Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a 106d ago
CVE-2026-4675highCVE-2026-4675: Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out 106d ago
CVE-2026-4674highCVE-2026-4674: Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of boun106d ago
CVE-2026-4673highCVE-2026-4673: Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an o106d ago
CVE-2026-4617highCVE-2026-4617: A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0.106d ago
CVE-2026-4616lowCVE-2026-4616: A security flaw has been discovered in bolo-blog up to 2.6.4.106d ago
CVE-2026-33320mediumCVE-2026-33320: Dasel is a command-line tool and library for querying, modifying, and transforming data structures.106d ago
CVE-2026-33306highCVE-2026-33306: bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm.106d ago
CVE-2026-33298highCVE-2026-33298: llama.cpp is an inference of several LLM models in C/C++.106d ago
CVE-2026-33290mediumCVE-2026-33290: WPGraphQL provides a GraphQL API for WordPress sites.106d ago
CVE-2026-22739highCVE-2026-22739: Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Conf106d ago
CVE-2026-4615highCVE-2026-4615: A vulnerability was identified in SourceCodester Online Catering Reservation 1.0.106d ago
CVE-2026-4614mediumCVE-2026-4614: A vulnerability was determined in itsourcecode sanitize or validate this input 1.0.106d ago
CVE-2026-4613highCVE-2026-4613: A vulnerability was found in SourceCodester E-Commerce Site 1.0.106d ago
CVE-2026-4056mediumCVE-2026-4056: The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a106d ago
CVE-2026-4021highCVE-2026-4021: The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeove106d ago
CVE-2026-4001criticalCVE-2026-4001: The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versio106d ago
CVE-2026-3533highCVE-2026-3533: The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on impor106d ago
CVE-2026-33286criticalCVE-2026-33286: Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface.106d ago
CVE-2026-33283mediumCVE-2026-33283: Ella Core is a 5G core designed for private networks.106d ago
CVE-2026-33282highCVE-2026-33282: Ella Core is a 5G core designed for private networks.106d ago
CVE-2026-33281mediumCVE-2026-33281: Ella Core is a 5G core designed for private networks.106d ago
CVE-2026-33252highCVE-2026-33252: The Go MCP SDK used Go's standard encoding/json.106d ago
CVE-2026-33250highCVE-2026-33250: Freeciv21 is a free open source, turn-based, empire-building strategy game.106d ago
CVE-2026-33242highCVE-2026-33242: Salvo is a Rust web framework.106d ago
CVE-2026-33241highCVE-2026-33241: Salvo is a Rust web framework.106d ago
CVE-2026-33211criticalCVE-2026-33211: Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines.106d ago
CVE-2026-33202criticalCVE-2026-33202: Active Storage allows users to attach cloud and local files in Rails applications.106d ago
CVE-2026-33195criticalCVE-2026-33195: Active Storage allows users to attach cloud and local files in Rails applications.106d ago
CVE-2026-33176highCVE-2026-33176: Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework.106d ago
CVE-2026-33174highCVE-2026-33174: Active Storage allows users to attach cloud and local files in Rails applications.106d ago
CVE-2026-33173mediumCVE-2026-33173: Active Storage allows users to attach cloud and local files in Rails applications.106d ago
CVE-2026-33170mediumCVE-2026-33170: Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework.106d ago
CVE-2026-33169mediumCVE-2026-33169: Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework.106d ago
CVE-2026-4306highCVE-2026-4306: The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up106d ago
CVE-2026-4066mediumCVE-2026-4066: The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capabili106d ago
CVE-2026-3225mediumCVE-2026-3225: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question 106d ago
CVE-2026-33168CVE-2026-33168: Action View provides conventions and helpers for building web pages with the Rails framework.106d ago
CVE-2026-33167CVE-2026-33167: Action Pack is a Rubygem for building web applications on the Rails framework.106d ago
CVE-2026-33046highCVE-2026-33046: Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask.106d ago
CVE-2026-2412mediumCVE-2026-2412: The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' para106d ago
CVE-2026-4681CVE-2026-4681: A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM.106d ago
CVE-2026-4612highCVE-2026-4612: A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0.106d ago
CVE-2026-4611highCVE-2026-4611: A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826.106d ago
CVE-2026-33634highCVE-2026-33634: Trivy is a security scanner.106d ago
CVE-2026-32913criticalCVE-2026-32913: OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards 106d ago
