Vulnerability Intelligence
HIGH & CRITICAL severity — CVSS score ≥ 7.0
Total
2054
NVD
1889
CISA KEV
60
Exploit-DB
84
ANSSI
1
| CVE ID | Title | Severity | CVSS | Source | Published |
|---|---|---|---|---|---|
| CVE-2026-56783 | Parseable before 2 | MEDIUM | 6.5 | NVD | Jun 29, 2026 |
| CVE-2026-56782 | Gorse before 0 | CRITICAL | 9.8 | NVD | Jun 29, 2026 |
| CVE-2026-56780 | Modoboa before 2 | HIGH | 7.5 | NVD | Jun 29, 2026 |
| CVE-2026-56285 | Nitter's /video media proxy endpoint fails to validate target URLs against Twitt | HIGH | 8.6 | NVD | Jun 29, 2026 |
| CVE-2026-36848 | Gigavue-Os — Gigamon GVOS v5 | HIGH | 7.5 | NVD | Jun 29, 2026 |
| CVE-2026-13592 | A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d350 | HIGH | 7.3 | NVD | Jun 29, 2026 |
| CVE-2026-13752 | Snowflake Cli — Improper neutralization of parameters in Snowflake CLI versi | MEDIUM | 6.0 | NVD | Jun 29, 2026 |
| CVE-2026-12912 | A flaw was found in libtiff | HIGH | 7.3 | NVD | Jun 29, 2026 |
| CVE-2026-13676 | fast-uri versions 2 | HIGH | 7.5 | NVD | Jun 29, 2026 |
| CVE-2026-13568 | A weakness has been identified in SourceCodester Inventory Management System 1 | HIGH | 7.3 | NVD | Jun 29, 2026 |
| CVE-2026-13566 | A vulnerability was identified in SourceCodester Class and Exam Timetabling Syst | HIGH | 7.3 | NVD | Jun 29, 2026 |
| CVE-2026-13565 | A vulnerability was determined in SourceCodester Class and Exam Timetabling Syst | HIGH | 7.3 | NVD | Jun 29, 2026 |
| CVE-2026-12856 | A flaw was found in the vscode-java extension, which provides Java language supp | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-11979 | Libxml2 — libxml2 is vulnerable to multiple stack-based buffer overflo | HIGH | 7.8 | NVD | Jun 29, 2026 |
| CVE-2026-13564 | A vulnerability was found in Edimax EW-7478APC 1 | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-13563 | A vulnerability has been found in Edimax EW-7478APC 1 | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-13562 | A flaw has been found in Edimax EW-7478APC 1 | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-13561 | A vulnerability was detected in Edimax EW-7478APC 1 | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13560 | A security vulnerability has been detected in Edimax EW-7478APC 1 | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13559 | A weakness has been identified in code-projects Real State Services 1 | HIGH | 7.3 | NVD | Jun 29, 2026 |
| CVE-2026-13545 | Dcs-935L Firmware — A vulnerability has been found in D-Link DCS-935L 1 | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-13544 | A flaw has been found in Feehi CMS up to 2 | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13542 | A security vulnerability has been detected in itsourcecode Hospital Management S | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13541 | A weakness has been identified in itsourcecode Hospital Management System 1 | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13540 | A security flaw has been discovered in GitBucket up to 4 | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13539 | A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425 | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-10083 | The APCu Manager WordPress plugin before 4 | HIGH | 7.5 | NVD | Jun 29, 2026 |
| CVE-2025-7386 | Information exposure vulnerability in Hitachi Storage Navigator | MEDIUM | 6.8 | NVD | Jun 29, 2026 |
| CVE-2025-2902 | Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual S | HIGH | 8.3 | NVD | Jun 29, 2026 |
| CVE-2026-13538 | A vulnerability was determined in Wavlink WL-NU516U1-A M16U1_V240425 | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13535 | A flaw has been found in CodeAstro Human Resource Management System 1 | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13532 | A weakness has been identified in itsourcecode Hospital Management System 1 | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13528 | A vulnerability was found in YunaiV/zhijiantianya ruoyi-vue-pro up to 2026 | HIGH | 7.3 | NVD | Jun 29, 2026 |
| CVE-2026-13527 | A vulnerability has been found in SourceCodester Class and Exam Timetabling Syst | HIGH | 7.3 | NVD | Jun 29, 2026 |
| CVE-2026-13526 | A flaw has been found in SourceCodester Class and Exam Timetabling System 1 | HIGH | 7.3 | NVD | Jun 29, 2026 |
