general
general
- CVE-2025-30007 - HestiaCP before 1.9.5 contains an authenticated OS command injection vulnerability that allows low-privilege a
- CVE-2025-70796 - An unauthenticated path traversal vulnerability exists in the web management interface of WTI (Wireless Techno
- CVE-2026-11321 - The DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds) concatenates user-supplied CSV field values directly
- CVE-2026-15143 - A flaw was found in the file_type content detector of guardrails-detectors
- CVE-2026-15378 - A flaw was found in the guardrails-detectors component
- CVE-2026-20744 - The charging station websocket endpoint accepts connections without proper authentication, which could lead to
- CVE-2026-21042 - Out-of-bounds write in libsavsac.so prior to SMR Jul-2026 Release 1 allows local attackers to execute arbitrar
- CVE-2026-21045 - Out-of-bounds write in parsing TIFF format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 all
- CVE-2026-21046 - Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows lo
- CVE-2026-21048 - Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allo
- CVE-2026-21049 - Out-of-bounds write in libpadm.so library prior to SMR Jul-2026 Release 1 allows local attackers to execute ar
- CVE-2026-21055 - Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to
- CVE-2026-22659 - FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows aut
- CVE-2026-22660 - FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated
- CVE-2026-2397 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Adam Ret
- CVE-2026-2398 - Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd
- CVE-2026-28564 - Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB
- CVE-2026-33382 - Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before
- CVE-2026-38057 - The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication
- CVE-2026-38059 - The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication
- CVE-2026-39244 - adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompresse
- CVE-2026-40005 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB
- CVE-2026-40452 - Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB
- CVE-2026-40454 - Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client
- CVE-2026-41482 - Frappe is a full-stack web application framework
- CVE-2026-41876 - R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction() function
- CVE-2026-41878 - R-SOFT DMS is vulnerable to Insecure Direct Object Reference (IDOR) attack in multiple file download endpoints
- CVE-2026-41879 - R-SOFT DMS stores superadmin credentials using a non-salted nested MD5 hash
- CVE-2026-41880 - R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition (OCR) module
- CVE-2026-42952 - Previously, there was no throttling on repeated authentication attempts to the charging station backend, which
- CVE-2026-44383 - Multiple connections to the backend using the same charging station ID are allowed, which could allow an attac
- CVE-2026-49213 - TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/v
- CVE-2026-49394 - Frappe is a full-stack web application framework
- CVE-2026-51119 - An issue in Invixium IXM WEB v.2.3.85.25 allows an attacker to escalate privileges via the /SystemUsers/Create
- CVE-2026-52747 - ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx
- CVE-2026-53448 - Coturn is a free open source implementation of TURN and STUN Server
- CVE-2026-53450 - Coturn is a free open source implementation of TURN and STUN Server
- CVE-2026-53653 - Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to e
- CVE-2026-53657 - Lima launches Linux virtual machines, typically on macOS, for running containerd
- CVE-2026-54000 - osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework
- CVE-2026-54001 - osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework
- CVE-2026-54423 - In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management i
- CVE-2026-54469 - Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vul
- CVE-2026-55175 - Spinnaker is an open source, multi-cloud continuous delivery platform
- CVE-2026-55213 - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3
- CVE-2026-55233 - OpenResty is a high performance web platform
- CVE-2026-55377 - Logto is the modern, open-source auth infrastructure for SaaS and AI apps
- CVE-2026-55460 - Snipe-IT is an IT asset/license management system
- CVE-2026-55474 - Snipe-IT is an IT asset/license management system
- CVE-2026-55500 - 9Router is an AI router & token saver. Prior to 0.4.80, the /api/settings/database endpoint allows full databa
- CVE-2026-55501 - 9Router is an AI router & token saver. Prior to 0.4.80, the dashboard login rate limiter in src/lib/auth/login
- CVE-2026-55516 - Snipe-IT is an IT asset/license management system
- CVE-2026-55638 - 9Router is an AI router & token saver. Prior to 0.5.2, 9router protects /v1, /v1beta, /api/v1, and /api/v1beta
- CVE-2026-55641 - 9Router is an AI router & token saver. Prior to 0.5.2, 9router determines whether a /v1 LLM proxy request is l
- CVE-2026-55672 - ZITADEL is an open source identity management platform
- CVE-2026-55687 - ESF-IDF is the Espressif Internet of Things (IOT) Development Framework
- CVE-2026-55789 - Logto is the modern, open-source auth infrastructure for SaaS and AI apps
- CVE-2026-55827 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-55843 - Snipe-IT is an IT asset/license management system
- CVE-2026-55852 - Frappe is a full-stack web application framework
- CVE-2026-55879 - OpenReplay is a self-hosted session replay suite
- CVE-2026-55880 - OpenReplay is a self-hosted session replay suite
- CVE-2026-55881 - OpenReplay is a self-hosted session replay suite
- CVE-2026-55883 - Tilt defines dev environments as code for microservice apps on Kubernetes
- CVE-2026-55884 - Tilt defines dev environments as code for microservice apps on Kubernetes
- CVE-2026-56291 - Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
- CVE-2026-56668 - ZITADEL is an open source identity management platform
- CVE-2026-56675 - 9Router is an AI router & token saver. Prior to 0.5.2, 9router treats loopback requests as trusted and allows
- CVE-2026-56676 - 9Router is an AI router & token saver. Prior to 0.5.2, 9router validates image URLs by resolving the host befo
- CVE-2026-56688 - Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements us
- CVE-2026-56689 - Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements us
- CVE-2026-56690 - Dell PowerFlex Manager, Version prior to 5.1.0.1, contain(s) an Improper Neutralization of Special Elements us
- CVE-2026-56765 - Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashe
- CVE-2026-57156 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-57212 - RabbitMQ is a messaging and streaming broker
- CVE-2026-57215 - RabbitMQ is a messaging and streaming broker
- CVE-2026-57217 - RabbitMQ is a messaging and streaming broker
- CVE-2026-57219 - RabbitMQ is a messaging and streaming broker
- CVE-2026-57220 - RabbitMQ is a messaging and streaming broker
- CVE-2026-57574 - Misskey is an open source, federated social media platform
- CVE-2026-57807 - Authentication Bypass Using an Alternate Path or Channel vulnerability in miniOrange Security Software Pvt Ltd
- CVE-2026-57850 - RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer g
- CVE-2026-5801 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek I
- CVE-2026-58492 - grav-plugin-database is the database plugin for Grav CMS
- CVE-2026-58499 - EverOS is a memory runtime for agents. Prior to 1.0.1, EverOS is vulnerable to path traversal in the POST /api
- CVE-2026-59151 - Prowler is a cloud security platform. Prior to 5.30.3, Prowler's SAML authentication flow trusted the email do
- CVE-2026-59190 - grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages
- CVE-2026-59792 - In JetBrains IntelliJ IDEA before 2026.1.4, 2026.2 code execution via path traversal in project workspace ID h
- CVE-2026-59793 - In JetBrains TeamCity before 2026.1.2 arbitrary file access was possible via the Perforce VCS integration
- CVE-2026-59794 - In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported dat
- CVE-2026-59795 - In JetBrains TeamCity before 2026.1.2 stored XSS via unauthenticated agent registration was possible
- CVE-2026-61434 - PraisonAI versions before 4.6.78 contain an allowlist bypass vulnerability in shell command execution that all
- CVE-2026-61441 - PraisonAI Platform (praisonai-platform) before 0.1.9 improperly authorizes deletion of issue dependencies
- CVE-2026-61455 - Grav before 2.0.1 contains a decompression bomb vulnerability in ZipArchiver::extract() that lacks limits on u
- CVE-2026-61459 - MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools (kubectl_g
- CVE-2026-61460 - Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonC
- CVE-2026-61461 - Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows
- CVE-2026-6212 - Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc
- CVE-2025-27462 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities corresp
- CVE-2025-27463 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities corresp
- CVE-2025-27464 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities corresp
- CVE-2025-45422 - Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictio
- CVE-2025-58146 - There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the noti
- CVE-2025-58151 - varstored is a component of the Xapi toolstack handling UEFI Variables for a VM
- CVE-2025-63579 - Unauthorized use of Kyocera printers, allows all information stored in the Kyocera address book to be exported
- CVE-2026-12593 - The implementation of an internal and undocumented Dashboard API endpoint (POST /api/users/~/{user}/tokens) fo
- CVE-2026-13462 - PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certif
- CVE-2026-14261 - A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reins
- CVE-2026-15270 - A weakness has been identified in D-link DIR-823G 1.0.2B05_20181207
- CVE-2026-15271 - A security vulnerability has been detected in TOTOLINK A3000RU, A3100R, A950RG, AC1200T10, CP450, CS185R_T10 a
- CVE-2026-15308 - The incremental HTML parser (html.parser.HTMLParser) allows for CPU denial-of-service through repeated untermi
- CVE-2026-1989 - Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc
- CVE-2026-2342 - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OceanicS
- CVE-2026-23556 - When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked
- CVE-2026-23559 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities corresp
- CVE-2026-23560 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities corresp
- CVE-2026-23561 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities corresp
- CVE-2026-23562 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities corresp
- CVE-2026-31984 - A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging
- CVE-2026-33390 - An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc
- CVE-2026-38076 - An integer overflow in the jbig2_arith_iaid_ctx_new() function of Artifex commit cc37d0 allows attackers to ca
- CVE-2026-39246 - decompress before 4.2.2 allows arbitrary symlink creation during archive extraction
- CVE-2026-41857 - A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation wh
- CVE-2026-42486 - [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities corresp
- CVE-2026-4256 - Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in PEAKUP T
- CVE-2026-44787 - Discourse is an open-source discussion platform
- CVE-2026-47826 - The blobs.yml path key traversal vulnerability in the BOSH CLI tool allows an attacker to write arbitrary file
- CVE-2026-47829 - Argument Injection in bosh-cli allows a compromised BOSH Director to inject arbitrary OpenSSH options into the
- CVE-2026-47830 - Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-
- CVE-2026-47831 - Use of a cryptographically weak random number generator in the GenerateRandomPassword function in bosh-windows
- CVE-2026-49276 - Kirby is an open-source content management system
- CVE-2026-50180 - Langroid is a framework for building large-language-model-powered applications
- CVE-2026-50181 - Langroid is a framework for building large-language-model-powered applications
- CVE-2026-50644 - SOPlanning is vulnerable to SQL injection in the audit retention configuration
- CVE-2026-51597 - MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest a
- CVE-2026-51599 - An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel
- CVE-2026-51600 - Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests (includi
- CVE-2026-51601 - Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service
- CVE-2026-51602 - A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows
- CVE-2026-51603 - A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows
- CVE-2026-51604 - A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) allows
- CVE-2026-51605 - A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.991) allow
- CVE-2026-51606 - An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 (firmware V31.1.9.91) causes th
- CVE-2026-51923 - An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c allowing a re
- CVE-2026-53963 - Discourse is an open-source discussion platform
- CVE-2026-53987 - The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the
- CVE-2026-54002 - Kirby is an open-source content management system
- CVE-2026-54003 - Kirby is an open-source content management system
- CVE-2026-54005 - Kirby is an open-source content management system
- CVE-2026-54760 - Langroid is a framework for building large-language-model-powered applications
- CVE-2026-54771 - Langroid is a framework for building large-language-model-powered applications
- CVE-2026-54801 - A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE
- CVE-2026-55207 - Pimcore is an Open Source Data & Experience Management Platform
- CVE-2026-55208 - Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio
- CVE-2026-55420 - Discourse is an open-source discussion platform
- CVE-2026-55604 - DeepSeek MCP Server is an MCP server for DeepSeek V4
- CVE-2026-55615 - Langroid is a framework for building large-language-model-powered applications
- CVE-2026-56292 - A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered
- CVE-2026-57023 - An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Network
- CVE-2026-57026 - An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks J
- CVE-2026-57028 - An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos
- CVE-2026-57111 - Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.server.filt
- CVE-2026-58122 - Hermes WebUI before 0.51.307 contains an authentication bypass vulnerability that allows unauthenticated remot
- CVE-2026-58123 - Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remot
- CVE-2026-58378 - Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production
- CVE-2026-58459 - gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof th
- CVE-2026-59148 - Mockoon provides way to design and run mock APIs
- CVE-2026-59206 - n8n is an open source workflow automation platform
- CVE-2026-59207 - n8n is an open source workflow automation platform
- CVE-2026-59208 - n8n is an open source workflow automation platform
- CVE-2026-59209 - n8n is an open source workflow automation platform
- CVE-2026-59219 - Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform
- CVE-2026-59221 - Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform
- CVE-2026-59224 - Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform
- CVE-2026-5955 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Inrove S
- CVE-2026-59691 - A heap buffer overflow vulnerability was found in GStreamer's rfbsrc plugin
- CVE-2026-59720 - Hoppscotch is an open source API development ecosystem
- CVE-2026-59721 - Hoppscotch is an open source API development ecosystem
- CVE-2026-59834 - SiYuan is an open-source personal knowledge management system
- CVE-2026-59858 - Vim is an open source, command line text editor
- CVE-2026-60108 - Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows un
- CVE-2026-60109 - Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that all
- CVE-2026-61343 - LibreBooking's email template editor save action passes the submitted template name directly into the destinat
- CVE-2025-3110 - OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing
- CVE-2026-0288 - Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Net
- CVE-2026-10037 - A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu
- CVE-2026-10706 - In Adalo’s no-code app builder, (Versions 1 and 2) the attackers may extract full user records and correlate u
- CVE-2026-10708 - This vulnerability enables large‑scale data harvesting without requiring app‑specific secrets
- CVE-2026-13320 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19
- CVE-2026-14454 - Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed
- CVE-2026-15107 - Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbi
- CVE-2026-15110 - Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user
- CVE-2026-15111 - Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a use
- CVE-2026-15112 - Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially expl
- CVE-2026-15113 - Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to po
- CVE-2026-15114 - Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to p
- CVE-2026-15116 - Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrar
- CVE-2026-15117 - Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a
- CVE-2026-15118 - Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrar
- CVE-2026-15119 - Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised th
- CVE-2026-15120 - Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had c
- CVE-2026-15121 - Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitra
- CVE-2026-15122 - Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allow
- CVE-2026-15123 - Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to pote
- CVE-2026-15125 - Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to ex
- CVE-2026-15126 - Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrar
- CVE-2026-15129 - Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially expl
- CVE-2026-15132 - Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrar
- CVE-2026-15133 - Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute
- CVE-2026-15167 - DBS Etherwatch file parser crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
- CVE-2026-29008 - U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function
- CVE-2026-29009 - U-Boot through 2026.04-rc3 contains a buffer overflow vulnerability in nfs_readlink_reply() (net/nfs-common.c)
- CVE-2026-31309 - Improper authorization in the /tequilapi/config/user endpoint of Mysterium Node before v1.36.0 allows unauthen
- CVE-2026-3144 - IBM API Connect 12.1.0.0 through 12.1.0.3 uses default credentials which could allow an attacker to gain unaut
- CVE-2026-35210 - OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables
- CVE-2026-35552 - In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authentic
- CVE-2026-44024 - Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop a
- CVE-2026-44025 - Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop a
- CVE-2026-44160 - Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop a
- CVE-2026-44161 - Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop a
- CVE-2026-47646 -
- CVE-2026-51535 - In OpENer 2.3.0 (commit 76b95cf), a resource exhaustion (Denial of Service) vulnerability exists in its networ
- CVE-2026-52200 - An issue in Generic OEM UZ801_v2.1 4G LTE Router V3.4.3 allows a remote attacker to execute arbitrary code via
- CVE-2026-53482 - Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10,
- CVE-2026-53951 - Copier is a library and CLI app for rendering project templates
- CVE-2026-54528 - JupyterLab Git is a Git extension for JupyterLab
- CVE-2026-54774 - CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core
- CVE-2026-54781 - CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core
- CVE-2026-54782 - CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core
- CVE-2026-54783 - CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core
- CVE-2026-55404 - yt-dlp and youtube-dl are command-line audio/video downloaders
- CVE-2026-55999 - Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and x
- CVE-2026-56000 - Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and
- CVE-2026-56001 - A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could
- CVE-2026-56003 - A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2
- CVE-2026-56297 - FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_recei
- CVE-2026-56669 - Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-ser
- CVE-2026-56776 - n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/{workflowId}/t
- CVE-2026-57239 - The user-controllable executable files will be directly executed by high-privilege processes, allowing low-pri
- CVE-2026-58192 - Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver proto