CVE-2026-32912CVE-2026-32912: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32911CVE-2026-32911: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32910CVE-2026-32910: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32909CVE-2026-32909: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32908CVE-2026-32908: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32907CVE-2026-32907: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32904CVE-2026-32904: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32903CVE-2026-32903: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32902CVE-2026-32902: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32901CVE-2026-32901: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32900CVE-2026-32900: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32300highCVE-2026-32300: Connect-CMS is a content management system.106d ago
CVE-2026-32299highCVE-2026-32299: Connect-CMS is a content management system.106d ago
CVE-2026-32279mediumCVE-2026-32279: Connect-CMS is a content management system.106d ago
CVE-2026-32278highCVE-2026-32278: Connect-CMS is a content management system.106d ago
CVE-2026-32277highCVE-2026-32277: Connect-CMS is a content management system.106d ago
CVE-2026-32276highCVE-2026-32276: Connect-CMS is a content management system.106d ago
CVE-2026-32066CVE-2026-32066: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32047CVE-2026-32047: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-32012CVE-2026-32012: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-29111mediumCVE-2026-29111: systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC AP106d ago
CVE-2026-28483CVE-2026-28483: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-28455CVE-2026-28455: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-27646mediumCVE-2026-27646: OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows a106d ago
CVE-2026-27183mediumCVE-2026-27183: OpenClaw versions prior to 2026.3.7 contain a shell approval gating bypass vulnerability in system.run dispatch-wr106d ago
CVE-2026-22173CVE-2026-22173: Rejected reason: This CVE ID has been rejected.106d ago
CVE-2026-1940mediumCVE-2026-1940: An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function.106d ago
CVE-2025-60949criticalCVE-2025-60949: Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments.106d ago
CVE-2025-60948mediumCVE-2025-60948: Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields.106d ago
CVE-2025-60947highCVE-2025-60947: Census CSWeb 8.0.1 allows arbitrary file upload.106d ago
CVE-2025-60946highCVE-2025-60946: Census CSWeb 8.0.1 allows arbitrary file path input.106d ago
CVE-2026-4597mediumCVE-2026-4597: A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4.106d ago
CVE-2026-4368CVE-2026-4368: Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, 106d ago
CVE-2026-3055criticalCVE-2026-3055: Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memor106d ago
CVE-2026-23882highCVE-2026-23882: Blinko is an AI-powered card note-taking project.106d ago
CVE-2026-23488mediumCVE-2026-23488: Blinko is an AI-powered card note-taking project.106d ago
CVE-2026-23487mediumCVE-2026-23487: Blinko is an AI-powered card note-taking project.106d ago
CVE-2026-23486mediumCVE-2026-23486: Blinko is an AI-powered card note-taking project.106d ago
CVE-2026-23485mediumCVE-2026-23485: Blinko is an AI-powered card note-taking project.106d ago
CVE-2026-23484mediumCVE-2026-23484: Blinko is an AI-powered card note-taking project.106d ago
CVE-2026-23483mediumCVE-2026-23483: Blinko is an AI-powered card note-taking project.106d ago
CVE-2026-23482highCVE-2026-23482: Blinko is an AI-powered card note-taking project.106d ago
CVE-2026-23481mediumCVE-2026-23481: Blinko is an AI-powered card note-taking project.106d ago
CVE-2026-23480highCVE-2026-23480: Blinko is an AI-powered card note-taking project.106d ago
CVE-2026-4596lowCVE-2026-4596: A vulnerability was identified in projectworlds Lawyer Management System 1.0.106d ago
CVE-2026-33548mediumCVE-2026-33548: Mantis Bug Tracker (MantisBT) is an open source issue tracker.106d ago
CVE-2026-33517mediumCVE-2026-33517: Mantis Bug Tracker (MantisBT) is an open source issue tracker.106d ago
CVE-2026-32879mediumCVE-2026-32879: New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system.106d ago
CVE-2026-32852mediumCVE-2026-32852: MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface106d ago
CVE-2026-32851mediumCVE-2026-32851: MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface106d ago
CVE-2026-32850mediumCVE-2026-32850: MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface106d ago
CVE-2026-30886mediumCVE-2026-30886: New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system.106d ago
CVE-2026-30849criticalCVE-2026-30849: Mantis Bug Tracker (MantisBT) is an open source issue tracker.106d ago