| CVE-2026-13525 | A vulnerability was detected in CodeAstro Human Resource Management System 1 | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13521 | A vulnerability was identified in SourceCodester Class and Exam Timetabling Syst | HIGH | 7.3 | NVD | Jun 29, 2026 |
| CVE-2026-13520 | A vulnerability was determined in itsourcecode Hospital Management System 1 | MEDIUM | 6.3 | NVD | Jun 29, 2026 |
| CVE-2026-13519 | A vulnerability was found in Tenda JD12L 16 | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-13518 | A vulnerability has been found in Tenda JD12L 16 | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-13517 | A flaw has been found in Tenda JD12L 16 | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-13516 | A vulnerability was detected in Tenda JD12L 16 | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-13515 | A security vulnerability has been detected in Tenda JD12L 16 | HIGH | 8.8 | NVD | Jun 29, 2026 |
| CVE-2026-48558 | SimpleHelp - SimpleHelp | CRITICAL | N/A | CISA | Jun 29, 2026 |
| CVE-2026-13512 | A vulnerability was identified in Databend up to 1 | MEDIUM | 6.3 | NVD | Jun 28, 2026 |
| CVE-2026-13509 | A vulnerability has been found in RAGapp up to 0 | MEDIUM | 6.3 | NVD | Jun 28, 2026 |
| CVE-2026-49048 | The Joomla extension JoomCCK exposes a front-end controller task, that builds tw | CRITICAL | 9.8 | NVD | Jun 28, 2026 |
| CVE-2026-13500 | A weakness has been identified in antlr ANTLR4 up to 4 | HIGH | 7.3 | NVD | Jun 28, 2026 |
| CVE-2026-13498 | A vulnerability was identified in yashpokharna2555 restaurent-management-system | HIGH | 7.3 | NVD | Jun 28, 2026 |
| CVE-2026-13497 | A vulnerability was determined in itsourcecode Hospital Management System 1 | MEDIUM | 6.3 | NVD | Jun 28, 2026 |
| CVE-2026-13496 | A vulnerability was found in itsourcecode Hospital Management System 1 | MEDIUM | 6.3 | NVD | Jun 28, 2026 |
| CVE-2026-13488 | A security flaw has been discovered in SourceCodester Class and Exam Timetabling | HIGH | 7.3 | NVD | Jun 28, 2026 |
| CVE-2026-13487 | A vulnerability was identified in SourceCodester Class and Exam Timetabling Syst | HIGH | 7.3 | NVD | Jun 28, 2026 |
| CVE-2026-13486 | A vulnerability was determined in SourceCodester Class and Exam Timetabling Syst | HIGH | 7.3 | NVD | Jun 28, 2026 |
| CVE-2026-13485 | A vulnerability was found in SourceCodester Class and Exam Timetabling System 1 | HIGH | 7.3 | NVD | Jun 28, 2026 |
| CVE-2026-10646 | Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getadd | HIGH | 7.4 | NVD | Jun 28, 2026 |
| CVE-2026-10593 | The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandle | MEDIUM | 6.5 | NVD | Jun 28, 2026 |
| CVE-2026-58058 | Nmap through 7 | MEDIUM | 6.5 | NVD | Jun 28, 2026 |
| CVE-2026-58056 | RustDesk gates incoming control messages on per-capability flags rather than on | HIGH | 7.6 | NVD | Jun 28, 2026 |
| CVE-2026-58054 | MyBB 1 | HIGH | 7.2 | NVD | Jun 28, 2026 |
| CVE-2026-58053 | Gitea act_runner with the Docker backend (through act 0 | CRITICAL | 9.9 | NVD | Jun 28, 2026 |
| CVE-2026-58051 | libssh2 through 1 | MEDIUM | 6.5 | NVD | Jun 28, 2026 |
| CVE-2026-58050 | libssh2 through 1 | HIGH | 7.0 | NVD | Jun 28, 2026 |
| CVE-2026-58049 | FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc | HIGH | 8.6 | NVD | Jun 28, 2026 |
| CVE-2026-8095 | The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authentic | HIGH | 8.1 | NVD | Jun 28, 2026 |
| CVE-2026-10643 | Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet | HIGH | 8.7 | NVD | Jun 28, 2026 |
| CVE-2026-3462 | The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification | MEDIUM | 6.5 | NVD | Jun 27, 2026 |
| CVE-2026-13295 | The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cros | MEDIUM | 6.4 | NVD | Jun 27, 2026 |
| CVE-2026-11783 | The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your | MEDIUM | 6.4 | NVD | Jun 27, 2026 |
| CVE-2026-11597 | The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored | MEDIUM | 6.4 | NVD | Jun 27, 2026 |
| CVE-2026-13245 | The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected | MEDIUM | 6.1 | NVD | Jun 27, 2026 |