- CVE-2026-58207 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system
- CVE-2026-58210 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system
- CVE-2026-58213 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system
- CVE-2026-58250 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system
- CVE-2026-58253 - NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system
- CVE-2026-58525 - Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a securit
- CVE-2026-59257 - n8n before 1.123.61, 2.x before 2.27.4, and 2.28.x before 2.28.1 contains a SQL injection vulnerability in the
- CVE-2026-59723 - Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant
- CVE-2026-59731 - Astro is a web framework for content-driven websites
- CVE-2026-59803 - rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.De
- CVE-2026-59804 - Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS mis
- CVE-2026-59805 - Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that all
- CVE-2026-59806 - Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attac
- CVE-2026-59807 - Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to r
- CVE-2026-59822 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format
- CVE-2026-59879 - Immutable.js provides many Persistent Immutable data structures
- CVE-2026-59880 - Immutable.js provides many Persistent Immutable data structures
- CVE-2026-59887 - linkify-it is a links recognition library with full Unicode support
- CVE-2026-60002 - ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchan
- CVE-2026-60105 - Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action ca
- CVE-2026-6896 - GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 before 18.11.7, 19.0 before 19.0
- CVE-2026-8307 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Webbeyaz
- CVE-2026-9074 - IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL inject
- CVE-2026-13020 - A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and e
- CVE-2026-14380 - DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile
- CVE-2026-34044 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases
- CVE-2026-34152 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases
- CVE-2026-37270 - Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improp
- CVE-2026-37271 - Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device
- CVE-2026-48948 - An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible
- CVE-2026-48957 - An improper access check allows unauthorized users to access com_privacy datasets
- CVE-2026-48958 - An improper access check allows unauthorized users to create custom fields via webservices endpoints
- CVE-2026-49229 - Actual is a local-first personal finance app
- CVE-2026-53730 - DataEase is an open source data visualization and analysis tool
- CVE-2026-55077 - Coder allows organizations to provision remote development environments via Terraform
- CVE-2026-55255 - Langflow Authorization Bypass Through User-Controlled Key Vulnerability
- CVE-2026-55418 - FastGPT is an open source AI knowledge base platform
- CVE-2026-55635 - DataEase is an open source data visualization and analysis tool
- CVE-2026-56290 - Joomlack Page Builder Improper Access Control Vulnerability
- CVE-2026-56811 - Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix (Phoenix.Socket
- CVE-2026-57851 - MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver
- CVE-2026-58384 - A flaw was found in GIMP's PSD parser. An integer overflow in read_RLE_channel() can cause an undersized heap
- CVE-2026-59704 - Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video
- CVE-2026-59706 - mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side
- CVE-2026-59707 - LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoi
- CVE-2026-59708 - The GET /api/v1/public/:accessId/portfolio endpoint in ghostfolio accepts private access IDs without validatin
- CVE-2026-11405 - The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login() function a
- CVE-2026-14536 - Improper enforcement of a mandatory multi-factor authentication policy in Devolutions Server 2026.2.9.0 allows
- CVE-2026-25271 - Memory Corruption when processing asynchronous input parameters due to improper handling of modified values be
- CVE-2026-40138 - A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Suppo
- CVE-2026-40139 - A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Suppo
- CVE-2026-40140 - BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerabili
- CVE-2026-40141 - A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileg
- CVE-2026-44937 - Potential forgery of webhook requests when using a unauthenticated webhook in SUSE Rancher Fleet 0.15 before 0
- CVE-2026-54763 - Traefik is an HTTP reverse proxy and load balancer
- CVE-2026-54765 - Traefik is an open source HTTP reverse proxy and load balancer
- CVE-2026-55574 - vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs
- CVE-2026-58380 - A flaw was found in GIMP's PNM file format parser
- CVE-2026-59712 - Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated
- CVE-2026-59713 - Leantime contains an OIDC login CSRF vulnerability in the verifyState() method that unconditionally returns tr
- CVE-2026-9181 - Esri ArcGIS Server contains a directory traversal vulnerability
- CVE-2026-10536 - A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tr
- CVE-2026-11352 - An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of se
- CVE-2026-11564 - libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of the
- CVE-2026-11586 - By default, curl automatically responds to WebSocket PING frames
- CVE-2026-12064 - When a user invokes curl using a schemeless URL combined with --proto-default sftp (or scp), a disconnect oc
- CVE-2026-12481 - A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handlin
- CVE-2026-13053 - An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged u
- CVE-2026-13054 - A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticat
- CVE-2026-13079 - A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a l
- CVE-2026-13383 - An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated p
- CVE-2026-13384 - An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated pr
- CVE-2026-14544 - A flaw was found in HPLIP (HP Linux Imaging and Printing Software)
- CVE-2026-26307 - Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to con
- CVE-2026-47896 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene
- CVE-2026-47897 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Lucene
- CVE-2026-47898 - Improper Restriction of XML External Entity Reference vulnerability in Apache Lucene.Net (Lucene.Net.Analysis
- CVE-2026-57983 - Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security
- CVE-2026-57984 - Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a netwo
- CVE-2026-57985 - Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code o
- CVE-2026-58289 - Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an una
- CVE-2026-58293 - External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to ex
- CVE-2026-58297 - Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unau
- CVE-2026-8926 - When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usern
- CVE-2026-38969 - ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling req
- CVE-2026-38971 - ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_se
- CVE-2026-41106 - Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate
- CVE-2026-44941 - A relative path traversal in the keyhint option in repomd.xml parsing of libzypp before 17.38.12 can be used
- CVE-2026-45499 - Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a
- CVE-2026-54401 - A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (S
- CVE-2026-54402 - A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vul
- CVE-2026-54408 - A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in U
- CVE-2026-54409 - A malicious actor with access to the network and under certain conditions could exploit an Improper Initializa
- CVE-2026-55112 - A malicious actor with access to the network and low privileges and under certain conditions could exploit an
- CVE-2026-55115 - A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (S
- CVE-2026-55116 - A malicious actor with access to the network and under certain network configurations could exploit an Imprope
- CVE-2026-57100 - Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized a
- CVE-2026-9272 - In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who i
- CVE-2025-23350 - NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual
- CVE-2025-23351 - NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual
- CVE-2026-10538 - Messaging consumer functionality allows deserialization of user-controlled data without sufficient restriction
- CVE-2026-10539 - A Control-M/Server communication command does not sufficiently filter or sanitize user-supplied input
- CVE-2026-12575 - DVP80ES3 with Improper Resource Shutdown or Release vulnerability
- CVE-2026-12576 - DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnera
- CVE-2026-12579 - AS228T with Authentication Bypass Vulnerability
- CVE-2026-14191 - An out-of-bounds heap write exists in the RAR5 recovery-volume (.rev) parser in WinRAR and UnRAR (RecVolumes5:
- CVE-2026-14193 - DVP80ES300T with Improper Validation of Array Index Vulnerability
- CVE-2026-14198 - @fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before
- CVE-2026-20191 - A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary fil
- CVE-2026-20213 - A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to caus
- CVE-2026-20214 - A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cau
- CVE-2026-20215 - A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to caus
- CVE-2026-20216 - A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attac
- CVE-2026-20217 - A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to
- CVE-2026-20243 - A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cau
- CVE-2026-20244 - A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cau
- CVE-2026-20458 - In Modem, there is a possible memory corruption due to a missing bounds check
- CVE-2026-23537 - A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an una
- CVE-2026-24240 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of unt
- CVE-2026-24242 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request fo
- CVE-2026-24243 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of unt
- CVE-2026-24244 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of unt
- CVE-2026-24245 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of unt
- CVE-2026-24246 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dy
- CVE-2026-24247 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of unt
- CVE-2026-24248 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of co
- CVE-2026-24249 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of unt
- CVE-2026-24250 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of
- CVE-2026-24251 - NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dy
- CVE-2026-24260 - NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time
- CVE-2026-24264 - NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handlin
- CVE-2026-24270 - NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication
- CVE-2026-50043 - Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Sky
- CVE-2026-50195 - containerd is an open-source container runtime
- CVE-2026-5120 - A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a
- CVE-2026-5136 - A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments agains
- CVE-2026-53492 - containerd is an open-source container runtime
- CVE-2026-54592 - Oj (Optimized JSON) is a JSON parser and Object marshaller packaged as a Ruby gem
- CVE-2026-57692 - Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation
- CVE-2026-58126 - PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote at
- CVE-2026-58127 - PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll,
- CVE-2026-58452 - JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerabi
- CVE-2026-58453 - JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerab
- CVE-2026-58454 - JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerabi
- CVE-2026-6687 - FatFs R0.16 and earlier contains a stack overflow bug in f_getlabel() because exFAT label length (XDIR_NumLabe
- CVE-2026-6688 - FatFs R0.16 and earlier contains a downstream-caller vulnerability pattern associated with FatFs long filename
- CVE-2026-7829 - UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule pa
- CVE-2026-7831 - UltraVNC viewer through 1.8.2.2 contains an off-by-one stack buffer overflow in the RFB ServerInit message han
- CVE-2026-7838 - UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB prot
- CVE-2026-7839 - UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password
- CVE-2026-7840 - UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server
- CVE-2025-24815 - Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type valida
- CVE-2025-36359 - IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which c
- CVE-2025-7406 - Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing
- CVE-2026-10109 - IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to imprope
- CVE-2026-10129 - IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) protection bypass vulnerabi
- CVE-2026-10134 - IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process
- CVE-2026-10140 - IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of
- CVE-2026-10546 - IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery (SSRF) vulnerability in the URL co
- CVE-2026-10560 - IBM Langflow OSS 1.0.0 through 1.9.6 contains a missing authentication vulnerability in /api/v1/build_public_t
- CVE-2026-10564 - IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery (SSRF)
- CVE-2026-11541 - IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through
- CVE-2026-11546 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forg
- CVE-2026-11594 - IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the admin
- CVE-2026-11708 - IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the admin
- CVE-2026-11712 - IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the admin
- CVE-2026-11714 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-side request forg
- CVE-2026-11806 - IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vul
- CVE-2026-13207 - FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalizatio
- CVE-2026-13449 - IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity inje
- CVE-2026-13759 - IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses (WsObjectInputStr
- CVE-2026-13766 - DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers
- CVE-2026-13772 - IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied
- CVE-2026-13774 - Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user
- CVE-2026-13775 - Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised th
- CVE-2026-13776 - Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised t
- CVE-2026-13777 - Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a
- CVE-2026-13778 - Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute ar
- CVE-2026-13779 - Use after free in Chromoting in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to
- CVE-2026-13780 - Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote a
- CVE-2026-13781 - Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote at
- CVE-2026-13782 - Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromise
- CVE-2026-13783 - Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user
- CVE-2026-13786 - Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary
- CVE-2026-13787 - Use after free in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to e
- CVE-2026-13788 - Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to e
- CVE-2026-13791 - Insufficient validation of untrusted input in Downloads in Google Chrome prior to 150.0.7871.47 allowed an att
- CVE-2026-13794 - Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.4
- CVE-2026-13797 - Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a rem
- CVE-2026-13798 - Heap buffer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had c
- CVE-2026-13799 - Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploi
- CVE-2026-13800 - Inappropriate implementation in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local att
- CVE-2026-13801 - Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compr
- CVE-2026-13802 - Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user
- CVE-2026-13803 - Type Confusion in Chrome Tabs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compro
- CVE-2026-13804 - Use after free in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had comprom
- CVE-2026-13805 - Use after free in GFX in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to execute arbi
- CVE-2026-13806 - Insufficient validation of untrusted input in Accessibility in Google Chrome prior to 150.0.7871.47 allowed a
- CVE-2026-13807 - Use after free in Import in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convince
- CVE-2026-13811 - Use after free in IME in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary c
- CVE-2026-13813 - Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a rem
- CVE-2026-13814 - Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user
- CVE-2026-13815 - Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary
- CVE-2026-13817 - Insufficient validation of untrusted input in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote at
- CVE-2026-13819 - Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had c
- CVE-2026-13821 - Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrar
- CVE-2026-13823 - Use after free in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised t
- CVE-2026-13824 - Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacke
- CVE-2026-13825 - Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exp
- CVE-2026-13827 - Use after free in Updater in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to perform p
- CVE-2026-13829 - Insufficient validation of untrusted input in Settings in Google Chrome on Windows prior to 150.0.7871.47 allo
- CVE-2026-13830 - Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to exe
- CVE-2026-13831 - Out of bounds read and write in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had
- CVE-2026-13832 - Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromis
- CVE-2026-13834 - Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote a
- CVE-2026-13835 - Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to poten
- CVE-2026-13841 - Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised
- CVE-2026-13843 - Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 al
- CVE-2026-13844 - Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perfo
- CVE-2026-13845 - Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary c
- CVE-2026-13846 - Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had comprom
- CVE-2026-13848 - Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary
- CVE-2026-13849 - Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 al
- CVE-2026-13850 - Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 al
- CVE-2026-13851 - Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4
- CVE-2026-13852 - Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4
- CVE-2026-13853 - Use after free in Journeys in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromis
- CVE-2026-13854 - Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who had com
- CVE-2026-13855 - Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinc
- CVE-2026-13856 - Insufficient validation of untrusted input in Speech in Google Chrome on Android prior to 150.0.7871.47 allowe
- CVE-2026-13859 - Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to pot
- CVE-2026-13861 - Use after free in Core in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised t
- CVE-2026-13863 - Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 al
- CVE-2026-13864 - Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who conv
- CVE-2026-13869 - Use after free in Device in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had
- CVE-2026-13870 - Use after free in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to exec
- CVE-2026-13872 - Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4
- CVE-2026-13878 - Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had c
- CVE-2026-13880 - Use after free in USB in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had comprom
- CVE-2026-13882 - Race in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer
- CVE-2026-13883 - Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perfo
- CVE-2026-13884 - Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to execute arb
- CVE-2026-13885 - Use after free in Skia in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute
- CVE-2026-13888 - Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbi
- CVE-2026-13891 - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a rem