CVE-2026-2298criticalCVE-2026-2298: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Mark106d ago
CVE-2026-27131mediumCVE-2026-27131: The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS.106d ago
CVE-2025-52204mediumCVE-2025-52204: A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCus106d ago
CVE-2024-46879mediumCVE-2024-46879: A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.106d ago
CVE-2024-46878mediumCVE-2024-46878: A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 106d ago
CVE-2026-4595lowCVE-2026-4595: A vulnerability was determined in code-projects Exam Form Submission 1.0.106d ago
CVE-2026-33723highCVE-2026-33723: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33719highCVE-2026-33719: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33717highCVE-2026-33717: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33716criticalCVE-2026-33716: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33690mediumCVE-2026-33690: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33688mediumCVE-2026-33688: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33685mediumCVE-2026-33685: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33683mediumCVE-2026-33683: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33681highCVE-2026-33681: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33651highCVE-2026-33651: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33650highCVE-2026-33650: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33649highCVE-2026-33649: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33648highCVE-2026-33648: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33647highCVE-2026-33647: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33513highCVE-2026-33513: WWBN AVideo is an open source video platform.106d ago
CVE-2026-33512highCVE-2026-33512: WWBN AVideo is an open source video platform.106d ago
CVE-2026-26209highCVE-2026-26209: cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format.106d ago
CVE-2026-25075highCVE-2026-25075: strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser tha106d ago
CVE-2026-0898CVE-2026-0898: An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are 106d ago
CVE-2025-15606highCVE-2025-15606: A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input s106d ago
CVE-2026-4594highCVE-2026-4594: A vulnerability has been found in erupts erupt up to 1.13.3.106d ago
CVE-2025-15605highCVE-2025-15605: A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 e106d ago
CVE-2025-15519highCVE-2025-15519: Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and106d ago
CVE-2025-15518highCVE-2025-15518: Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and106d ago
CVE-2025-15517highCVE-2025-15517: A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi e106d ago
CVE-2026-4593mediumCVE-2026-4593: A flaw has been found in erupts erupt bis 1.13.3.107d ago
CVE-2026-33507highCVE-2026-33507: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33502criticalCVE-2026-33502: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33501mediumCVE-2026-33501: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33500mediumCVE-2026-33500: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33499mediumCVE-2026-33499: WWBN AVideo is an open source video platform.107d ago
CVE-2026-30007mediumCVE-2026-30007: XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file107d ago
CVE-2026-30006mediumCVE-2026-30006: XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file.107d ago
CVE-2026-26829highCVE-2026-26829: A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allow107d ago
CVE-2026-26828highCVE-2026-26828: A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652107d ago
CVE-2026-24516highCVE-2026-24516: A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2.107d ago
CVE-2026-4592mediumCVE-2026-4592: A security vulnerability has been detected in kalcaddle kodbox 1.64.107d ago
CVE-2026-4591mediumCVE-2026-4591: A weakness has been identified in kalcaddle kodbox 1.64.107d ago
CVE-2026-33493highCVE-2026-33493: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33492highCVE-2026-33492: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33488highCVE-2026-33488: WWBN AVideo is an open source video platform.107d ago
CVE-2026-32845highCVE-2026-32845: cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when valid107d ago
CVE-2024-51226mediumCVE-2024-51226: A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle107d ago
CVE-2024-51225mediumCVE-2024-51225: A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Reco107d ago
CVE-2024-51224mediumCVE-2024-51224: Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle107d ago
CVE-2024-51223mediumCVE-2024-51223: A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record107d ago
CVE-2024-51222mediumCVE-2024-51222: A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record107d ago