| CVE-2026-12415 | The Invoice Generator plugin for WordPress is vulnerable to privilege escalation | CRITICAL | 9.8 | NVD | Jun 27, 2026 |
| CVE-2026-47204 | Envoy — Envoy is an open source edge and service proxy designed for | MEDIUM | 6.5 | NVD | Jun 26, 2026 |
| CVE-2026-33646 | mise manages dev tools like node, python, cmake, and terraform | CRITICAL | 9.6 | NVD | Jun 26, 2026 |
| CVE-2026-57518 | Pagekit CMS 1 | HIGH | 8.8 | NVD | Jun 26, 2026 |
| CVE-2026-57231 | Podman is a tool for managing OCI containers and pods | HIGH | 7.5 | NVD | Jun 26, 2026 |
| CVE-2026-56663 | AutoGPT is a workflow automation platform for creating, deploying, and managing | HIGH | 8.5 | NVD | Jun 26, 2026 |
| CVE-2026-55677 | Echo is a Go web framework | HIGH | 7.5 | NVD | Jun 26, 2026 |
| CVE-2026-54636 | Dokku — Dokku is a docker-powered PaaS | CRITICAL | 9.0 | NVD | Jun 26, 2026 |
| CVE-2026-48529 | GitHub MCP Server is GitHub's official MCP Server | MEDIUM | 6.0 | NVD | Jun 26, 2026 |
| CVE-2026-45408 | Dokku — Dokku is a docker-powered PaaS | CRITICAL | 9.0 | NVD | Jun 26, 2026 |
| CVE-2026-45406 | Dokku — Dokku is a docker-powered PaaS | CRITICAL | 9.0 | NVD | Jun 26, 2026 |
| CVE-2026-45405 | Dokku — Dokku is a docker-powered PaaS | CRITICAL | 9.0 | NVD | Jun 26, 2026 |
| CVE-2026-53914 | Kotlin — In JetBrains Kotlin before 2 | MEDIUM | 6.7 | NVD | Jun 26, 2026 |
| CVE-2026-57920 | Peplink InControl 2 through 2 | HIGH | 7.7 | NVD | Jun 26, 2026 |
| CVE-2026-57915 | It is possible to bypass the Kerberos pre-authentication check in Apache Kerby b | HIGH | 7.3 | NVD | Jun 26, 2026 |
| CVE-2026-40711 | Dell Dell Container Storage Modules, version(s) csi-powerstore v2 | HIGH | 8.0 | NVD | Jun 26, 2026 |
| CVE-2025-64152 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v | CRITICAL | 9.1 | NVD | Jun 26, 2026 |
| CVE-2025-55017 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v | CRITICAL | 9.1 | NVD | Jun 26, 2026 |
| CVE-2026-57914 | By sending a deeply nested ASN1 structure to a Apache Kerby client or service, i | MEDIUM | 6.5 | NVD | Jun 26, 2026 |
| CVE-2026-57620 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | MEDIUM | 6.5 | NVD | Jun 26, 2026 |
| CVE-2026-57918 | libnfs through 6 | HIGH | 7.1 | NVD | Jun 26, 2026 |
| CVE-2026-57913 | Johnson & Johnson Audit Tracking Management System (ATMS) before 2026-04-21 allo | HIGH | 7.5 | NVD | Jun 26, 2026 |
| CVE-2026-57912 | Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data pro | HIGH | 7.5 | NVD | Jun 26, 2026 |
| CVE-2026-13325 | A flaw was found in KubeVirt's migration proxy | HIGH | 8.5 | NVD | Jun 26, 2026 |
| CVE-2026-48619 | Node.Js — A flaw in Node | HIGH | 7.5 | NVD | Jun 26, 2026 |
| CVE-2026-48618 | Node.Js — A flaw in Node | MEDIUM | 6.5 | NVD | Jun 26, 2026 |
| CVE-2026-48615 | Node.Js — A flaw in Node | HIGH | 7.5 | NVD | Jun 26, 2026 |
| CVE-2026-13226 | The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress | MEDIUM | 6.5 | NVD | Jun 26, 2026 |
| CVE-2026-9222 | Setracker2 Android Companion App com | HIGH | 8.1 | NVD | Jun 26, 2026 |
| CVE-2026-9221 | The Setracker2 Android Companion App (com | HIGH | 7.5 | NVD | Jun 26, 2026 |
| CVE-2026-9220 | Setracker2 Android Companion App com | HIGH | 7.5 | NVD | Jun 26, 2026 |
| CVE-2026-9219 | Setracker2 Android Companion App com | MEDIUM | 6.5 | NVD | Jun 26, 2026 |
| CVE-2026-13318 | A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port- | MEDIUM | 6.4 | NVD | Jun 26, 2026 |
| CVE-2026-13083 | A flaw was found in the Pen Drive report generator | MEDIUM | 6.9 | NVD | Jun 26, 2026 |
| CVE-2026-12993 | A flaw was found in Apicurio Registry | MEDIUM | 6.5 | NVD | Jun 26, 2026 |
| CVE-2026-40084 | Cacti is an open source performance and fault management framework | MEDIUM | 6.5 | NVD | Jun 25, 2026 |
| CVE-2026-40083 | Cacti is an open source performance and fault management framework | HIGH | 7.2 | NVD | Jun 25, 2026 |
| CVE-2026-40080 | Cacti is an open source performance and fault management framework | MEDIUM | 6.1 | NVD | Jun 25, 2026 |
| CVE-2026-46734 | Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2 | HIGH | 7.3 | NVD | Jun 25, 2026 |
| CVE-2026-46733 | Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2 | HIGH | 7.8 | NVD | Jun 25, 2026 |
| CVE-2026-46732 | Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2 | MEDIUM | 6.7 | NVD | Jun 25, 2026 |