- CVE-2026-13897 - Insufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacke
- CVE-2026-13898 - Use after free in Cast Receiver in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute a
- CVE-2026-13899 - Use after free in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary
- CVE-2026-13901 - Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker wh
- CVE-2026-13903 - Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker
- CVE-2026-13909 - Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker
- CVE-2026-13915 - Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who
- CVE-2026-13918 - Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to p
- CVE-2026-13925 - Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote
- CVE-2026-13927 - Insufficient validation of untrusted input in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a
- CVE-2026-13928 - Insufficient validation of untrusted input in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a rem
- CVE-2026-13934 - Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.47 allowed
- CVE-2026-13965 - Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrar
- CVE-2026-13967 - Heap buffer overflow in V8 in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitr
- CVE-2026-13968 - Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remot
- CVE-2026-14005 - Use after free in Omnibox in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who con
- CVE-2026-14006 - Use after free in Navigation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbi
- CVE-2026-14009 - Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to
- CVE-2026-14011 - Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perf
- CVE-2026-14018 - Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perfo
- CVE-2026-14024 - Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinc
- CVE-2026-14025 - Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced
- CVE-2026-14027 - Use after free in SignIn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a use
- CVE-2026-14032 - Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a
- CVE-2026-14036 - Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker
- CVE-2026-14037 - Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who h
- CVE-2026-14038 - Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 150.0.7871.47 allowed a r
- CVE-2026-14040 - Use after free in BrowserTag in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user
- CVE-2026-14041 - Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to
- CVE-2026-14043 - Use after free in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compr
- CVE-2026-14044 - Use after free in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised
- CVE-2026-14055 - Insufficient validation of untrusted input in Device Trust in Google Chrome on Windows prior to 150.0.7871.47
- CVE-2026-14056 - Insufficient validation of untrusted input in Media in Google Chrome prior to 150.0.7871.47 allowed a remote a
- CVE-2026-14060 - Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 al
- CVE-2026-14064 - Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who co
- CVE-2026-14067 - Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to e
- CVE-2026-14078 - Insufficient validation of untrusted input in WebRTC in Google Chrome prior to 150.0.7871.47 allowed a remote
- CVE-2026-14084 - Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 150.0.7871.47 allowed a rem
- CVE-2026-14086 - Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to ex
- CVE-2026-14087 - Heap buffer overflow in WebNN in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who
- CVE-2026-14090 - Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.4
- CVE-2026-14091 - Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitr
- CVE-2026-14093 - Use after free in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised t
- CVE-2026-14094 - Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to per
- CVE-2026-14095 - Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker w
- CVE-2026-14097 - Inappropriate implementation in WebAppInstalls in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote
- CVE-2026-14099 - Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who
- CVE-2026-14101 - Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote att
- CVE-2026-14102 - Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially e
- CVE-2026-14104 - Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a
- CVE-2026-14105 - Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to
- CVE-2026-14106 - Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed
- CVE-2026-14107 - Use after free in Scheduling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbi
- CVE-2026-14108 - Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrar
- CVE-2026-14109 - Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who
- CVE-2026-14111 - Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user
- CVE-2026-14113 - Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had
- CVE-2026-14114 - Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a lo
- CVE-2026-14115 - Insufficient validation of untrusted input in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote at
- CVE-2026-14120 - Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who
- CVE-2026-14121 - Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to exe
- CVE-2026-14122 - Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.4
- CVE-2026-14124 - Inappropriate implementation in CredentialProvider in Google Chrome on Windows prior to 150.0.7871.47 allowed
- CVE-2026-14149 - Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute
- CVE-2026-14151 - Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had c
- CVE-2026-14152 - Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who ha
- CVE-2026-14161 - Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unaut
- CVE-2026-14162 - Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unaut
- CVE-2026-14164 - A double free issue has been identified in libarchive's RAR5 reader
- CVE-2026-14241 - Memory safety bugs present in Firefox 152.0.3
- CVE-2026-35505 - An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory
- CVE-2026-41053 - Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provid
- CVE-2026-44628 - An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a va
- CVE-2026-48276 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous
- CVE-2026-48277 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability tha
- CVE-2026-48281 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability tha
- CVE-2026-48282 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Rest
- CVE-2026-48283 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous
- CVE-2026-48285 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerabi
- CVE-2026-48286 - Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization
- CVE-2026-48307 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnera
- CVE-2026-48313 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Rest
- CVE-2026-48315 - ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability tha
- CVE-2026-49432 - Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp
- CVE-2026-49434 - Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All
- CVE-2026-49877 - Improper Authorization vulnerability in Apache ActiveMQ
- CVE-2026-50003 - A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files
- CVE-2026-50110 - Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within
- CVE-2026-50254 - An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory
- CVE-2026-50734 - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache A
- CVE-2026-50750 - Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ
- CVE-2026-52195 - Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a d
- CVE-2026-52196 - Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a d
- CVE-2026-52197 - An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via
- CVE-2026-52868 - An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist st
- CVE-2026-53916 - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache Acti
- CVE-2026-53917 - Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache Acti
- CVE-2026-54475 - Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ
- CVE-2026-54672 - electron-updater allows for automatic updates for Electron apps
- CVE-2026-55721 - Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.p
- CVE-2026-56137 - RPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc
- CVE-2026-56278 - Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') f
- CVE-2026-56413 - Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, whic
- CVE-2026-56415 - Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is
- CVE-2026-56808 - DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may l
- CVE-2026-57080 - Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire messa
- CVE-2026-57081 - Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded inpu
- CVE-2026-58014 - A flaw was found in GLib. An off-by-one error can occur in the g_key_file_get_locale_string_list function in t
- CVE-2026-58016 - A flaw was found in GLib. A state confusion issue exists in g_dbus_node_info_new_for_xml() in the gio/gdbusint
- CVE-2026-58166 - OpenBMB ChatDev through 2.2.0, fixed in commit 4fd4da6, contains a path traversal vulnerability that allows un
- CVE-2026-58168 - DeepTutor before version 1.4.10 contains an authorization bypass vulnerability that allows low-privilege users
- CVE-2026-58169 - Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote att
- CVE-2026-58170 - Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto
- CVE-2026-58302 - rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation
- CVE-2026-58372 - SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler t
- CVE-2026-58375 - JimuReport through 2.5.0 exposes the POST /jmreport/auto/export endpoint without authentication: the handler i
- CVE-2026-58449 - txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter
- CVE-2026-6556 - @fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the
- CVE-2026-7663 - IBM Langflow OSS 1.0.0 through 1.9.6 could allow unauthenticated attackers to access protected MCP project res
- CVE-2026-7803 - IBM Langflow OSS 1.0.0 through 1.10.0 could allow arbitrary code execution due to improper validation of flow
- CVE-2026-7871 - IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full appli
- CVE-2026-7873 - IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated attackers to execute arbitrary OS commands and read
- CVE-2026-7874 - IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow disclosure of all stored credentials due to the use
- CVE-2026-8402 - Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate
- CVE-2026-8451 - Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler A
- CVE-2026-8452 - Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavi
- CVE-2026-8655 - Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or er
- CVE-2025-2902 - Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform
- CVE-2026-11979 - libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --she
- CVE-2026-12912 - A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially craft
- CVE-2026-13519 - A vulnerability was found in Tenda JD12L 16.03.53.23
- CVE-2026-13580 - A security vulnerability has been detected in Edimax EW-7478APC 1.04
- CVE-2026-13582 - A flaw has been found in Edimax EW-7478APC 1.04
- CVE-2026-13583 - A vulnerability has been found in Edimax EW-7478APC 1.04
- CVE-2026-13592 - A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4
- CVE-2026-13676 - fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family U
- CVE-2026-13744 - Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed uninten
- CVE-2026-13762 - Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote ac
- CVE-2026-13763 - Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might all
- CVE-2026-22078 - Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges
- CVE-2026-25707 - A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be
- CVE-2026-34592 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases
- CVE-2026-34594 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases
- CVE-2026-34597 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases
- CVE-2026-36848 - Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem
- CVE-2026-39868 - This issue was addressed with improved input validation
- CVE-2026-40522 - FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that
- CVE-2026-40523 - FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that al
- CVE-2026-40524 - FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the get_gl_transactions() function whe
- CVE-2026-41992 - GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reu
- CVE-2026-43701 - The issue was addressed with improved checks
- CVE-2026-43705 - A type confusion issue was addressed with improved checks
- CVE-2026-43715 - A use-after-free issue was addressed with improved memory management
- CVE-2026-43724 - The issue was addressed with improved input sanitization
- CVE-2026-43725 - The issue was addressed with improved input validation
- CVE-2026-43731 - A use-after-free issue was addressed with improved memory management
- CVE-2026-43735 - The issue was addressed with improved checks
- CVE-2026-48558 - SimpleHelp Authentication Bypass Vulnerability
- CVE-2026-49049 - The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arb
- CVE-2026-51221 - A buffer overflow in the Get_Attribute_List function of EIPStackGroup OpENer commit 76b95c allows attackers to
- CVE-2026-53404 - Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the
- CVE-2026-53434 - Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM bas
- CVE-2026-54369 - acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions acl
- CVE-2026-54371 - attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities th
- CVE-2026-55276 - Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty
- CVE-2026-55607 - Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed crea
- CVE-2026-55844 - Home Assistant is open source home automation software that puts local control and privacy first
- CVE-2026-55957 - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to au
- CVE-2026-56285 - Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and uses a hardco
- CVE-2026-56780 - Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api/v1/accounts/{p
- CVE-2026-56782 - Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoint
- CVE-2026-57320 - Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions
- CVE-2026-57331 - Performer Arbitrary File Deletion in Paid Videochat Turnkey Site <= 7.4.8 versions
- CVE-2026-57332 - Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions
- CVE-2026-57333 - Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions
- CVE-2026-57336 - Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions
- CVE-2026-57337 - Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions
- CVE-2026-57338 - Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions
- CVE-2026-57498 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases
- CVE-2026-57947 - Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoi
- CVE-2026-57950 - ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSa
- CVE-2026-57955 - SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute a
- CVE-2026-57999 - luci-app-tailscale-community contains a command injection vulnerability in the tailscale.do_login RPC method t
- CVE-2026-58000 - luci-proto-openvpn through 0.11.1, fixed in commit e4ff45e, contains a command injection vulnerability in the
- CVE-2026-7656 - The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6_nbr.c (handle_ra_input, handle_ns_input, handle_na_
- CVE-2026-10643 - Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validate
- CVE-2026-10646 - Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a
- CVE-2026-49048 - The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly c
- CVE-2023-37524 - HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being ou
- CVE-2026-45258 - dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length a
- CVE-2026-49412 - The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from u
- CVE-2026-49413 - The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process fl
- CVE-2026-49414 - The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that comp
- CVE-2026-49416 - The CONS_HISTORY ioctl handler did not adequately validate the requested history size
- CVE-2026-49417 - Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping r
- CVE-2026-11625 - Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes
- CVE-2026-11702 - Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes
- CVE-2026-13372 - Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Ma
- CVE-2026-21734 - A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a wri
- CVE-2026-28701 - Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users
- CVE-2026-31928 - The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls,
- CVE-2026-32833 - Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that al
- CVE-2026-33560 - The DMP-5000 file service exposes authenticated arbitrary file upload functionality
- CVE-2026-36478 - An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via
- CVE-2026-38639 - An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a D
- CVE-2026-38641 - An issue in the DSO::mmap_and_copy function of relibc commit 61f42d allows attackers to cause a Denial of Serv
- CVE-2026-45195 - Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigg
- CVE-2026-45807 - Kestra is an open-source, event-driven orchestration platform
- CVE-2026-46604 - The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset
- CVE-2026-46710 - Notepad++ is a free and open-source source code editor
- CVE-2026-47220 - Envoy is an open source edge and service proxy designed for cloud-native applications
- CVE-2026-48042 - Envoy is an open source edge and service proxy designed for cloud-native applications
- CVE-2026-48044 - Envoy is an open source edge and service proxy designed for cloud-native applications
- CVE-2026-48743 - Envoy is an open source edge and service proxy designed for cloud-native applications
- CVE-2026-48778 - Notepad++ is a free and open-source source code editor
- CVE-2026-48800 - Notepad++ is a free and open-source source code editor
- CVE-2026-49984 - Kestra is an open-source, event-driven orchestration platform
- CVE-2026-49991 - RustFS is a distributed object storage system built in Rust
- CVE-2026-50132 - Budibase is an open-source low-code platform
- CVE-2026-50136 - Budibase is an open-source low-code platform
- CVE-2026-50137 - Budibase is an open-source low-code platform
- CVE-2026-50741 - Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd
- CVE-2026-52782 - OpenProject is open-source, web-based project management software
- CVE-2026-52783 - OpenProject is open-source, web-based project management software
- CVE-2026-52785 - OpenProject is open-source, web-based project management software
- CVE-2026-52884 - Notepad++ is a free and open-source source code editor
- CVE-2026-53281 - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference
- CVE-2026-53286 - In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free i
- CVE-2026-53290 - In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drm_dev_put called bef
- CVE-2026-53294 - In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reus
- CVE-2026-53296 - In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on pr
- CVE-2026-53300 - In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix NTMP DMA use-after-free is
- CVE-2026-53309 - In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlm_match_reg
- CVE-2026-53322 - In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disablin
- CVE-2026-54351 - Budibase is an open-source low-code platform
- CVE-2026-54352 - Budibase is an open-source low-code platform
- CVE-2026-54353 - Budibase is an open-source low-code platform
- CVE-2026-54826 - Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions
- CVE-2026-54835 - Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions
- CVE-2026-55069 - Kestra is an open-source, event-driven orchestration platform
- CVE-2026-55189 - RustFS is a distributed object storage system built in Rust
- CVE-2026-55975 - A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML f
- CVE-2026-56008 - Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions
- CVE-2026-56028 - Unauthenticated Privilege Escalation in Easy Elements for Elementor – Addons & Website Templates <=
- CVE-2026-56034 - Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions
- CVE-2026-56041 - Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions
- CVE-2026-56061 - Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions
- CVE-2026-56068 - Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions
- CVE-2026-56414 - A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to
- CVE-2026-56876 - extract-zip does not validate symlink targets when extracting zip archives
- CVE-2026-57314 - Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions
- CVE-2026-57321 - Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions
- CVE-2026-5757 - Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an at
- CVE-2026-57642 - Contributor SQL Injection in Gallery <= 4.7.8 versions
- CVE-2026-57667 - Sales Representative SQL Injection in Groundhogg <= 4.5 versions
- CVE-2026-57915 - It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an un
- CVE-2026-9221 - The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a
- CVE-2026-9640 - A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before
- CVE-2025-60464 - A use-after-free in the gf_sei_load_from_state_internal function (/filters/sei_load.c) of GPAC Project/MP4Box
- CVE-2025-71324 - Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-
- CVE-2025-71327 - Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint t
- CVE-2025-71328 - Flowise before 3.0.10 contains an unverified password change vulnerability
- CVE-2025-71333 - Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachmen
- CVE-2025-71334 - Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due
- CVE-2025-71335 - Flowise before 3.0.10 (affected versions 3.0.7 and earlier) fails to invalidate existing sessions and session
- CVE-2025-71338 - Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that all
- CVE-2026-11800 - A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow a
- CVE-2026-12053 - GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain
- CVE-2026-12244 - If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a
- CVE-2026-12246 - NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted
- CVE-2026-20230 - Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
- CVE-2026-27366 - Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions
- CVE-2026-39951 - Cacti is an open source performance and fault management framework
- CVE-2026-46733 - Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control
- CVE-2026-46734 - Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validat
- CVE-2026-50548 - Cursor is a code editor built for programming with AI
- CVE-2026-50549 - Cursor is a code editor built for programming with AI
- CVE-2026-53131 - In the Linux kernel, the following vulnerability has been resolved: netfilter: require Ethernet MAC header bef
- CVE-2026-53132 - In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb
- CVE-2026-53133 - In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes
- CVE-2026-53136 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer
- CVE-2026-53137 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp HDMI HDCP2 rx_id_li
- CVE-2026-53138 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain
- CVE-2026-53143 - In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA qu
- CVE-2026-53146 - In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy t
- CVE-2026-53147 - In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request pack
- CVE-2026-53148 - In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data c
- CVE-2026-53151 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the S
- CVE-2026-53153 - In the Linux kernel, the following vulnerability has been resolved: mm/list_lru: drain before clearing xarray
- CVE-2026-53157 - In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonet_device after RCU
- CVE-2026-53160 - In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free race in
- CVE-2026-53161 - In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix use-after-free of fastr
- CVE-2026-53162 - In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in
- CVE-2026-53165 - In the Linux kernel, the following vulnerability has been resolved: iomap: avoid potential null folio->mapping
- CVE-2026-53170 - In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject DMA commands with uni
- CVE-2026-53171 - In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dma
- CVE-2026-53172 - In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-
- CVE-2026-53173 - In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix OOB write in ethosu_gem_
- CVE-2026-53174 - In the Linux kernel, the following vulnerability has been resolved: ovl: keep err zero after successful ovl_ca
- CVE-2026-53175 - In the Linux kernel, the following vulnerability has been resolved: inet: frags: fix use-after-free caused by
- CVE-2026-53178 - In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtw_mlme: add bounds c
- CVE-2026-53180 - In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fix livelock in tmigr_ha
- CVE-2026-53182 - In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject oversized EMA RNR li
- CVE-2026-53183 - In the Linux kernel, the following vulnerability has been resolved: mptcp: allow subflow rcv wnd to shrink In
- CVE-2026-53184 - In the Linux kernel, the following vulnerability has been resolved: udp: clear skb->dev before running a sockm
- CVE-2026-53185 - In the Linux kernel, the following vulnerability has been resolved: zram: fix use-after-free in zram_bvec_writ
- CVE-2026-53186 - In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRP_RSP sense copy by the
- CVE-2026-53187 - In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate cpu_id against nr_cpu_
- CVE-2026-53188 - In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate the passed in fops for
- CVE-2026-53189 - In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: update file PMD counter be
- CVE-2026-53191 - In the Linux kernel, the following vulnerability has been resolved: io_uring/net: inherit IORING_CQE_F_BUF_MOR
- CVE-2026-53193 - In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Forcibly close timer instance
- CVE-2026-53198 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred fi
- CVE-2026-53199 - In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: use kmap_local_page in netvsc_c
- CVE-2026-53200 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: nv: Fix handling of XN[0] when
- CVE-2026-53201 - In the Linux kernel, the following vulnerability has been resolved: Revert drm/xe: Skip exec queue schedule t
- CVE-2026-53202 - In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation
- CVE-2026-53203 - In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in M
- CVE-2026-53205 - In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds checks for firmware
- CVE-2026-53209 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: reject oversized Broa
- CVE-2026-53212 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix use-after-free
- CVE-2026-53215 - In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP o
- CVE-2026-53216 - In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: limit XDP frame size to the RX
- CVE-2026-53217 - In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware p
- CVE-2026-53221 - In the Linux kernel, the following vulnerability has been resolved: ip6_vti: fix incorrect tunnel matching in
- CVE-2026-53223 - In the Linux kernel, the following vulnerability has been resolved: net: guard timestamp cmsgs to real error q
- CVE-2026-53224 - In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and add
- CVE-2026-53225 - In the Linux kernel, the following vulnerability has been resolved: sctp: fix uninit-value in __sctp_rcv_ascon
- CVE-2026-53229 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: xsk: Fix DMA and xdp_frame leak
- CVE-2026-53230 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix slab-out-of-bounds in mlx5_q
- CVE-2026-53232 - In the Linux kernel, the following vulnerability has been resolved: net: phy: clean the sfp upstream if phy pr
- CVE-2026-53233 - In the Linux kernel, the following vulnerability has been resolved: netdev: fix double-free in netdev_nl_bind_
- CVE-2026-53234 - In the Linux kernel, the following vulnerability has been resolved: net: ibm: emac: Fix use-after-free during
- CVE-2026-53235 - In the Linux kernel, the following vulnerability has been resolved: net: add pskb_may_pull() to skb_gro_receiv
- CVE-2026-53239 - In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexac
- CVE-2026-53240 - In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free on first_s
- CVE-2026-53242 - In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption
- CVE-2026-53244 - In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfs
- CVE-2026-53246 - In the Linux kernel, the following vulnerability has been resolved: sctp: validate cached peer INIT chunk leng
- CVE-2026-53247 - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: Fix use-after-
- CVE-2026-53248 - In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix use-after-free in metadat
- CVE-2026-53250 - In the Linux kernel, the following vulnerability has been resolved: xsk: cache csum_start/csum_offset to fix T
- CVE-2026-53253 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames befor
- CVE-2026-53254 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in
- CVE-2026-53255 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV
- CVE-2026-53256 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: hold listener socket in
- CVE-2026-53259 - In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash
- CVE-2026-53260 - In the Linux kernel, the following vulnerability has been resolved: tcp: Add preempt_{disable,enable}_nested()
- CVE-2026-53264 - In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: use RCU with deferred
- CVE-2026-53265 - In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation unde
- CVE-2026-53266 - In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebt_snat ARP rewri
- CVE-2026-53267 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: bail out on template ct
- CVE-2026-53270 - In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on
- CVE-2026-53272 - In the Linux kernel, the following vulnerability has been resolved: erofs: fix use-after-free on sbi->sync_dec
- CVE-2026-53273 - In the Linux kernel, the following vulnerability has been resolved: tee: optee: prevent use-after-free when th
- CVE-2026-53275 - In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Fix use-after-free when proce
- CVE-2026-53276 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix a use-after-free of th
- CVE-2026-53277 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page ta
- CVE-2026-54030 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers
- CVE-2026-54033 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers
- CVE-2026-54830 - Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions
- CVE-2026-54844 - Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions
- CVE-2026-54917 - SeaweedFS is a distributed storage system for object storage (S3), file systems, and Iceberg tables
- CVE-2026-55693 - Vim is an open source, command line text editor
- CVE-2026-55895 - Vim is an open source, command line text editor
- CVE-2026-55960 - Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing chain validation
- CVE-2026-55967 - AES-GCM encryption/decryption with extremely large cumulative single message sizes (>64 GiB) were not properly
- CVE-2026-56051 - Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions
- CVE-2026-56123 - socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malici
- CVE-2026-56766 - Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMT
- CVE-2026-56768 - Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowi
- CVE-2026-56769 - Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery v
- CVE-2026-56770 - libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS
- CVE-2026-56786 - RTKLIB through 2.4.3 contains an out-of-bounds write vulnerability in decode_type1033 function that fails to c
- CVE-2026-57235 - Nokogiri is an open source XML and HTML library for the Ruby programming language
- CVE-2026-57236 - Nokogiri is an open source XML and HTML library for the Ruby programming language
- CVE-2026-57434 - Nokogiri is an open source XML and HTML library for the Ruby programming language
- CVE-2026-57435 - Nokogiri is an open source XML and HTML library for the Ruby programming language
- CVE-2026-57455 - Vim is an open source, command line text editor
- CVE-2026-57589 - sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root
- CVE-2026-57700 - Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious File
- CVE-2026-6094 - Heap buffer overread in wc_PKCS7_DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData
- CVE-2026-7511 - PKCS7_verify signer confusion allows forged signatures, where the signer associated with a signature is not co
- CVE-2026-8660 - OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows rem
- CVE-2026-8665 - OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows
- CVE-2026-8666 - OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linu
- CVE-2026-9099 - A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within th
- CVE-2026-9800 - A flaw was found in Keycloak Policy Enforcer
- CVE-2025-60467 - A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Proje
- CVE-2025-60474 - A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26
- CVE-2026-11877 - An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager
- CVE-2026-13201 - A flaw was found in KubeVirt's safepath package used by virt-handler
- CVE-2026-2050 - GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-44020 - Docling simplifies document processing by parsing diverse formats and providing integrations with the generati
- CVE-2026-49980 - Rclone is a command-line program to sync files and directories to and from different cloud storage providers
- CVE-2026-52923 - In the Linux kernel, the following vulnerability has been resolved: ipc: limit next_id allocation to the valid
- CVE-2026-52924 - In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO
- CVE-2026-52943 - In the Linux kernel, the following vulnerability has been resolved: net: skbuff: fix missing zerocopy referenc
- CVE-2026-52945 - In the Linux kernel, the following vulnerability has been resolved: Revert wireguard: device: enable threaded
- CVE-2026-52950 - In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Re
- CVE-2026-52951 - In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF ra
- CVE-2026-52952 - In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARN_ON in __iommu_group_set_do
- CVE-2026-52955 - In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds acces
- CVE-2026-52956 - In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds acces
- CVE-2026-52969 - In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvm_reset_di
- CVE-2026-52972 - In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Cap AEAD AD length to 0x8
- CVE-2026-52973 - In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONE_THREAD requirement for p
- CVE-2026-52976 - In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix error cleanup in xe_exec_queue
- CVE-2026-52987 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid double drm_exec_fini() i
- CVE-2026-52989 - In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmet_tcp_build_pdu_i
- CVE-2026-52991 - In the Linux kernel, the following vulnerability has been resolved: sched/psi: fix race between file release a
- CVE-2026-52993 - In the Linux kernel, the following vulnerability has been resolved: tipc: fix double-free in tipc_buf_append()
- CVE-2026-53000 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfree_rcu to release o
- CVE-2026-53002 - In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: remove sprintf usage
- CVE-2026-53006 - In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in icmpv6_rcv() Cac
- CVE-2026-53009 - In the Linux kernel, the following vulnerability has been resolved: ice: fix double-free of tx_buf skb If ice_
- CVE-2026-53016 - In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - copy IV using skcipher ivsiz
- CVE-2026-53033 - In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for af_unix
- CVE-2026-53059 - In the Linux kernel, the following vulnerability has been resolved: dm log: fix out-of-bounds write due to reg
- CVE-2026-53071 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Add missing chan lock in
- CVE-2026-53081 - In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce regsafe base id consistency f
- CVE-2026-53085 - In the Linux kernel, the following vulnerability has been resolved: bpf: fix mm lifecycle in open-coded task_v
- CVE-2026-53091 - In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdisc_pkt_len_segs_in
- CVE-2026-53092 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix linked reg delta tracking when sr
- CVE-2026-53130 - In the Linux kernel, the following vulnerability has been resolved: fs/omfs: reject s_sys_blocksize smaller th
- CVE-2026-54297 - Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters
- CVE-2026-54904 - concurrent-ruby is a modern concurrency tools for Ruby
- CVE-2026-54906 - concurrent-ruby is a modern concurrency tools for Ruby
- CVE-2026-55455 - Appsmith is a platform to build admin panels, internal tools, and dashboards
- CVE-2026-56270 - Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api
- CVE-2026-56351 - n8n before version 2.4.0 contains a sql injection vulnerability in MySQL, PostgreSQL, and Microsoft SQL nodes
- CVE-2026-57281 - Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annota
- CVE-2025-61018 - An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause
- CVE-2025-61020 - An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause
- CVE-2025-61023 - An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denia
- CVE-2025-61028 - An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Den
- CVE-2026-12112 - A flaw was found in the foreman-mcp-server
- CVE-2026-45732 - n8n is an open source workflow automation platform
- CVE-2026-48020 - Traefik is an HTTP reverse proxy and load balancer
- CVE-2026-49465 - n8n is an open source workflow automation platform
- CVE-2026-50023 - yt-dlp is a command-line audio/video downloader
- CVE-2026-50574 - yt-dlp is a command-line audio/video downloader
- CVE-2026-54304 - n8n is an open source workflow automation platform
- CVE-2026-54305 - n8n is an open source workflow automation platform
- CVE-2026-54307 - n8n is an open source workflow automation platform
- CVE-2026-54308 - n8n is an open source workflow automation platform
- CVE-2026-54316 - Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-
- CVE-2026-54513 - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Proce
- CVE-2026-54761 - Traefik is an HTTP reverse proxy and load balancer
- CVE-2026-54762 - Traefik is an HTTP reverse proxy and load balancer
- CVE-2025-66389 - GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder (without user approval) via a fi
- CVE-2026-28381 - The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries agai
- CVE-2026-42127 - The public dashboard query endpoint does not limit request body size before processing, allowing unauthenticat
- CVE-2026-44271 - Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain an Improper Neutralization of Special El
- CVE-2026-48746 - vLLM is an inference and serving engine for large language models (LLMs)
- CVE-2026-49468 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format
- CVE-2026-54099 - A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform
- CVE-2026-54100 - A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform
- CVE-2026-56266 - Crawl4AI before 0.8.7 contains a server-side request forgery vulnerability in the /crawl, /crawl/stream, /md,
- CVE-2026-8858 - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code ex
- CVE-2026-9029 - The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug
- CVE-2026-9072 - IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Managem
- CVE-2026-12773 - A weakness has been identified in BerriAI litellm up to 1.59.8
- CVE-2026-56340 - vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing
- CVE-2025-62821 - Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can
- CVE-2026-3195 - A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtio_snd_pc
- CVE-2026-47645 - Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unautho
- CVE-2026-48584 - Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges ove
- CVE-2026-48715 - radvd is a router advertisement daemon for IPv6
- CVE-2026-50242 - In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.14842
- CVE-2026-51843 - Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface
- CVE-2026-51844 - Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface
- CVE-2026-51845 - Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface
- CVE-2026-51846 - In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer over
- CVE-2026-52910 - In the Linux kernel, the following vulnerability has been resolved: bpf: Free reuseport cBPF prog after RCU gr
- CVE-2026-53915 - In JetBrains GoLand before 2026.1.3 remote code execution was possible via untrusted project configuration
- CVE-2026-56142 - In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 2025.1.148120, 2024.3.148430, 2024.2.14842
- CVE-2026-56208 - A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation
- CVE-2026-56209 - An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation
- CVE-2026-56210 - A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation
- CVE-2026-56211 - A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation
- CVE-2026-12505 - A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privil
- CVE-2026-43994 - Coturn is a free open source implementation of TURN and STUN Server
- CVE-2026-55203 - HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn st
- CVE-2026-8461 - An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, all
- CVE-2026-12151 - Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a mes
- CVE-2026-2467 - Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variable
- CVE-2026-2674 - Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queue
- CVE-2026-30799 - Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allo
- CVE-2026-30802 - Out-of-bounds Read vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affe
- CVE-2026-30803 - Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buf
- CVE-2026-3894 - Out-of-bounds Read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This iss
- CVE-2026-42055 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module
- CVE-2026-42530 - NGINX Open Source has a vulnerability in the ngx_http_v3_module module
- CVE-2026-47774 - Envoy is an open source edge and service proxy designed for cloud-native applications
- CVE-2026-48294 - Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin d
- CVE-2026-55200 - libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transpor
- CVE-2026-10649 - A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerabilit
- CVE-2026-12289 - Privilege escalation in the Graphics: WebRender component
- CVE-2026-12290 - Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firef
- CVE-2026-12291 - Use-after-free in the Networking: HTTP component
- CVE-2026-12292 - Incorrect boundary conditions in the Web Audio component
- CVE-2026-12293 - Use-after-free in the Graphics: WebGPU component
- CVE-2026-12294 - Sandbox escape in the DOM: Workers component
- CVE-2026-12295 - Sandbox escape in the DOM: Navigation component
- CVE-2026-12296 - Sandbox escape in the Security: Process Sandboxing component
- CVE-2026-12297 - Sandbox escape due to incorrect boundary conditions in the Networking component
- CVE-2026-12326 - Memory safety bugs present in Firefox 151 and Thunderbird 151
- CVE-2026-12328 - Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and
- CVE-2026-12398 - A command injection vulnerability was found in galaxy_ng
- CVE-2026-46331 - In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading t
- CVE-2026-50656 - Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defend
- CVE-2026-52719 - An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad
- CVE-2026-52720 - A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client)
- CVE-2026-52722 - A signed integer overflow vulnerability was found in GStreamer's VMnc decoder
- CVE-2026-53705 - A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good
- CVE-2026-6040 - A heap use-after-free existed when importing the blank-width characters of an ODF number format
- CVE-2026-8357 - LibreOffice Calc compiles cell formulas when opening a spreadsheet
- CVE-2026-9863 - Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for
- CVE-2026-11769 - We have released version 5.24.0 of the Grafana Operator
- CVE-2026-54228 - A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement meth
- CVE-2026-54229 - A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method
- CVE-2026-54230 - A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport
- CVE-2026-12143 - form-data is a library for creating readable multipart/form-data streams
- CVE-2026-44168 - MariaDB server is a community developed fork of MySQL server
- CVE-2026-44170 - MariaDB server is a community developed fork of MySQL server
- CVE-2026-44172 - MariaDB server is a community developed fork of MySQL server
- CVE-2026-44893 - Netty is a network application framework for development of protocol servers and clients
- CVE-2026-44894 - Netty is a network application framework for development of protocol servers and clients
- CVE-2026-45169 - Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 e
- CVE-2026-46340 - Netty is a network application framework for development of protocol servers and clients
- CVE-2026-48059 - Netty is a network application framework for development of protocol servers and clients
- CVE-2026-48163 - MariaDB server is a community developed fork of MySQL server
- CVE-2026-48165 - MariaDB server is a community developed fork of MySQL server
- CVE-2026-48748 - Netty is a network application framework for development of protocol servers and clients
- CVE-2026-49875 - Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the
- CVE-2026-50011 - Netty is a network application framework for development of protocol servers and clients
- CVE-2026-50083 - The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instanc
- CVE-2026-50085 - The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the
- CVE-2026-50086 - The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's
- CVE-2026-50091 - Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk
- CVE-2026-50627 - The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT
- CVE-2026-50628 - A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while b
- CVE-2026-50632 - A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE)
- CVE-2026-50633 - A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for
- CVE-2026-53406 - Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before ve
- CVE-2026-53407 - Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and
- CVE-2026-11774 - An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)
- CVE-2026-41699 - Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL que
- CVE-2026-41700 - Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSock
- CVE-2026-41856 - The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve anno
- CVE-2026-44890 - Netty is a network application framework for development of protocol servers and clients
- CVE-2026-46519 - mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management
- CVE-2026-47162 - Vim is an open source, command line text editor
- CVE-2026-49261 - MariaDB server is a community developed fork of MySQL server
- CVE-2026-5497 - vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to u
- CVE-2026-0270 - A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an u
- CVE-2026-0271 - A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices e
- CVE-2026-0272 - A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administra
- CVE-2026-0273 - A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrato
- CVE-2026-0274 - An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR an
- CVE-2026-11837 - A local privilege escalation vulnerability was found in the ansible.posix authorized_key module
- CVE-2026-2049 - GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-24716 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-24719 - A command injection vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-41716 - Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cach
- CVE-2026-41717 - Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability
- CVE-2026-41728 - Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access fil
- CVE-2026-41731 - JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted package
- CVE-2026-46520 - ImageMagick is free and open-source software used for editing and manipulating digital images
- CVE-2026-46522 - ImageMagick is free and open-source software used for editing and manipulating digital images
- CVE-2026-46529 - Atril Document Viewer is the default document reader of the MATE desktop environment for Linux
- CVE-2026-49759 - Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attac
- CVE-2026-53435 - In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserializ
- CVE-2026-6893 - A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by provid
- CVE-2025-10263 - Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925,
- CVE-2026-26142 - Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a
- CVE-2026-40983 - In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of
- CVE-2026-40984 - In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of
- CVE-2026-41855 - In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and
- CVE-2026-45490 - Improper authorization in .NET allows an authorized attacker to elevate privileges locally
- CVE-2026-45591 - Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a netwo
- CVE-2026-46316 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation
- CVE-2026-46323 - In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_r
- CVE-2026-46328 - In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers
- CVE-2026-47907 - Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that co
- CVE-2026-47931 - ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability tha
- CVE-2026-47937 - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Ele
- CVE-2026-5068 - A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP
- CVE-2026-9698 - DBI versions before 1.648 for Perl saved errors in a limited-sized buffer
- CVE-2026-11577 - A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in
- CVE-2026-3238 - A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller
- CVE-2026-34355 - A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted
- CVE-2026-42536 - Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted
- CVE-2026-44185 - Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP
- CVE-2026-46279 - In the Linux kernel, the following vulnerability has been resolved: mm/alloc_tag: clear codetag for pages allo
- CVE-2026-46281 - In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vrealloc_n
- CVE-2026-46285 - In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3_re
- CVE-2026-46289 - In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations i
- CVE-2026-46293 - In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bound
- CVE-2026-46301 - In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on u
- CVE-2026-46308 - In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in
- CVE-2026-46309 - In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for
- CVE-2026-49975 - Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of
- CVE-2026-11332 - A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications
- CVE-2026-21035 - Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensi
- CVE-2026-21037 - Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitr
- CVE-2026-50256 - A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland
- CVE-2026-50257 - A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence()
- CVE-2026-50258 - A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland
- CVE-2026-50259 - A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland
- CVE-2026-50260 - A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter()
- CVE-2026-50261 - A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter()
- CVE-2026-50264 - An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFor
- CVE-2025-12694 - A local privilege escalation vulnerability exists in Forcepoint VPN Client that allows a local non-administrat
- CVE-2026-10843 - A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS
- CVE-2026-41283 - OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed
- CVE-2026-22054 - Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attac
- CVE-2026-22055 - Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker
- CVE-2026-4035 - A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables i
- CVE-2026-46244 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff
- CVE-2026-46246 - In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-f
- CVE-2026-46251 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list cor
- CVE-2026-46253 - In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persist
- CVE-2026-46259 - In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when re
- CVE-2026-46260 - In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_
- CVE-2026-46265 - In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When
- CVE-2026-46266 - In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST d
- CVE-2026-46267 - In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work befo
- CVE-2026-46270 - In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free
- CVE-2026-6657 - A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin vali
- CVE-2026-10701 - Incorrect boundary conditions in the Graphics: Text component
- CVE-2026-1784 - The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy
- CVE-2026-42504 - Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU
- CVE-2019-25718 - Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out
- CVE-2025-70099 - A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allo
- CVE-2026-10118 - A flaw was found in Poppler's Splash backend
- CVE-2026-43958 - A flaw was found in rrdcached, a component of rrdtool
- CVE-2026-42965 - A flaw was found in the OpenShift Router
- CVE-2026-44421 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-44422 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-45700 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-4408 - A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic
- CVE-2026-46115 - In the Linux kernel, the following vulnerability has been resolved: block: add pgmap check to biovec_phys_merg
- CVE-2026-46116 - In the Linux kernel, the following vulnerability has been resolved: xfrm: defensively unhash xfrm_state lists
- CVE-2026-46119 - In the Linux kernel, the following vulnerability has been resolved: libceph: Fix slab-out-of-bounds access in
- CVE-2026-46125 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connecti
- CVE-2026-46135 - In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix race between ICReq handling
- CVE-2026-46145 - In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashik
- CVE-2026-46152 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from f
- CVE-2026-46166 - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in
- CVE-2026-46176 - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in
- CVE-2026-46181 - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_
- CVE-2026-46185 - In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in syml
- CVE-2026-46189 - In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma
- CVE-2026-46195 - In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before bu
- CVE-2026-46215 - In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime s
- CVE-2026-46227 - In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctp_se
- CVE-2026-9795 - A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature
- CVE-2026-9804 - A flaw was found in KubeVirt's virt-exportserver component
- CVE-2025-71306 - In the Linux kernel, the following vulnerability has been resolved: ima: Fix stack-out-of-bounds in is_bprm_cr
- CVE-2026-1933 - A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes
- CVE-2026-3012 - A flaw was found in Samba’s certificate auto-enrollment Group Policy handling
- CVE-2026-45837 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena_vm_close
- CVE-2026-45839 - In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indice
- CVE-2026-45851 - In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory
- CVE-2026-45852 - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxe_srq_from_
- CVE-2026-45853 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in
- CVE-2026-45856 - In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Validate wqe_size before usin
- CVE-2026-45859 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: do shared-unco
- CVE-2026-45860 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: increase the conn
- CVE-2026-45861 - In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in qd_put Co
- CVE-2026-45862 - In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush cache for PASID table be
- CVE-2026-45866 - In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caif_s
- CVE-2026-45867 - In the Linux kernel, the following vulnerability has been resolved: power: supply: act8945a: Fix use-after-fre
- CVE-2026-45878 - In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking i
- CVE-2026-45879 - In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25980: Fix use-after-free
- CVE-2026-45882 - In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_bms_vm: Fix use-afte
- CVE-2026-45885 - In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-battery: Fix use-afte
- CVE-2026-45891 - In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx sp
- CVE-2026-45893 - In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix & Optimize table creation fr
- CVE-2026-45896 - In the Linux kernel, the following vulnerability has been resolved: mtd: intel-dg: Fix accessing regions befor
- CVE-2026-45898 - In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption b
- CVE-2026-45902 - In the Linux kernel, the following vulnerability has been resolved: power: supply: bq256xx: Fix use-after-free
- CVE-2026-45910 - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer h
- CVE-2026-45914 - In the Linux kernel, the following vulnerability has been resolved: Revert hwmon: (ibmpex) fix use-after-free
- CVE-2026-45916 - In the Linux kernel, the following vulnerability has been resolved: power: supply: sbs-battery: Fix use-after-
- CVE-2026-45935 - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in D
- CVE-2026-45936 - In the Linux kernel, the following vulnerability has been resolved: power: supply: goldfish: Fix use-after-fre
- CVE-2026-45938 - In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-f
- CVE-2026-45946 - In the Linux kernel, the following vulnerability has been resolved: power: supply: ab8500: Fix use-after-free
- CVE-2026-45957 - In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcu_read_unlock() deadloop due to
- CVE-2026-45970 - In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlb_arp_recv duri
- CVE-2026-45972 - In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double
- CVE-2026-45984 - In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline d
- CVE-2026-45988 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packe
- CVE-2026-45998 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skb_unshare
- CVE-2026-46033 - In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash di
- CVE-2026-46043 - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before pay
- CVE-2026-46054 - In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect
- CVE-2026-46090 - In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during f
- CVE-2026-46094 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in check_xattrs() t
- CVE-2026-46097 - In the Linux kernel, the following vulnerability has been resolved: Input: edt-ft5x06 - fix use-after-free in
- CVE-2026-46099 - In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and r
- CVE-2026-48962 - IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-con
- CVE-2026-9312 - A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an
- CVE-2026-40033 - FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote a
- CVE-2026-42496 - Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extra
- CVE-2026-44209 - Banks generates meaningful LLM prompts using a template language that makes sense
- CVE-2026-4480 - A flaw was found in the Samba printing subsystem
- CVE-2026-48864 - A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled
- CVE-2026-43503 - In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker
- CVE-2026-46300 - In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker d
- CVE-2026-39821 - The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only la
- CVE-2026-9256 - NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module
- CVE-2026-43494 - In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page
- CVE-2026-43499 - In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of curre
- CVE-2026-43501 - In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when r
- CVE-2026-47101 - LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that t
- CVE-2026-47102 - LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint
- CVE-2026-20223 - A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an un
- CVE-2026-29518 - Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file hand
- CVE-2026-3039 - BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessi
- CVE-2026-33278 - NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that
- CVE-2026-3593 - A use-after-free vulnerability exists within the DNS-over-HTTPS implementation
- CVE-2026-41292 - NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related
- CVE-2026-42944 - NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow
- CVE-2026-42959 - NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC vali
- CVE-2026-43618 - Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where
- CVE-2026-47783 - In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel
- CVE-2026-5946 - Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Inte