CVE-2026-4590lowCVE-2026-4590: A security flaw has been discovered in kalcaddle kodbox 1.64.107d ago
CVE-2026-4404criticalCVE-2026-4404: Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default pass107d ago
CVE-2026-33485highCVE-2026-33485: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33483highCVE-2026-33483: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33482highCVE-2026-33482: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33480highCVE-2026-33480: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33479highCVE-2026-33479: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33478criticalCVE-2026-33478: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33354highCVE-2026-33354: WWBN AVideo is an open source video platform.107d ago
CVE-2026-4647mediumCVE-2026-4647: A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object 107d ago
CVE-2026-4645CVE-2026-4645: Rejected reason: Duplicate of CVE-2026-32287107d ago
CVE-2026-4589mediumCVE-2026-4589: A vulnerability was identified in kalcaddle kodbox 1.64.107d ago
CVE-2026-3635mediumCVE-2026-3635: Summary When trustProxy is configured with a restrictive trust function (e.g., a specific IP like trustProxy: '10.0107d ago
CVE-2026-33352criticalCVE-2026-33352: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33351criticalCVE-2026-33351: WWBN AVideo is an open source video platform.107d ago
CVE-2026-33297criticalCVE-2026-33297: WWBN AVideo is an open source video platform.107d ago
CVE-2025-41008CVE-2025-41008: SQL injection vulnerability in Sinturno.107d ago
CVE-2019-25625mediumCVE-2019-25625: Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application b107d ago
CVE-2019-25624mediumCVE-2019-25624: Liquid Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application107d ago
CVE-2019-25623mediumCVE-2019-25623: Luminance Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the applicat107d ago
CVE-2019-25622mediumCVE-2019-25622: Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application 107d ago
CVE-2019-25621mediumCVE-2019-25621: Pixel Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application 107d ago
CVE-2019-25620mediumCVE-2019-25620: Tree Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application b107d ago
CVE-2026-4588lowCVE-2026-4588: A vulnerability was determined in kalcaddle kodbox 1.64.107d ago
CVE-2026-4587lowCVE-2026-4587: A vulnerability was found in HybridAuth up to 3.12.2.107d ago
CVE-2026-4586mediumCVE-2026-4586: A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7.107d ago
CVE-2026-31851criticalCVE-2026-31851: Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account locko107d ago
CVE-2026-31850mediumCVE-2026-31850: Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administr107d ago
CVE-2026-31849mediumCVE-2026-31849: Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-chan107d ago
CVE-2026-31848criticalCVE-2026-31848: Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which107d ago
CVE-2026-31847highCVE-2026-31847: Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 1107d ago
CVE-2026-1958CVE-2026-1958: Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to seve107d ago
CVE-2025-41007CVE-2025-41007: SQL Injection in Cuantis.107d ago
CVE-2026-4585criticalCVE-2026-4585: A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0.107d ago
CVE-2026-4584lowCVE-2026-4584: A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N.107d ago
CVE-2026-32969highCVE-2026-32969: An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpoi107d ago
CVE-2026-32968criticalCVE-2026-32968: Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker c107d ago
CVE-2026-31846mediumCVE-2026-31846: Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.0107d ago
CVE-2026-4633lowCVE-2026-4633: A flaw was found in Keycloak.107d ago
CVE-2026-4583mediumCVE-2026-4583: A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N.107d ago
CVE-2026-28809mediumCVE-2026-28809: XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read lo107d ago
CVE-2026-4582mediumCVE-2026-4582: A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N.107d ago
CVE-2026-4581highCVE-2026-4581: A weakness has been identified in code-projects Simple Laundry System 1.0.107d ago
CVE-2026-4628mediumCVE-2026-4628: A flaw was found in Keycloak.107d ago
CVE-2026-4580highCVE-2026-4580: A security flaw has been discovered in code-projects Simple Laundry System 1.0.107d ago
CVE-2026-4579highCVE-2026-4579: A vulnerability was identified in code-projects Simple Laundry System 1.0.107d ago
CVE-2026-4578lowCVE-2026-4578: A vulnerability was determined in code-projects Exam Form Submission 1.0.107d ago
CVE-2026-3587criticalCVE-2026-3587: An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interfa107d ago
CVE-2026-4577lowCVE-2026-4577: A vulnerability was found in code-projects Exam Form Submission 1.0.107d ago