| CVE-2026-41120 | Wyse Management Suite — Dell Wyse Management Suite, versions prior to WMS 5 | CRITICAL | 9.8 | NVD | Jun 25, 2026 |
| CVE-2026-27366 | Unauthenticated Broken Access Control in MainWP Child <= 6 | HIGH | 7.5 | NVD | Jun 25, 2026 |
| CVE-2026-33612 | A malicious authoritative server can send a crafted zone via the ZoneToCache fun | HIGH | 7.5 | NVD | Jun 25, 2026 |
| CVE-2026-5305 | The Email Address Encoder WordPress plugin before 1 | HIGH | 8.8 | NVD | Jun 25, 2026 |
| CVE-2026-12490 | Nsd — When a provide-xfr is given with a tls-auth-name, a secondar | HIGH | 7.5 | NVD | Jun 25, 2026 |
| CVE-2026-12246 | Nsd — NSD version 4 | HIGH | 8.1 | NVD | Jun 25, 2026 |
| CVE-2026-12245 | Nsd — NSD from version 4 | HIGH | 7.5 | NVD | Jun 25, 2026 |
| CVE-2026-12244 | Nsd — If NSD is configured as secondary for a zone, the primary of | HIGH | 8.8 | NVD | Jun 25, 2026 |
| CVE-2026-10824 | The Masteriyo LMS WordPress plugin before 2 | MEDIUM | 6.5 | NVD | Jun 25, 2026 |
| CVE-2026-13311 | Shell-Quote — shell-quote prior to 1 | HIGH | 7.5 | NVD | Jun 25, 2026 |
| CVE-2026-12053 | Gitlab — GitLab has remediated an issue in GitLab EE affecting all ve | HIGH | 8.6 | NVD | Jun 25, 2026 |
| CVE-2026-10712 | Gitlab — GitLab has remediated an issue in GitLab CE/EE affecting all | HIGH | 8.0 | NVD | Jun 25, 2026 |
| CVE-2026-10086 | Gitlab — GitLab has remediated an issue in GitLab EE affecting all ve | HIGH | 8.7 | NVD | Jun 25, 2026 |
| CVE-2026-8663 | OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux | MEDIUM | 6.0 | NVD | Jun 25, 2026 |
| CVE-2026-8659 | OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Lin | MEDIUM | 6.0 | NVD | Jun 25, 2026 |
| CVE-2026-40079 | Cacti — Cacti is an open source performance and fault management fra | CRITICAL | 9.8 | NVD | Jun 25, 2026 |
| CVE-2026-39951 | Cacti — Cacti is an open source performance and fault management fra | HIGH | 7.6 | NVD | Jun 25, 2026 |
| CVE-2026-12569 | PTC - Windchill and FlexPLM | CRITICAL | N/A | CISA | Jun 25, 2026 |
| CVE-2026-39955 | Cacti — Cacti is an open source performance and fault management fra | CRITICAL | 9.8 | NVD | Jun 24, 2026 |
| CVE-2026-39948 | Cacti — Cacti is an open source performance and fault management fra | CRITICAL | 9.8 | NVD | Jun 24, 2026 |
| CVE-2026-39938 | Cacti — Cacti is an open source performance and fault management fra | CRITICAL | 9.8 | NVD | Jun 24, 2026 |
| CVE-2026-39900 | Cacti — Cacti is an open source performance and fault management fra | MEDIUM | 6.1 | NVD | Jun 24, 2026 |
| CVE-2025-60474 | A buffer overflow in the gf_media_import function (/media_tools/av_parsers | HIGH | 7.5 | NVD | Jun 24, 2026 |
| CVE-2025-60467 | A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_co | HIGH | 7.5 | NVD | Jun 24, 2026 |
| CVE-2026-56302 | Capgo before 12 | MEDIUM | 6.5 | NVD | Jun 24, 2026 |
| CVE-2026-56270 | Flowise — Flowise before 3 | HIGH | 7.5 | NVD | Jun 24, 2026 |
| CVE-2026-56262 | Crawl4Ai — Crawl4AI before 0 | MEDIUM | 6.5 | NVD | Jun 24, 2026 |
| CVE-2026-56257 | Capgo before 12 | HIGH | 7.1 | NVD | Jun 24, 2026 |
| CVE-2026-56256 | Capgo before 12 | HIGH | 7.1 | NVD | Jun 24, 2026 |
| CVE-2026-56245 | Supabase Capgo before 12 | HIGH | 8.2 | NVD | Jun 24, 2026 |
| CVE-2026-56244 | Capgo before 12 | HIGH | 7.1 | NVD | Jun 24, 2026 |
| CVE-2026-56237 | Capgo before 12 | CRITICAL | 9.1 | NVD | Jun 24, 2026 |
| CVE-2026-56232 | Capgo before 12 | HIGH | 8.8 | NVD | Jun 24, 2026 |
| CVE-2026-56231 | Capgo before 12 | HIGH | 7.6 | NVD | Jun 24, 2026 |
| CVE-2026-56223 | Capgo before 12 | HIGH | 8.7 | NVD | Jun 24, 2026 |
| CVE-2026-12242 | The AdRotate Banner Manager plugin for WordPress is vulnerable to PHP Code Injec | HIGH | 8.8 | NVD | Jun 24, 2026 |
| CVE-2025-71361 | picklescan before 0 | HIGH | 8.1 | NVD | Jun 24, 2026 |
| CVE-2025-71354 | picklescan before 0 | HIGH | 8.1 | NVD | Jun 24, 2026 |
| CVE-2025-71332 | Flowise — Flowise through 2 | MEDIUM | 6.5 | NVD | Jun 24, 2026 |
| CVE-2026-12848 | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that c | CRITICAL | 10.0 | NVD | Jun 24, 2026 |
| CVE-2026-12847 | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that c | CRITICAL | 10.0 | NVD | Jun 24, 2026 |