- CVE-2026-5947 - Undefined behavior may result due to a race condition leading to a use-after-free violation
- CVE-2026-8631 - A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software
- CVE-2026-8632 - A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software
- CVE-2026-9064 - A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enfor
- CVE-2025-51427 - An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module l
- CVE-2026-27173 - JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only acce
- CVE-2026-32740 - libheif is a HEIF and AVIF file format decoder and encoder
- CVE-2026-32741 - libheif is a HEIF and AVIF file format decoder and encoder
- CVE-2026-32882 - libheif is a HEIF and AVIF file format decoder and encoder
- CVE-2026-43493 - In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKL
- CVE-2026-7307 - A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the
- CVE-2026-7507 - A session fixation vulnerability was found in Keycloak's login-actions endpoints
- CVE-2026-8945 - Sandbox escape in Firefox and Firefox Focus for Android
- CVE-2026-8946 - Incorrect boundary conditions in the Audio/Video: Web Codecs component
- CVE-2026-8947 - Use-after-free in the DOM: Bindings (WebIDL) component
- CVE-2026-8948 - Same-origin policy bypass in the DOM: Networking component
- CVE-2026-8973 - Memory safety bugs present in Firefox 150
- CVE-2026-8975 - Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150
- CVE-2026-42822 - Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate priv
- CVE-2025-54518 - Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an a
- CVE-2026-34253 - A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package
- CVE-2026-44774 - Traefik is an HTTP reverse proxy and load balancer
- CVE-2026-46333 - In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' lo
- CVE-2026-20224 - A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauth
- CVE-2026-44216 - Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8, 43.0.2, and 44.0.1, Wasmtime's allocation logic
- CVE-2026-44484 - PyTorch Lightning is a deep learning framework to pretrain and finetune AI models
- CVE-2026-44673 - libyang is a YANG data modeling language library
- CVE-2026-6473 - Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the se
- CVE-2026-6477 - Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(
- CVE-2026-20916 - An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisc
- CVE-2026-32643 - A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at
- CVE-2026-32673 - A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource
- CVE-2026-33376 - When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses
- CVE-2026-33377 - An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard
- CVE-2026-34176 - When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclos
- CVE-2026-36741 - U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection
- CVE-2026-39455 - When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authen
- CVE-2026-39458 - When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can ca
- CVE-2026-39459 - A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated att
- CVE-2026-40060 - When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can
- CVE-2026-40061 - When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (
- CVE-2026-40067 - When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd proc
- CVE-2026-40423 - When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Mic
- CVE-2026-40618 - When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist
- CVE-2026-40629 - When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop
- CVE-2026-40631 - An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objec
- CVE-2026-40698 - A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at
- CVE-2026-42266 - JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb
- CVE-2026-42557 - jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Noteb
- CVE-2026-42578 - Netty is an asynchronous, event-driven network application framework
- CVE-2026-42579 - Netty is an asynchronous, event-driven network application framework
- CVE-2026-42587 - Netty is an asynchronous, event-driven network application framework
- CVE-2026-44573 - Next.js is a React framework for building full-stack web applications
- CVE-2026-44574 - Next.js is a React framework for building full-stack web applications
- CVE-2026-44579 - Next.js is a React framework for building full-stack web applications
- CVE-2026-5773 - libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers
- CVE-2025-40947 - A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (
- CVE-2025-40949 - A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (
- CVE-2026-22924 - A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0)
- CVE-2026-22925 - A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0)
- CVE-2026-32177 - Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally
- CVE-2026-35433 - Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally
- CVE-2026-42899 - Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny
- CVE-2026-44411 - A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5)
- CVE-2026-8401 - Sandbox escape in the Profile Backup component
- CVE-2026-2614 - A vulnerability in the _create_model_version() handler of mlflow/server/handlers.py in mlflow/mlflow versi
- CVE-2026-28847 - The issue was addressed with improved memory handling
- CVE-2026-28883 - A use-after-free issue was addressed with improved memory management
- CVE-2026-28904 - The issue was addressed with improved memory handling
- CVE-2026-28905 - The issue was addressed with improved memory handling
- CVE-2026-28947 - A use-after-free issue was addressed with improved memory management
- CVE-2026-28953 - The issue was addressed with improved memory handling
- CVE-2026-28955 - The issue was addressed with improved memory handling
- CVE-2026-43500 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets
- CVE-2026-43658 - The issue was addressed with improved memory handling
- CVE-2026-4802 - A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command executio
- CVE-2026-4890 - A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a
- CVE-2026-4892 - A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers
- CVE-2026-5172 - A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds
- CVE-2026-7210 - xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, w
- CVE-2026-8177 - XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names contai
- CVE-2026-41163 - bubblewrap is a low-level unprivileged sandboxing tool
- CVE-2026-42203 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format
- CVE-2026-42208 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format
- CVE-2026-43291 - In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation fo
- CVE-2026-43296 - In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by
- CVE-2026-43304 - In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_L
- CVE-2026-43329 - In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for m
- CVE-2026-43341 - In the Linux kernel, the following vulnerability has been resolved: net/ipv6: ioam6: prevent schema length wra
- CVE-2026-43378 - In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_op
- CVE-2026-43383 - In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be cons
- CVE-2026-43384 - In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be const
- CVE-2026-43406 - In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds r
- CVE-2026-43407 - In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds acces
- CVE-2026-43414 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport doubl
- CVE-2026-43456 - In the Linux kernel, the following vulnerability has been resolved: bonding: fix type confusion in bond_setup_
- CVE-2026-33814 - When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames i
- CVE-2026-39820 - Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU
- CVE-2026-40981 - When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request
- CVE-2026-40982 - Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-conf
- CVE-2026-41142 - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma
- CVE-2026-42216 - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma
- CVE-2026-42499 - Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322
- CVE-2026-8090 - Use-after-free in the DOM: Networking component
- CVE-2026-8091 - Incorrect boundary conditions in the Audio/Video: Playback component
- CVE-2026-8092 - Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1
- CVE-2026-8093 - Memory safety bugs present in Firefox 150.0.1
- CVE-2026-8094 - Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140
- CVE-2026-20167 - A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authe
- CVE-2026-33079 - In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerab
- CVE-2026-43078 - In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix page reassignment ove
- CVE-2026-43112 - In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in c
- CVE-2026-43117 - In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock
- CVE-2026-43125 - In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tre
- CVE-2026-43128 - In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dma_buf_unpin in fai
- CVE-2026-43133 - In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in VMLOAD/VMS
- CVE-2026-43134 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size che
- CVE-2026-43139 - In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6_ge
- CVE-2026-43141 - In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix shift-out-of-bo
- CVE-2026-43150 - In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware
- CVE-2026-43153 - In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfs_attr_leaf_hasname The call
- CVE-2026-43158 - In the Linux kernel, the following vulnerability has been resolved: xfs: fix freemap adjustments when adding x
- CVE-2026-43178 - In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput() in do_
- CVE-2026-43180 - In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipula
- CVE-2026-43184 - In the Linux kernel, the following vulnerability has been resolved: rnbd-srv: Zero the rsp buffer before using
- CVE-2026-43186 - In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix heap buffer overflow in __
- CVE-2026-43187 - In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when
- CVE-2026-43190 - In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_tcpmss: check remaining leng
- CVE-2026-43194 - In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udp
- CVE-2026-43196 - In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in pruss_c
- CVE-2026-43198 - In the Linux kernel, the following vulnerability has been resolved: tcp: fix potential race in tcp_v6_syn_recv
- CVE-2026-43199 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix scheduling while atomic i
- CVE-2026-43203 - In the Linux kernel, the following vulnerability has been resolved: atm: fore200e: fix use-after-free in taskl
- CVE-2026-43205 - In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate num_ifs to prevent
- CVE-2026-43206 - In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfd
- CVE-2026-43207 - In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix error handling in prob
- CVE-2026-43211 - In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_slot_trylock() error handling
- CVE-2026-43212 - In the Linux kernel, the following vulnerability has been resolved: LoongArch: Make cpumask_of_node() robust a
- CVE-2026-43214 - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Add SRCU protection for reading
- CVE-2026-43215 - In the Linux kernel, the following vulnerability has been resolved: cifs: Fix locking usage for tcon fields We
- CVE-2026-43222 - In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buf
- CVE-2026-43230 - In the Linux kernel, the following vulnerability has been resolved: net/rds: Clear reconnect pending bit When
- CVE-2026-43233 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: fix OOB read
- CVE-2026-43236 - In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix use-after-free of drm
- CVE-2026-43239 - In the Linux kernel, the following vulnerability has been resolved: smb: client: prevent races in ->query_inte
- CVE-2026-43241 - In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix array-index-out
- CVE-2026-43248 - In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhos
- CVE-2026-43249 - In the Linux kernel, the following vulnerability has been resolved: 9p/xen: protect xen_9pfs_front_free agains
- CVE-2026-43250 - In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup
- CVE-2026-43253 - In the Linux kernel, the following vulnerability has been resolved: iommu/amd: move wait_on_sem() out of spinl
- CVE-2026-43256 - In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds
- CVE-2026-43258 - In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during me
- CVE-2026-43278 - In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when
- CVE-2026-43279 - In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB
- CVE-2026-43283 - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ec_bhf: Fix dma_free_cohere
- CVE-2026-5081 - Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure
- CVE-2026-23479 - Redis is an in-memory data structure store
- CVE-2026-23631 - Redis is an in-memory data structure store
- CVE-2026-25243 - Redis is an in-memory data structure store
- CVE-2026-28780 - Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server
- CVE-2026-35397 - Jupyter Server is the backend for Jupyter web applications
- CVE-2026-35579 - CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport im
- CVE-2026-42997 - An issue was discovered in idrac in OpenStack Ironic before 35.0.1
- CVE-2026-43071 - In the Linux kernel, the following vulnerability has been resolved: dcache: Limit the minimal number of bucket
- CVE-2026-43869 - Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift
- CVE-2026-6322 - fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitte
- CVE-2026-6918 - In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a
- CVE-2025-70069 - An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and
- CVE-2026-23918 - Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol
- CVE-2026-24082 - Memory Corruption when copying data from a freed source while executing performance counter deselect operation
- CVE-2026-29004 - BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS
- CVE-2026-37459 - An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Servi
- CVE-2026-40682 - XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versio
- CVE-2026-42027 - Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 1
- CVE-2026-42151 - Prometheus is an open-source monitoring system and time series database
- CVE-2026-42154 - Prometheus is an open-source monitoring system and time series database
- CVE-2026-42440 - OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected:
- CVE-2026-6266 - A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links a
- CVE-2026-31703 - In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inode_swi
- CVE-2026-31709 - In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL befor
- CVE-2026-37457 - An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_ut
- CVE-2026-43001 - An issue was discovered in OpenStack Keystone before 29.0.2
- CVE-2026-43011 - In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb
- CVE-2026-43033 - In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at
- CVE-2026-43037 - In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: clear skb2->cb[] in ip4ip6_err
- CVE-2026-43038 - In the Linux kernel, the following vulnerability has been resolved: ipv6: icmp: clear skb2->cb[] in ip6_err_ge
- CVE-2026-5403 - SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code exe
- CVE-2026-5405 - RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and poss
- CVE-2026-5656 - Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and pos
- CVE-2026-7598 - A security vulnerability has been detected in libssh2 up to 1.11.1
- CVE-2026-31693 - In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on repl
- CVE-2026-7246 - Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() functio
- CVE-2026-37555 - An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec
- CVE-2026-42198 - pgjdbc is an open source postgresql JDBC Driver
- CVE-2024-54013 - Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web
- CVE-2025-48431 - Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings
- CVE-2026-40976 - In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to al
- CVE-2026-41603 - Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift
- CVE-2026-41604 - Out-of-bounds Read vulnerability in Apache Thrift
- CVE-2026-41605 - Integer Overflow or Wraparound vulnerability in Apache Thrift
- CVE-2026-7320 - Information disclosure due to incorrect boundary conditions in the Audio/Video component
- CVE-2026-7322 - Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0
- CVE-2026-7323 - Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0
- CVE-2026-7324 - Memory safety bugs present in Thunderbird 150.0.0
- CVE-2026-3006 - Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap o
- CVE-2026-40022 - When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-p
- CVE-2026-6785 - Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Th
- CVE-2026-6786 - Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149
- CVE-2026-31682 - In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before p
- CVE-2026-31685 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC
- CVE-2026-6951 - Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incom
- CVE-2026-21728 - Tempo queries with large limits can cause large memory allocations which can impact the availability of the se
- CVE-2026-31607 - In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip
- CVE-2026-31637 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response
- CVE-2026-31641 - In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bou
- CVE-2026-31649 - In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chai
- CVE-2026-31657 - In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways b
- CVE-2026-31659 - In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT res
- CVE-2026-31663 - In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transport_f
- CVE-2026-31668 - In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and out
- CVE-2026-31669 - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_l
- CVE-2026-40466 - Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache A
- CVE-2026-41044 - Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache A
- CVE-2026-41316 - ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an
- CVE-2026-5367 - A flaw was found in OVN (Open Virtual Network)
- CVE-2026-33999 - A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatib
- CVE-2026-34001 - A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering
- CVE-2026-34003 - A flaw was found in the X.Org X server's XKB key types request validation
- CVE-2026-41176 - Rclone is a command-line program to sync files and directories to and from different cloud storage providers
- CVE-2026-41179 - Rclone is a command-line program to sync files and directories to and from different cloud storage providers
- CVE-2026-22754 - Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path=/servlet-path
- CVE-2026-31431 - In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating o
- CVE-2026-31436 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible wrong descri
- CVE-2026-31448 - In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by resid
- CVE-2026-31474 - In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in i
- CVE-2026-31478 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with off
- CVE-2026-31488 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mod
- CVE-2026-31504 - In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_release() vi
- CVE-2026-40542 - Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to acc
- CVE-2026-40575 - OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers
- CVE-2026-6846 - A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted
- CVE-2026-6857 - A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream re
- CVE-2026-40244 - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma
- CVE-2026-40895 - follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatical
- CVE-2026-40906 - Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1
- CVE-2026-6746 - Use-after-free in the DOM: Core & HTML component
- CVE-2026-6747 - Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thund
- CVE-2026-6748 - Uninitialized memory in the Audio/Video: Web Codecs component
- CVE-2026-6749 - Information disclosure due to uninitialized memory in the Graphics: Canvas2D component
- CVE-2026-6750 - Privilege escalation in the Graphics: WebRender component
- CVE-2026-6751 - Uninitialized memory in the Audio/Video: Web Codecs component