CVE-2026-23555highCVE-2026-23555: Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash x107d ago
CVE-2026-23554highCVE-2026-23554: The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dro107d ago
CVE-2025-6229mediumCVE-2025-6229: The Sina Extension for Elementor (Header Builder, Footer Builter, Theme Builder, Slider, Gallery, Form, Modal, Data107d ago
CVE-2025-13997mediumCVE-2025-13997: The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor pl107d ago
CVE-2026-4603mediumCVE-2026-4603: Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL 107d ago
CVE-2026-4602highCVE-2026-4602: Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to107d ago
CVE-2026-4601highCVE-2026-4601: Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DS107d ago
CVE-2026-4600highCVE-2026-4600: Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature 107d ago
CVE-2026-4599criticalCVE-2026-4599: Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing107d ago
CVE-2026-4598highCVE-2026-4598: Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ex107d ago
CVE-2026-4576lowCVE-2026-4576: A vulnerability has been found in code-projects Exam Form Submission 1.0.107d ago
CVE-2026-4575lowCVE-2026-4575: A flaw has been found in code-projects Exam Form Submission 1.0.107d ago
CVE-2026-4574mediumCVE-2026-4574: A vulnerability was detected in SourceCodester Simple E-learning System 1.0.107d ago
CVE-2026-4573mediumCVE-2026-4573: A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0.107d ago
CVE-2026-1969mediumCVE-2026-1969: The trx_addons WordPress plugin before 2.38.5 does not correctly validate file types in one of its AJAX action, all107d ago
CVE-2025-10734mediumCVE-2025-10734: The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plug107d ago
CVE-2025-10731mediumCVE-2025-10731: The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plug107d ago
CVE-2025-10679highCVE-2025-10679: The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plug107d ago
CVE-2026-4572mediumCVE-2026-4572: A weakness has been identified in SourceCodester Sales and Inventory System 1.0.107d ago
CVE-2026-4571mediumCVE-2026-4571: A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0.107d ago
CVE-2026-4570mediumCVE-2026-4570: A vulnerability was identified in SourceCodester Sales and Inventory System 1.0.107d ago
CVE-2025-10736mediumCVE-2025-10736: The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plug107d ago
CVE-2026-4569mediumCVE-2026-4569: A vulnerability was determined in SourceCodester Sales and Inventory System 1.0.107d ago
CVE-2026-4568mediumCVE-2026-4568: A vulnerability was found in SourceCodester Sales and Inventory System 1.0.107d ago
CVE-2026-4567criticalCVE-2026-4567: A vulnerability has been found in Tenda A15 15.13.07.13.107d ago
CVE-2026-4566highCVE-2026-4566: A flaw has been found in Belkin F9K1122 1.00.33.107d ago
CVE-2026-4606CVE-2026-4606: GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowin107d ago
CVE-2026-4565highCVE-2026-4565: A vulnerability was detected in Tenda AC21 16.03.08.16.107d ago
CVE-2026-4564mediumCVE-2026-4564: A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2.107d ago
CVE-2026-4563mediumCVE-2026-4563: A weakness has been identified in MacCMS up to 2025.1000.4052.107d ago
CVE-2026-4562highCVE-2026-4562: A security flaw has been discovered in MacCMS 2025.1000.4052.107d ago
CVE-2026-2580highCVE-2026-2580: The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vu107d ago
CVE-2026-4558highCVE-2026-4558: A flaw has been found in Linksys MR9600 2.0.6.206937.107d ago
CVE-2026-4557mediumCVE-2026-4557: A vulnerability was detected in code-projects Exam Form Submission 1.0.107d ago
CVE-2026-4555highCVE-2026-4555: A weakness has been identified in D-Link DIR-513 1.10.108d ago
CVE-2026-4554mediumCVE-2026-4554: A security flaw has been discovered in Tenda F453 1.0.0.3.108d ago
CVE-2026-33319mediumCVE-2026-33319: WWBN AVideo is an open source video platform.108d ago
CVE-2026-33296mediumCVE-2026-33296: WWBN AVideo is an open source video platform.108d ago
CVE-2026-33295mediumCVE-2026-33295: WWBN AVideo is an open source video platform.108d ago
CVE-2026-33294mediumCVE-2026-33294: WWBN AVideo is an open source video platform.108d ago
CVE-2026-33293highCVE-2026-33293: WWBN AVideo is an open source video platform.108d ago
CVE-2026-33292highCVE-2026-33292: WWBN AVideo is an open source video platform.108d ago
CVE-2026-4553highCVE-2026-4553: A vulnerability was identified in Tenda F453 1.0.0.3.108d ago
CVE-2026-4552highCVE-2026-4552: A vulnerability was determined in Tenda F453 1.0.0.3.108d ago
CVE-2026-4551highCVE-2026-4551: A vulnerability was found in Tenda F453 1.0.0.3.108d ago
CVE-2026-4550mediumCVE-2026-4550: A vulnerability has been found in code-projects Simple Gym Management System up to 1.0.108d ago