| CVE-2026-12846 | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that c | CRITICAL | 10.0 | NVD | Jun 24, 2026 |
| CVE-2026-12488 | A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVis | MEDIUM | 6.2 | NVD | Jun 24, 2026 |
| CVE-2026-12486 | Multiple OS command injection vulnerabilities exist in the libNetSetObj | CRITICAL | 9.1 | NVD | Jun 24, 2026 |
| CVE-2026-12485 | GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that c | CRITICAL | 10.0 | NVD | Jun 24, 2026 |
| CVE-2026-3652 | The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi | HIGH | 7.2 | NVD | Jun 24, 2026 |
| CVE-2026-11614 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable | MEDIUM | 6.4 | NVD | Jun 24, 2026 |
| CVE-2026-54639 | Style Dictionary, a build system for creating cross-platform styles, has a proto | HIGH | 8.8 | NVD | Jun 24, 2026 |
| CVE-2026-7574 | Anthropic Claude Desktop Cowork VM image handling (confirmed across v1 | HIGH | 8.7 | NVD | Jun 24, 2026 |
| CVE-2026-56785 | FlatPress contains a stored cross-site scripting vulnerability in comment and co | HIGH | 8.2 | NVD | Jun 23, 2026 |
| CVE-2026-54588 | Poweradmin is a web-based DNS administration tool for PowerDNS server | CRITICAL | 9.6 | NVD | Jun 23, 2026 |
| CVE-2026-47693 | Poweradmin is a web-based DNS administration tool for PowerDNS server | MEDIUM | 6.9 | NVD | Jun 23, 2026 |
| CVE-2026-33760 | Langflow is a tool for building and deploying AI-powered agents and workflows | HIGH | 8.8 | NVD | Jun 23, 2026 |
| CVE-2026-13007 | Tenable Identity Exposure contains multiple unauthenticated API endpoints under | HIGH | 7.5 | NVD | Jun 23, 2026 |
| CVE-2026-12958 | Missing symlink validation in Language Servers for AWS may allow an arbitrary fi | HIGH | 7.8 | NVD | Jun 23, 2026 |
| CVE-2026-12957 | Improper trust boundary enforcement in Language Servers for AWS before version 1 | HIGH | 7.8 | NVD | Jun 23, 2026 |
| CVE-2025-61028 | An issue in the time_t_to_dt component of openlink virtuoso-opensource v7 | HIGH | 7.5 | NVD | Jun 23, 2026 |
| CVE-2025-61025 | An issue in the sslr_qst_get component of openlink virtuoso-opensource v7 | HIGH | 7.5 | NVD | Jun 23, 2026 |
| CVE-2025-61022 | An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7 | HIGH | 7.5 | NVD | Jun 23, 2026 |
| CVE-2025-61020 | An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7 | HIGH | 7.5 | NVD | Jun 23, 2026 |
| CVE-2025-61018 | An issue in the sqlo_place_dt_set component of openlink virtuoso-opensource v7 | HIGH | 7.5 | NVD | Jun 23, 2026 |
| CVE-2026-56274 | Flowise before 3 | CRITICAL | 9.9 | NVD | Jun 23, 2026 |
| CVE-2026-56263 | Crawl4AI before 0 | MEDIUM | 6.1 | NVD | Jun 23, 2026 |
| CVE-2026-56258 | Crawl4AI before 0 | HIGH | 8.1 | NVD | Jun 23, 2026 |
| CVE-2026-56248 | Cap-go capgo (capgo-backend) before 12 | HIGH | 7.5 | NVD | Jun 23, 2026 |
| CVE-2026-56243 | Capgo before 12 | HIGH | 8.1 | NVD | Jun 23, 2026 |
| CVE-2026-56225 | Capgo before 12 | HIGH | 8.3 | NVD | Jun 23, 2026 |
| CVE-2026-56222 | Capgo before 12 | HIGH | 7.2 | NVD | Jun 23, 2026 |
| CVE-2026-4610 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is | MEDIUM | 6.4 | NVD | Jun 23, 2026 |
| CVE-2026-10857 | Improper neutralization of input during web page generation ('cross-site scripti | MEDIUM | 6.1 | NVD | Jun 23, 2026 |
| CVE-2026-10711 | Missing authentication for critical function vulnerability in AKIN Software Comp | HIGH | 8.8 | NVD | Jun 23, 2026 |
| CVE-2025-71376 | picklescan before 0 | HIGH | 8.1 | NVD | Jun 23, 2026 |
| CVE-2025-71370 | picklescan before 0 | HIGH | 8.1 | NVD | Jun 23, 2026 |
| CVE-2025-71365 | picklescan before 0 | HIGH | 8.1 | NVD | Jun 23, 2026 |
| CVE-2025-71341 | picklescan before 0 | HIGH | 8.1 | NVD | Jun 23, 2026 |
| CVE-2025-71337 | Flowise before 3 | HIGH | 8.3 | NVD | Jun 23, 2026 |
| CVE-2023-54365 | Traefik before 2 | HIGH | 7.5 | NVD | Jun 23, 2026 |
| CVE-2026-8172 | The Simple Basic Contact Form WordPress plugin through 20250114 does not escape | HIGH | 7.1 | NVD | Jun 23, 2026 |
| CVE-2026-8163 | The Infility Global WordPress plugin before 2 | HIGH | 8.8 | NVD | Jun 23, 2026 |
| CVE-2026-7842 | The Infility Global Infility Global WordPress plugin before 2 | MEDIUM | 6.8 | NVD | Jun 23, 2026 |
| CVE-2026-12866 | All versions of the package expr-eval are vulnerable to Code Execution via the t | CRITICAL | 9.8 | NVD | Jun 23, 2026 |