- CVE-2026-6752 - Incorrect boundary conditions in the WebRTC component
- CVE-2026-6753 - Incorrect boundary conditions in the WebRTC component
- CVE-2026-6784 - Memory safety bugs present in Firefox 149 and Thunderbird 149
- CVE-2026-33557 - A possible security vulnerability has been identified in Apache Kafka
- CVE-2026-3605 - An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secr
- CVE-2026-40066 - Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded
- CVE-2026-4525 - If a Vault auth mount is configured to pass through the Authorization header, and the Authorization header
- CVE-2026-5720 - miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attacker
- CVE-2026-5807 - Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate
- CVE-2025-54502 - Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privilege
- CVE-2026-40170 - ngtcp2 is a C implementation of the IETF QUIC protocol
- CVE-2026-41035 - In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading t
- CVE-2026-41082 - In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent d
- CVE-2025-41118 - Pyroscope is an open-source continuous profiling database
- CVE-2026-20186 - A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execu
- CVE-2026-33805 - @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Conne
- CVE-2026-33806 - Impact: Fastify applications using schema.body.content for per-content-type body validation can have validatio
- CVE-2026-34632 - Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have re
- CVE-2026-6384 - A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsIm
- CVE-2026-6388 - A flaw was found in ArgoCD Image Updater
- CVE-2026-2332 - In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, simil
- CVE-2026-23666 - Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network
- CVE-2026-26171 - Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network
- CVE-2026-32178 - Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a
- CVE-2026-32203 - Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a n
- CVE-2026-33414 - Podman is a tool for managing OCI containers and pods
- CVE-2026-0233 - A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows
- CVE-2026-0234 - An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM plat
- CVE-2026-1462 - A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker-controlled Te
- CVE-2026-31419 - In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bond_x
- CVE-2026-33901 - ImageMagick is free and open-source software used for editing and manipulating digital images
- CVE-2026-33908 - ImageMagick is free and open-source software used for editing and manipulating digital images
- CVE-2026-4786 - Mitgation of CVE-2026-4519 was incomplete
- CVE-2026-5936 - An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate
- CVE-2026-6100 - Use-after-free (UAF) was possible in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile w
- CVE-2019-25695 - R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by inje
- CVE-2026-32146 - Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary f
- CVE-2026-4150 - GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability
- CVE-2026-4151 - GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability
- CVE-2026-4152 - GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-4153 - GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-4154 - GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability
- CVE-2026-34481 - Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in v
- CVE-2026-40217 - LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /gu
- CVE-2025-13914 - A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstr
- CVE-2026-29146 - Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration
- CVE-2026-33771 - A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS migh
- CVE-2026-34486 - Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing
- CVE-2026-34734 - HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump hel
- CVE-2026-34971 - Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift
- CVE-2026-35204 - Helm is a package manager for Charts for Kubernetes
- CVE-2026-35205 - Helm is a package manager for Charts for Kubernetes
- CVE-2026-4660 - HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain gi
- CVE-2026-27140 - SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code exe
- CVE-2026-32589 - A flaw was found in Red Hat Quay's container image upload process
- CVE-2026-32590 - A flaw was found in Red Hat Quay's handling of resumable container image layer uploads
- CVE-2026-33810 - When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly ap
- CVE-2026-5795 - In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal
- CVE-2025-14821 - A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of
- CVE-2026-20884 - An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2
- CVE-2026-20889 - A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d2031
- CVE-2026-20911 - A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b5
- CVE-2026-21413 - A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit
- CVE-2026-24450 - An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8d
- CVE-2026-24660 - A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d2031
- CVE-2026-28808 - Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scrip
- CVE-2026-33816 - Memory-safety vulnerability in github.com/jackc/pgx/v5
- CVE-2026-34045 - Podman Desktop is a graphical tool for developing on containers and Kubernetes
- CVE-2026-34078 - Flatpak is a Linux application sandboxing and distribution framework
- CVE-2026-34580 - Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a mislea
- CVE-2026-4740 - A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Manageme
- CVE-2026-5731 - Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149
- CVE-2026-5732 - Incorrect boundary conditions, integer overflow in the Graphics: Text component
- CVE-2026-5733 - Incorrect boundary conditions in the Graphics: WebGPU component
- CVE-2026-5734 - Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 14
- CVE-2026-5735 - Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1
- CVE-2026-34379 - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma
- CVE-2026-34588 - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma
- CVE-2026-34982 - Vim is an open source, command line text editor
- CVE-2026-35030 - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format
- CVE-2026-35172 - Distribution is a toolkit to pack, ship, store, and deliver container content
- CVE-2026-0545 - In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/* are not protected by authentication o
- CVE-2026-23428 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in
- CVE-2026-23450 - In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL dereference and UAF in s
- CVE-2026-23455 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: check for ze
- CVE-2026-31402 - In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK re
- CVE-2026-35535 - In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege
- CVE-2026-34785 - Rack is a modular Ruby web server interface
- CVE-2026-34827 - Rack is a modular Ruby web server interface
- CVE-2026-34829 - Rack is a modular Ruby web server interface
- CVE-2026-35385 - In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to som
- CVE-2026-3872 - A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server,
- CVE-2026-4282 - A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and nam
- CVE-2026-4634 - A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a speciall
- CVE-2026-4636 - A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Acces
- CVE-2026-20160 - A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote a
- CVE-2026-27489 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability
- CVE-2026-34545 - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma
- CVE-2026-35093 - A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain
- CVE-2026-34040 - Moby is an open source container framework
- CVE-2026-4800 - Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHSA-35jh-r3h4-6jhm) added validation for th
- CVE-2026-5201 - A flaw was found in the gdk-pixbuf library
- CVE-2025-15036 - A path traversal vulnerability exists in the extract_archive_to_dir function within the mlflow/pyfunc/dbcon
- CVE-2026-2370 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18
- CVE-2026-33984 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-33986 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-34714 - Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default
- CVE-2025-15381 - In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints
- CVE-2025-59032 - ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response
- CVE-2026-24031 - Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin
- CVE-2026-27856 - Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack
- CVE-2026-27858 - Attacker can send a specifically crafted message before authentication that causes managesieve to allocate lar
- CVE-2026-27876 - A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execu
- CVE-2026-27880 - The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-
- CVE-2026-32695 - Traefik is an HTTP reverse proxy and load balancer
- CVE-2026-33433 - Traefik is an HTTP reverse proxy and load balancer
- CVE-2026-33757 - OpenBao is an open source identity-based secrets management system
- CVE-2026-33870 - Netty is an asynchronous, event-driven network application framework
- CVE-2026-33871 - Netty is an asynchronous, event-driven network application framework
- CVE-2026-1961 - A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's We
- CVE-2026-28377 - A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config e
- CVE-2026-32285 - The Delete function fails to properly validate offsets when processing malformed JSON input
- CVE-2026-32286 - The DataRow.Decode function fails to properly validate field lengths
- CVE-2026-32748 - Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expect
- CVE-2026-33526 - Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to
- CVE-2026-4926 - Impact: A bad regular expression is generated any time you have multiple sequential optional groups (curly bra
- CVE-2025-67030 - Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils
- CVE-2026-1519 - If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may
- CVE-2026-23392 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release flowtable af
- CVE-2026-27889 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system
- CVE-2026-29785 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system
- CVE-2026-3104 - A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domai
- CVE-2026-33216 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system
- CVE-2026-33217 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system
- CVE-2026-33218 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system
- CVE-2026-33247 - NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system
- CVE-2026-3608 - Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons ov
- CVE-2026-27651 - When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests
- CVE-2026-27654 - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an at
- CVE-2026-27784 - The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which mi
- CVE-2026-32647 - NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an
- CVE-2026-33195 - Active Storage allows users to attach cloud and local files in Rails applications
- CVE-2026-4371 - A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory
- CVE-2026-4684 - Race condition, use-after-free in the Graphics: WebRender component
- CVE-2026-4685 - Incorrect boundary conditions in the Graphics: Canvas2D component
- CVE-2026-4686 - Incorrect boundary conditions in the Graphics: Canvas2D component
- CVE-2026-4687 - Sandbox escape due to incorrect boundary conditions in the Telemetry component
- CVE-2026-4688 - Sandbox escape due to use-after-free in the Disability Access APIs component
- CVE-2026-4689 - Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
- CVE-2026-4690 - Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
- CVE-2026-4691 - Use-after-free in the CSS Parsing and Computation component
- CVE-2026-4692 - Sandbox escape in the Responsive Design Mode component
- CVE-2026-4693 - Incorrect boundary conditions in the Audio/Video: Playback component
- CVE-2026-4694 - Incorrect boundary conditions, integer overflow in the Graphics component
- CVE-2026-4695 - Incorrect boundary conditions in the Audio/Video: Web Codecs component
- CVE-2026-4696 - Use-after-free in the Layout: Text and Fonts component
- CVE-2026-4697 - Incorrect boundary conditions in the Audio/Video: Web Codecs component
- CVE-2026-4699 - Incorrect boundary conditions in the Layout: Text and Fonts component
- CVE-2026-4700 - Mitigation bypass in the Networking: HTTP component
- CVE-2026-4720 - Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
- CVE-2026-4721 - Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Th
- CVE-2026-4729 - Memory safety bugs present in Firefox 148 and Thunderbird 148
- CVE-2026-4775 - A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerabili
- CVE-2026-4598 - Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function
- CVE-2026-4599 - Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Mi
- CVE-2026-4600 - Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signa
- CVE-2026-4601 - Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.cryp
- CVE-2026-4602 - Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types d
- CVE-2026-23272 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump
- CVE-2026-23274 - In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse
- CVE-2026-23278 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pend
- CVE-2026-23536 - A security issue was discovered in the Feast Feature Server's /read-document endpoint that allows an unauthe
- CVE-2026-32829 - lz4_flex is a pure Rust implementation of LZ4 compression/decompression
- CVE-2026-33150 - libfuse is the reference implementation of the Linux FUSE
- CVE-2026-33210 - Ruby JSON is a JSON implementation for Ruby
- CVE-2006-10003 - XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack
- CVE-2026-3029 - A path traversal and arbitrary file write vulnerability exist in the embedded get function in '_main_.py' in P
- CVE-2026-4342 - A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inj
- CVE-2026-4424 - A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processin
- CVE-2025-15031 - A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handlin
- CVE-2026-2092 - A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not pr
- CVE-2026-23242 - In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer deref
- CVE-2026-23243 - In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_
- CVE-2026-23262 - In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue
- CVE-2026-2603 - A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML respons
- CVE-2026-26740 - Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the
- CVE-2026-27135 - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C
- CVE-2026-28500 - Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability
- CVE-2026-33001 - Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction
- CVE-2026-32981 - A path traversal vulnerability was identified in Ray Dashboard (default port 8265) in Ray versions prior to 2
- CVE-2026-3564 - A condition in the ScreenConnect server component may allow an actor with access to server-level cryptographic
- CVE-2026-2920 - GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-2921 - GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability
- CVE-2026-2922 - GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability
- CVE-2026-2923 - GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability
- CVE-2026-3081 - GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-3082 - GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-3083 - GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability
- CVE-2026-3084 - GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability
- CVE-2026-3085 - GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-3086 - GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability
- CVE-2026-3644 - The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete
- CVE-2026-4177 - YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-seve
- CVE-2026-31806 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-4111 - A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within t
- CVE-2023-43010 - The issue was addressed with improved memory handling
- CVE-2026-1528 - ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length
- CVE-2026-3497 - Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions
- CVE-2026-24294 - Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally
- CVE-2026-26130 - Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny s
- CVE-2026-28691 - ImageMagick is free and open-source software used for editing and manipulating digital images
- CVE-2026-28693 - ImageMagick is free and open-source software used for editing and manipulating digital images
- CVE-2026-31837 - Istio is an open platform to connect, manage, and secure microservices
- CVE-2026-0846 - A vulnerability in the filestring() function of the nltk.util module in nltk version 3.9.2 allows arbitrar
- CVE-2026-25960 - vLLM is an inference and serving engine for large language models (LLMs)
- CVE-2026-3823 - EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing
- CVE-2026-24281 - Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS (PTR) when IP SAN validatio
- CVE-2026-24308 - Improper handling of configuration values in ZKConfig in Apache ZooKeeper 3.8.5 and 3.9.4 on all platforms all
- CVE-2026-25679 - url.Parse insufficiently validated the host/authority component and accepted some invalid URLs
- CVE-2026-26017 - CoreDNS is a DNS server that chains plugins
- CVE-2026-26018 - CoreDNS is a DNS server that chains plugins
- CVE-2026-27137 - When verifying a certificate chain which contains a certificate containing multiple email address constraints
- CVE-2026-29063 - Immutable.js provides many Persistent Immutable data structures
- CVE-2025-45691 - An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0
- CVE-2026-1605 - In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a
- CVE-2026-25048 - xgrammar is an open-source library for efficient, flexible, and portable structured generation
- CVE-2026-29054 - Traefik is an HTTP reverse proxy and load balancer
- CVE-2026-3009 - A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to procee
- CVE-2026-3047 - A flaw was found in org.keycloak.broker.saml
- CVE-2025-71238 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing doub
- CVE-2026-23233 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical
- CVE-2026-23234 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_write_end_i
- CVE-2026-23235 - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs at
- CVE-2026-23236 - In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory
- CVE-2026-27446 - Missing Authentication for Critical Function (CWE-306) vulnerability in Apache Artemis, Apache ActiveMQ Artemi
- CVE-2026-27622 - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage forma
- CVE-2026-3336 - Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certifica
- CVE-2026-3338 - Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature v
- CVE-2026-2293 - A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middlewar
- CVE-2026-28364 - In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c)
- CVE-2026-1693 - The OAuth grant type Resource Owner Password Credentials (ROPC) flow is still used by the werbservices used by
- CVE-2026-26103 - A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUK
- CVE-2026-26965 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-27148 - Storybook is a frontend workshop for building user interface components and pages in isolation
- CVE-2026-27595 - Parse Dashboard is a standalone dashboard for managing Parse Server apps
- CVE-2026-27608 - Parse Dashboard is a standalone dashboard for managing Parse Server apps
- CVE-2026-25794 - ImageMagick is free and open-source software used for editing and manipulating digital images
- CVE-2026-25965 - ImageMagick is free and open-source software used for editing and manipulating digital images
- CVE-2026-25985 - ImageMagick is free and open-source software used for editing and manipulating digital images
- CVE-2026-2757 - Incorrect boundary conditions in the WebRTC: Audio/Video component
- CVE-2026-2759 - Incorrect boundary conditions in the Graphics: ImageLib component
- CVE-2026-2760 - Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component
- CVE-2026-2761 - Sandbox escape in the Graphics: WebRender component
- CVE-2026-2768 - Sandbox escape in the Storage: IndexedDB component
- CVE-2026-2769 - Use-after-free in the Storage: IndexedDB component
- CVE-2026-2770 - Use-after-free in the DOM: Bindings (WebIDL) component