CVE-2026-4549lowCVE-2026-4549: A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0.108d ago
CVE-2026-4548mediumCVE-2026-4548: A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0.108d ago
CVE-2026-4547mediumCVE-2026-4547: A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0.108d ago
CVE-2026-4546highCVE-2026-4546: A weakness has been identified in Flos Freeware Notepad2 4.2.25.108d ago
CVE-2019-25619highCVE-2019-25619: FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows loca108d ago
CVE-2019-25618mediumCVE-2019-25618: AdminExpress 1.2.5 contains a denial of service vulnerability that allows local attackers to crash the application108d ago
CVE-2019-25617mediumCVE-2019-25617: Ease Audio Converter 5.30 contains a denial of service vulnerability in the Audio Cutter function that allows loca108d ago
CVE-2019-25616mediumCVE-2019-25616: AnMing MP3 CD Burner 2.0 contains a buffer overflow vulnerability that allows local attackers to crash the applica108d ago
CVE-2019-25615highCVE-2019-25615: Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows loc108d ago
CVE-2019-25614criticalCVE-2019-25614: Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attacke108d ago
CVE-2019-25613highCVE-2019-25613: Easy Chat Server 3.1 contains a denial of service vulnerability that allows remote attackers to crash the applicat108d ago
CVE-2019-25612highCVE-2019-25612: Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows l108d ago
CVE-2019-25611highCVE-2019-25611: MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attacker108d ago
CVE-2019-25610mediumCVE-2019-25610: NetNumber Titan Master 7.9.1 contains a path traversal vulnerability in the drp endpoint that allows authenticated108d ago
CVE-2019-25609highCVE-2019-25609: JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuratio108d ago
CVE-2019-25608highCVE-2019-25608: Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbi108d ago
CVE-2019-25607highCVE-2019-25607: Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attac108d ago
CVE-2019-25606mediumCVE-2019-25606: Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the ap108d ago
CVE-2019-25605highCVE-2019-25605: EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user creden108d ago
CVE-2019-25604highCVE-2019-25604: DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows l108d ago
CVE-2019-25603highCVE-2019-25603: TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attac108d ago
CVE-2019-25602mediumCVE-2019-25602: GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by108d ago
CVE-2019-25601mediumCVE-2019-25601: UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that a108d ago
CVE-2019-25600mediumCVE-2019-25600: UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application 108d ago
CVE-2019-25599mediumCVE-2019-25599: Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the appl108d ago
CVE-2019-25598mediumCVE-2019-25598: HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the 108d ago
CVE-2019-25597mediumCVE-2019-25597: NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local a108d ago
CVE-2019-25596mediumCVE-2019-25596: SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attacker108d ago
CVE-2019-25595mediumCVE-2019-25595: jetAudio 8.1.7.20702 Basic contains a denial of service vulnerability that allows local attackers to crash the app108d ago
CVE-2019-25594mediumCVE-2019-25594: ASPRunner.NET 10.1 contains a denial of service vulnerability that allows local attackers to crash the application108d ago
CVE-2019-25593mediumCVE-2019-25593: jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application108d ago
CVE-2019-25592mediumCVE-2019-25592: PHPRunner 10.1 contains a denial of service vulnerability that allows local attackers to crash the application by 108d ago
CVE-2019-25591mediumCVE-2019-25591: DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input fie108d ago
CVE-2019-25590mediumCVE-2019-25590: Axessh 4.2 contains a denial of service vulnerability in the logging configuration that allows local attackers to 108d ago
CVE-2026-4115lowCVE-2026-4115: A vulnerability was detected in PuTTY 0.83.108d ago
CVE-2026-4545highCVE-2026-4545: A security flaw has been discovered in Flos Freeware Notepad2 4.2.25.108d ago
CVE-2026-4544lowCVE-2026-4544: A vulnerability was determined in Wavlink WL-WN578W2 221110.108d ago
CVE-2026-4543mediumCVE-2026-4543: A vulnerability was found in Wavlink WL-WN578W2 221110.108d ago
CVE-2026-4542mediumCVE-2026-4542: A vulnerability has been found in SSCMS 4.7.0.108d ago
CVE-2026-4541lowCVE-2026-4541: A flaw has been found in janmojzis tinyssh up to 20250501.108d ago
CVE-2026-4540highCVE-2026-4540: A vulnerability was detected in projectworlds Online Notes Sharing System 1.0.108d ago
CVE-2026-4539lowCVE-2026-4539: A security flaw has been discovered in pygments up to 2.19.2.108d ago