| CVE-2026-10658 | A missing length validation in the Zephyr Bluetooth Host ISO receive path can be | HIGH | 7.1 | NVD | Jun 23, 2026 |
| CVE-2026-10651 | A malformed Bluetooth Classic SDP attribute can trigger a reachable assertion in | HIGH | 7.1 | NVD | Jun 23, 2026 |
| CVE-2026-34909 | Ubiquiti - UniFi OS | CRITICAL | N/A | CISA | Jun 23, 2026 |
| CVE-2026-34908 | Ubiquiti - UniFi OS | CRITICAL | N/A | CISA | Jun 23, 2026 |
| CVE-2026-34910 | Ubiquiti - UniFi OS | CRITICAL | N/A | CISA | Jun 23, 2026 |
| CVE-2025-67038 | Lantronix - EDS5000 | CRITICAL | N/A | CISA | Jun 23, 2026 |
| CVE-2026-54235 | Vllm — vLLM is an inference and serving engine for large language m | MEDIUM | 6.5 | NVD | Jun 22, 2026 |
| CVE-2026-54233 | Vllm — vLLM is an inference and serving engine for large language m | MEDIUM | 6.5 | NVD | Jun 22, 2026 |
| CVE-2026-54232 | Vllm — vLLM is an inference and serving engine for large language m | HIGH | 8.8 | NVD | Jun 22, 2026 |
| CVE-2026-53923 | Vllm — vLLM is an inference and serving engine for large language m | HIGH | 7.5 | NVD | Jun 22, 2026 |
| CVE-2026-48746 | Vllm — vLLM is an inference and serving engine for large language m | CRITICAL | 9.1 | NVD | Jun 22, 2026 |
| CVE-2026-47155 | Vllm — vLLM is an inference and serving engine for large language m | MEDIUM | 6.5 | NVD | Jun 22, 2026 |
| CVE-2026-41523 | Vllm — vLLM is an inference and serving engine for large language m | HIGH | 7.5 | NVD | Jun 22, 2026 |
| CVE-2026-56447 | Misp — MISP allowed an authenticated site administrator to set the | HIGH | 7.2 | NVD | Jun 22, 2026 |
| CVE-2026-56446 | Misp — MISP allowed a site administrator to configure an arbitrary | HIGH | 7.2 | NVD | Jun 22, 2026 |
| CVE-2026-56424 | Misp — MISP core contained multiple broken access-control flaws whe | HIGH | 8.8 | NVD | Jun 22, 2026 |
| CVE-2026-56423 | Misp — MISP Core contained broken access-control checks in the bulk | HIGH | 8.8 | NVD | Jun 22, 2026 |
| CVE-2026-54100 | A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenS | HIGH | 8.3 | NVD | Jun 22, 2026 |
| CVE-2026-54099 | A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenS | HIGH | 8.8 | NVD | Jun 22, 2026 |
| CVE-2026-42129 | The Loki datasource plugin's callResource handler contains a path traversal vuln | HIGH | 7.7 | NVD | Jun 22, 2026 |
| CVE-2026-28381 | The Snowflake datasource allows for GET/PUT commands, which can allow any user w | CRITICAL | 9.6 | NVD | Jun 22, 2026 |
| CVE-2026-10561 | IBM Langflow OSS 1 | CRITICAL | 10.0 | NVD | Jun 22, 2026 |
| CVE-2025-66389 | GitHub Copilot 1 | HIGH | 7.5 | NVD | Jun 22, 2026 |
| CVE-2025-2669 | IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4 | MEDIUM | 6.0 | NVD | Jun 22, 2026 |
| CVE-2024-54178 | IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4 | MEDIUM | 6.5 | NVD | Jun 22, 2026 |
| CVE-2026-11373 | Net::Statsite::Client versions through 1 | CRITICAL | 9.1 | NVD | Jun 22, 2026 |
| CVE-2026-12581 | EasyFlow | HIGH | 7.5 | NVD | Jun 22, 2026 |
| CVE-2023-45796 | A stored cross-site scripting vulnerability in the Runtime component of Pilz PAS | HIGH | 8.1 | NVD | Jun 22, 2026 |
| CVE-2023-45795 | A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu be | HIGH | 7.8 | NVD | Jun 22, 2026 |
| CVE-2026-44914 | Nifi — Apache NiFi 1 | HIGH | 7.2 | NVD | Jun 22, 2026 |
| CVE-2026-44913 | Nifi — Improper escaping of database table names in the CaptureChan | HIGH | 7.2 | NVD | Jun 22, 2026 |
| CVE-2026-44911 | Nifi — Authorization handling for component configuration verificat | MEDIUM | 6.3 | NVD | Jun 22, 2026 |
| CVE-2025-66336 | Apache Doris MCP Server contains a SQL injection vulnerability in a metadata que | HIGH | 8.1 | NVD | Jun 22, 2026 |
| CVE-2026-8157 | The Vitepos WordPress plugin before 3 | HIGH | 8.8 | NVD | Jun 22, 2026 |
| CVE-2026-6858 | The Transbank Webpay WordPress plugin before 1 | HIGH | 7.1 | NVD | Jun 22, 2026 |
| CVE-2026-4259 | The ultimate-woocommerce-auction-pro WordPress plugin through 2 | HIGH | 7.1 | NVD | Jun 22, 2026 |
| CVE-2026-4110 | The ultimate-woocommerce-auction-pro WordPress plugin through 2 | MEDIUM | 6.1 | NVD | Jun 22, 2026 |
| CVE-2026-12781 | A vulnerability was identified in EaseUS Partition Master up to 14 | HIGH | 7.8 | NVD | Jun 21, 2026 |