- CVE-2026-2771 - Undefined behavior in the DOM: Core & HTML component
- CVE-2026-2772 - Use-after-free in the Audio/Video: Playback component
- CVE-2026-2773 - Incorrect boundary conditions in the Web Audio component
- CVE-2026-2774 - Integer overflow in the Audio/Video component
- CVE-2026-2775 - Mitigation bypass in the DOM: HTML Parser component
- CVE-2026-2776 - Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
- CVE-2026-2777 - Privilege escalation in the Messaging System component
- CVE-2026-2778 - Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component
- CVE-2026-2792 - Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147
- CVE-2026-2793 - Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Th
- CVE-2026-2794 - Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android
- CVE-2026-2798 - Use-after-free in the DOM: Core & HTML component
- CVE-2026-2799 - Use-after-free in the DOM: Core & HTML component
- CVE-2026-2807 - Memory safety bugs present in Firefox 147 and Thunderbird 147
- CVE-2025-14905 - A flaw was found in the 389-ds-base server
- CVE-2025-67733 - Valkey is a distributed key-value database
- CVE-2026-21863 - Valkey is a distributed key-value database
- CVE-2026-27623 - Valkey is a distributed key-value database
- CVE-2019-25434 - SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash
- CVE-2026-0797 - GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-2033 - MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability
- CVE-2026-2044 - GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability
- CVE-2026-2045 - GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
- CVE-2026-2047 - GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-2048 - GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
- CVE-2026-2492 - TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
- CVE-2026-25896 - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C+
- CVE-2026-2635 - MLflow Use of Default Password Authentication Bypass Vulnerability
- CVE-2026-2818 - A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers
- CVE-2026-24834 - Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machine
- CVE-2026-26200 - HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an h5 file parsed
- CVE-2026-26278 - fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C+
- CVE-2025-71231 - In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in f
- CVE-2026-22860 - Rack is a modular Ruby web server interface
- CVE-2026-23216 - In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in
- CVE-2026-23221 - In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_
- CVE-2026-23222 - In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_
- CVE-2026-23230 - In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to
- CVE-2026-24708 - An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1
- CVE-2026-24734 - Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat
- CVE-2026-2447 - Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox
- CVE-2026-23169 - In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race in mptcp_pm_nl_flush_addrs
- CVE-2026-23180 - In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id i
- CVE-2026-23185 - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mlo_scan_start_
- CVE-2026-23193 - In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in
- CVE-2026-23198 - In the Linux kernel, the following vulnerability has been resolved: KVM: Don't clobber irqfd routing type when
- CVE-2026-23111 - In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask
- CVE-2023-31313 - An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attac
- CVE-2026-2004 - Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an
- CVE-2026-2005 - Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the oper
- CVE-2026-2006 - Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to iss
- CVE-2026-2007 - Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted inp
- CVE-2020-37196 - Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the
- CVE-2020-37197 - Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the
- CVE-2020-37199 - NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attacke
- CVE-2020-37200 - NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration key input that allows att
- CVE-2020-37201 - NetShareWatcher 1.5.8.0 contains a buffer overflow vulnerability in the registration name input that allows at
- CVE-2020-37204 - RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attac
- CVE-2020-37205 - RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application
- CVE-2020-37206 - ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by sup
- CVE-2020-37207 - SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows at
- CVE-2020-37208 - SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attac
- CVE-2020-37209 - SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows at
- CVE-2020-37210 - SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to
- CVE-2020-37211 - SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputt
- CVE-2020-37212 - SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows atta
- CVE-2026-1669 - Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 o
- CVE-2026-1837 - A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory
- CVE-2026-20652 - The issue was addressed with improved memory handling
- CVE-2026-26157 - A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attack
- CVE-2026-26158 - A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended ext
- CVE-2025-35998 - Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some
- CVE-2026-25506 - MUNGE is an authentication service for creating and validating user credentials
- CVE-2026-25646 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network
- CVE-2026-1486 - A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fail
- CVE-2026-1529 - A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and
- CVE-2026-24678 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-23074 - In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be u
- CVE-2026-25536 - MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients
- CVE-2026-1530 - A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (
- CVE-2026-1531 - A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL ve
- CVE-2026-1761 - A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multi
- CVE-2026-22778 - vLLM is an inference and serving engine for large language models (LLMs)
- CVE-2024-4027 - A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() ca
- CVE-2025-61140 - The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution
- CVE-2025-61726 - The net/url package does not set a limit on the number of query parameters in a query
- CVE-2026-21720 - Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image
- CVE-2026-21721 - The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permis
- CVE-2026-24869 - Use-after-free in the Layout: Scrolling and Overflow component
- CVE-2026-24881 - In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key
- CVE-2026-24882 - In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT co
- CVE-2025-14459 - A flaw was found in KubeVirt Containerized Data Importer (CDI)
- CVE-2026-23864 - Multiple denial of service vulnerabilities exist in React Server Components, affecting the following packages:
- CVE-2025-15059 - GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- CVE-2026-0603 - A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injectio
- CVE-2026-1260 - Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is n
- CVE-2026-20736 - Gitea does not properly verify repository context when deleting attachments
- CVE-2025-13878 - Malformed BRID/HHIT records can cause named to terminate unexpectedly
- CVE-2026-22822 - External Secrets Operator reads information from a third-party service and automatically injects the values as
- CVE-2026-24046 - Backstage is an open framework for building developer portals
- CVE-2026-22797 - An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before
- CVE-2026-23530 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-23531 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-23532 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-23533 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-23534 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-23883 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-23884 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2021-47814 - NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by o
- CVE-2026-0532 - External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow a
- CVE-2026-22853 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-22855 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-22858 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2026-22859 - FreeRDP is a free implementation of the Remote Desktop Protocol
- CVE-2025-71089 - In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set
- CVE-2026-0877 - Mitigation bypass in the DOM: Security component
- CVE-2026-0878 - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
- CVE-2026-0879 - Sandbox escape due to incorrect boundary conditions in the Graphics component
- CVE-2026-0880 - Sandbox escape due to integer overflow in the Graphics component
- CVE-2026-0881 - Sandbox escape in the Messaging System component
- CVE-2026-0882 - Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox
- CVE-2026-0891 - Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146
- CVE-2025-15514 - Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi
- CVE-2025-68493 - Missing XML Validation vulnerability in Apache Struts, Apache Struts
- CVE-2025-61686 - React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior
- CVE-2025-13761 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.3, and 18.7 before
- CVE-2025-13772 - GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3
- CVE-2025-9222 - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 1
- CVE-2025-50334 - An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-li
- CVE-2026-0719 - A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other
- CVE-2026-22184 - zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under
- CVE-2025-67268 - gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2
- CVE-2025-67269 - An integer underflow vulnerability exists in the nextstate() function in gpsd/packet.c of gpsd versions pr
- CVE-2025-2515 - A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS
- CVE-2025-68263 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_
- CVE-2025-14523 - A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occur
- CVE-2025-66287 - A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to i
- CVE-2025-13947 - A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can
- CVE-2025-13601 - A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the
- CVE-2025-13502 - A flaw was found in WebKitGTK and WPE WebKit
- CVE-2025-13609 - A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new ag
- CVE-2025-41115 - SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations
- CVE-2025-61662 - A Use-After-Free vulnerability has been discovered in GRUB's gettext module
- CVE-2025-59088 - If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration,
- CVE-2025-30398 - Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a net
- CVE-2025-10230 - A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are pa
- CVE-2025-43433 - The issue was addressed with improved memory handling
- CVE-2025-62230 - A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup
- CVE-2025-62231 - A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the
- CVE-2025-40082 - In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hf
- CVE-2025-12105 - A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and W
- CVE-2023-53673 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: call disconnect call
- CVE-2025-11021 - A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other
- CVE-2025-9900 - A flaw was found in Libtiff. This vulnerability is a write-what-where condition, triggered when the library
- CVE-2025-5962 - A flaw was found in the Lightspeed history service
- CVE-2025-4953 - A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during
- CVE-2025-9566 - There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when
- CVE-2025-8067 - A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-B
- CVE-2023-32256 - A flaw was found in the Linux kernel's ksmbd component
- CVE-2025-31277 - The issue was addressed with improved memory handling
- CVE-2025-4056 - A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spa
- CVE-2025-6018 - A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Auth
- CVE-2025-23266 - NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the conta
- CVE-2025-6965 - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed
- CVE-2025-7424 - A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input da
- CVE-2025-7425 - A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts interna
- CVE-2025-7345 - A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’
- CVE-2025-5318 - A flaw was found in the libssh library in versions less than 0.11.2
- CVE-2025-6019 - A Local Privilege Escalation (LPE) vulnerability was found in libblockdev
- CVE-2025-4404 - A privilege escalation from host to domain vulnerability was found in the FreeIPA project
- CVE-2025-49176 - A flaw was found in the Big Requests extension
- CVE-2025-49179 - A flaw was found in the X Record extension
- CVE-2025-49180 - A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validat
- CVE-2025-6020 - A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper pr
- CVE-2025-49794 - A use-after-free vulnerability was found in libxml2
- CVE-2025-49795 - A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions
- CVE-2025-49796 - A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger
- CVE-2025-6021 - A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can
- CVE-2025-5914 - A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar
- CVE-2025-48796 - A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow
- CVE-2025-48797 - A flaw was found in GIMP when processing certain TGA image files
- CVE-2025-48798 - A flaw was found in GIMP when processing XCF image files
- CVE-2025-5222 - A stack buffer overflow was found in Internationl components for unicode (ICU )
- CVE-2025-5024 - A flaw was found in gnome-remote-desktop
- CVE-2025-37924 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos auth
- CVE-2025-31223 - The issue was addressed with improved checks
- CVE-2025-37822 - In the Linux kernel, the following vulnerability has been resolved: riscv: uprobes: Add missing fence.i after
- CVE-2025-37778 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krb_authent
- CVE-2025-3891 - A flaw was found in the mod_auth_openidc module for Apache httpd
- CVE-2025-46397 - A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via b
- CVE-2025-32911 - A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition(
- CVE-2025-32906 - A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bo
- CVE-2025-32908 - A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers
- CVE-2025-32913 - A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable t
- CVE-2025-32914 - A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-b
- CVE-2025-2784 - A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via th
- CVE-2025-3155 - A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary script
- CVE-2025-32049 - A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause
- CVE-2025-24196 - A type confusion issue was addressed with improved memory handling
- CVE-2025-24207 - A permissions issue was addressed with additional restrictions
- CVE-2025-24211 - This issue was addressed with improved memory handling
- CVE-2025-24246 - An injection issue was addressed with improved validation
- CVE-2025-24250 - This issue was addressed with improved access restrictions
- CVE-2025-24253 - This issue was addressed with improved handling of symlinks
- CVE-2025-31183 - The issue was addressed with improved restriction of data container access
- CVE-2024-8176 - A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expan
- CVE-2025-23368 - A flaw was found in Wildfly Elytron integration
- CVE-2024-45782 - A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesyst
- CVE-2025-0678 - A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-con
- CVE-2025-0689 - When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadat
- CVE-2025-1125 - When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the
- CVE-2025-26988 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vis
- CVE-2025-26594 - A use-after-free flaw was found in X.Org and Xwayland
- CVE-2025-26595 - A buffer overflow flaw was found in X.Org and Xwayland
- CVE-2025-26596 - A heap overflow flaw was found in X.Org and Xwayland
- CVE-2025-26597 - A buffer overflow flaw was found in X.Org and Xwayland
- CVE-2025-26598 - An out-of-bounds write flaw was found in X.Org and Xwayland
- CVE-2025-26599 - An access to an uninitialized pointer flaw was found in X.Org and Xwayland
- CVE-2025-26600 - A use-after-free flaw was found in X.Org and Xwayland
- CVE-2025-26601 - A use-after-free flaw was found in X.Org and Xwayland
- CVE-2025-0624 - A flaw was found in grub2. During the network boot process, when trying to search for the configuration file,
- CVE-2025-1244 - A command injection flaw was found in the text editor Emacs
- CVE-2024-11218 - A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using
- CVE-2024-45331 - A incorrect privilege assignment vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.3, FortiAnalyzer 7
- CVE-2024-12084 - A heap-based buffer overflow flaw was found in the rsync daemon
- CVE-2024-12085 - A flaw was found in rsync which could be triggered when rsync compares file checksums
- CVE-2024-48884 - A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet For
- CVE-2025-0306 - A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack
- CVE-2024-9675 - A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the
- CVE-2024-8418 - A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processi
- CVE-2024-21522 - All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is prov
- CVE-2024-21523 - All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input
- CVE-2024-23667 - An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebMana
- CVE-2024-23668 - An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebMana
- CVE-2024-23670 - An improper authorization in Fortinet FortiWebManager 7.2.0, FortiWebManager 7.0.0 through 7.0.4, FortiWebMana
- CVE-2024-35862 - In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_
- CVE-2024-3727 - A flaw was found in the github.com/containers/image library
- CVE-2024-22257 - In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, vers
- CVE-2023-42789 - A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, Fort
- CVE-2023-42790 - A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2
- CVE-2024-21626 - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification
- CVE-2023-40547 - A remote code execution vulnerability was found in Shim
- CVE-2023-38950 - A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to
- CVE-2023-3640 - A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU d
- CVE-2023-2373 - A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6
- CVE-2023-2374 - A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6
- CVE-2023-2375 - A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6
- CVE-2023-2376 - A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6
- CVE-2023-2377 - A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6
- CVE-2023-2378 - A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6
- CVE-2022-30065 - A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when pr
- CVE-2022-26258 - D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST t
- CVE-2021-42237 - Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attac
- CVE-2021-29441 - Nacos is a platform designed for dynamic service discovery and configuration and service management
- CVE-2020-24881 - SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scan
- CVE-2020-26867 - ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to the deserialization of untrusted data, wh
- CVE-2020-26868 - ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability
- CVE-2020-26869 - ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized u
- CVE-2019-14749 - An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1
- CVE-2018-10902 - It was found that the raw midi kernel driver does not protect against concurrent access which leads to a doubl
- CVE-2018-1259 - Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1
- CVE-2018-1274 - Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a propert
- CVE-2018-1273 - Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain
- CVE-2018-7195 - Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-
- CVE-2016-6650 - EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an