| CVE-2026-12780 | A vulnerability was determined in AOMEI Backupper up to 8 | HIGH | 7.8 | NVD | Jun 21, 2026 |
| CVE-2026-12779 | A vulnerability was found in AOMEI Dynamic Disk Manager up to 10 | HIGH | 7.8 | NVD | Jun 21, 2026 |
| CVE-2026-12778 | A vulnerability has been found in AOMEI Partition Assistant up to 10 | HIGH | 7.8 | NVD | Jun 21, 2026 |
| CVE-2026-12776 | A flaw has been found in Montodel House-Rental-Management up to 90010017b81265eb | MEDIUM | 6.3 | NVD | Jun 21, 2026 |
| CVE-2026-12775 | A vulnerability was detected in Montodel House-Rental-Management up to 90010017b | HIGH | 7.3 | NVD | Jun 21, 2026 |
| CVE-2026-12774 | A security vulnerability has been detected in BerriAI litellm up to 1 | MEDIUM | 6.3 | NVD | Jun 21, 2026 |
| CVE-2026-12773 | A weakness has been identified in BerriAI litellm up to 1 | HIGH | 7.3 | NVD | Jun 21, 2026 |
| CVE-2026-12772 | A security flaw has been discovered in BerriAI litellm up to 1 | MEDIUM | 6.3 | NVD | Jun 21, 2026 |
| CVE-2026-56347 | AVideo TopMenu plugin through version 26 | MEDIUM | 6.1 | NVD | Jun 20, 2026 |
| CVE-2026-56346 | AVideo through version 25 | MEDIUM | 6.5 | NVD | Jun 20, 2026 |
| CVE-2026-56345 | AVideo through 29 | HIGH | 8.1 | NVD | Jun 20, 2026 |
| CVE-2026-56342 | AVideo through version 27 | MEDIUM | 6.8 | NVD | Jun 20, 2026 |
| CVE-2026-56341 | AVideo through version 26 | HIGH | 7.5 | NVD | Jun 20, 2026 |
| CVE-2026-56340 | vLLM versions >= 0 | HIGH | 8.8 | NVD | Jun 20, 2026 |
| CVE-2025-71331 | Flowise before 3 | MEDIUM | 6.1 | NVD | Jun 20, 2026 |
| CVE-2024-58351 | Flowise before 2 | CRITICAL | 9.8 | NVD | Jun 20, 2026 |
| CVE-2022-50972 | WooCommerce 7 | CRITICAL | 9.8 | NVD | Jun 20, 2026 |
| CVE-2020-37255 | WordPress Time Capsule Plugin 1 | HIGH | 7.5 | NVD | Jun 20, 2026 |
| CVE-2019-25763 | WordPress Ultimate Addons for Beaver Builder 1 | CRITICAL | 9.8 | NVD | Jun 20, 2026 |
| CVE-2026-12119 | The Simple File List plugin for WordPress is vulnerable to unauthorized file ope | MEDIUM | 6.5 | NVD | Jun 20, 2026 |
| CVE-2026-11912 | The Simple File List plugin for WordPress is vulnerable to arbitrary file modifi | HIGH | 7.5 | NVD | Jun 20, 2026 |
| CVE-2026-11911 | The Simple File List plugin for WordPress is vulnerable to arbitrary file deleti | HIGH | 7.5 | NVD | Jun 20, 2026 |
| CVE-2026-49260 | PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML pag | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2026-3195 | A flaw was found in QEMU | HIGH | 7.4 | NVD | Jun 19, 2026 |
| CVE-2019-25748 | Joomla JHotelReservation 6 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20282 | Joomla! Component jCart for OpenCart 2 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20281 | Joomla! Component Extra Search 2 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20280 | Joomla Component Myportfolio 3 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20279 | Joomla Payage 2 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20278 | Joomla Component JoomRecipe 1 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20277 | Joomla JoomRecipe 1 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20276 | Joomla! Component SIMGenealogy 2 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20275 | Joomla! Component PHP-Bridge 1 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20274 | Joomla LMS King Professional 3 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20273 | Joomla Event Registration Pro Calendar 4 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20272 | Joomla Ultimate Property Listing 1 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20271 | Joomla StreetGuessr Game 1 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20270 | Joomla! Component Twitch Tv 1 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20269 | Joomla! Component KissGallery 1 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2017-20268 | Joomla! Component Zap Calendar Lite 4 | HIGH | 8.2 | NVD | Jun 19, 2026 |
| CVE-2026-12136 | The Customize My Account For Woocommerce plugin for WordPress is vulnerable to S | MEDIUM | 6.4 | NVD | Jun 18, 2026 |
| CVE-2026-12098 | The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable t | MEDIUM | 6.4 | NVD | Jun 18, 2026 |
| CVE-2026-11395 | The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request For | HIGH | 7.2 | NVD | Jun 18, 2026 |
| CVE-2026-9860 | The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulner | HIGH | 8.8 | NVD | Jun 18, 2026 |
| CVE-2026-55740 | Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26 | CRITICAL | 9.8 | NVD | Jun 18, 2026 |
| CVE-2026-11402 | The Services Section Block – Showcase Service Details in Grid or Columns plugin | MEDIUM | 6.4 | NVD | Jun 18, 2026 |
| CVE-2026-48907 | Widget Factory - Joomla Content Editor | CRITICAL | N/A | CISA | Jun 16, 2026 |
| CVE-2016-20072 | BBS e-Franchise 1 | HIGH | 8.2 | NVD | Jun 15, 2026 |
| CVE-2016-20071 | The 404 Redirection Manager plugin version 1 | HIGH | 8.2 | NVD | Jun 15, 2026 |
| CVE-2016-20070 | WordPress Booking Calendar Contact Form 1 | MEDIUM | 6.4 | NVD | Jun 15, 2026 |
| CVE-2016-20069 | WordPress Booking Calendar Contact Form 1 | HIGH | 8.2 | NVD | Jun 15, 2026 |
| CVE-2016-20068 | WordPress Booking Calendar Contact Form version 1 | HIGH | 8.2 | NVD | Jun 15, 2026 |
| CVE-2016-20066 | WordPress CP Polls 1 | HIGH | 7.2 | NVD | Jun 15, 2026 |
| CVE-2026-12057 | Ai — When the application executes the JavaScript script embedded | HIGH | 8.6 | NVD | Jun 15, 2026 |
| CVE-2026-8935 | The WP MAPS PRO WordPress plugin before 6 | CRITICAL | 9.8 | NVD | Jun 15, 2026 |
| CVE-2026-12222 | A vulnerability was determined in Yealink SIP-T46U 108 | HIGH | 8.0 | NVD | Jun 15, 2026 |
| CVE-2026-12221 | A vulnerability was found in Yealink SIP-T46U 108 | HIGH | 8.0 | NVD | Jun 15, 2026 |
| CVE-2026-12220 | A vulnerability has been found in Yealink SIP-T46U 108 | HIGH | 8.0 | NVD | Jun 15, 2026 |
| CVE-2026-12219 | A flaw has been found in Yealink SIP-T46U 108 | MEDIUM | 6.3 | NVD | Jun 15, 2026 |
| CVE-2026-12218 | A vulnerability was detected in Yealink SIP-T46U 108 | HIGH | 8.0 | NVD | Jun 15, 2026 |
| CVE-2026-12210 | A vulnerability was detected in universal-tool-calling-protocol python-utcp 1 | MEDIUM | 6.3 | NVD | Jun 15, 2026 |
| CVE-2026-12206 | A vulnerability was identified in Grit42 Grit up to 0 | MEDIUM | 6.3 | NVD | Jun 15, 2026 |
| CVE-2026-12204 | A vulnerability was determined in ShopXO up to 6 | HIGH | 7.3 | NVD | Jun 15, 2026 |
| CVE-2026-12200 | A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1 | HIGH | 7.3 | NVD | Jun 15, 2026 |
| CVE-2026-12198 | A weakness has been identified in Microweber up to 2 | HIGH | 7.3 | NVD | Jun 15, 2026 |
| CVE-2026-12197 | A security flaw has been discovered in Ruijie EG105G-P 2 | HIGH | 7.2 | NVD | Jun 15, 2026 |
| CVE-2026-12193 | A vulnerability was identified in VS Revo RevoUninstaller 2 | HIGH | 7.8 | NVD | Jun 15, 2026 |
| CVE-2026-12192 | A vulnerability was determined in GALAYOU Y4 1 | HIGH | 8.8 | NVD | Jun 15, 2026 |
| CVE-2026-20262 | Cisco - Catalyst SD-WAN Manager | CRITICAL | N/A | CISA | Jun 15, 2026 |
| CVE-2026-12191 | A vulnerability was found in Comma AI Openpilot 0 | HIGH | 7.8 | NVD | Jun 14, 2026 |
| CVE-2026-12188 | A vulnerability was detected in Grit42 Grit up to 0 | MEDIUM | 6.3 | NVD | Jun 14, 2026 |
| CVE-2026-12187 | A security vulnerability has been detected in GL | HIGH | 8.8 | NVD | Jun 14, 2026 |
| CVE-2026-12186 | A weakness has been identified in GL | HIGH | 8.8 | NVD | Jun 14, 2026 |
| CVE-2026-54413 | driftregion iso14229 through 0 | HIGH | 8.2 | NVD | Jun 14, 2026 |
| CVE-2026-54412 | LiamBindle MQTT-C through version 1 | HIGH | 8.2 | NVD | Jun 14, 2026 |
| CVE-2026-54410 | nanoMODBUS through v1 | HIGH | 8.6 | NVD | Jun 14, 2026 |
| CVE-2026-11527 | Config::IniFiles versions before 3 | HIGH | 8.6 | NVD | Jun 14, 2026 |
| CVE-2026-11526 | GD versions before 2 | CRITICAL | 9.8 | NVD | Jun 14, 2026 |
| CVE-2026-54421 | In OpenStack Ironic through 35 | MEDIUM | 6.8 | NVD | Jun 14, 2026 |
| CVE-2026-54420 | LiteSpeed cPanel plugin before 2 | HIGH | 8.5 | NVD | Jun 14, 2026 |
| CVE-2026-12174 | A security vulnerability has been detected in D-Link DCS-935L 1 | HIGH | 8.8 | NVD | Jun 13, 2026 |
| CVE-2026-12183 | Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2 | CRITICAL | 9.8 | NVD | Jun 13, 2026 |
| CVE-2026-6428 | SQL Injection in reports/catalogue_out | HIGH | 7.6 | NVD | Jun 13, 2026 |
| CVE-2026-5513 | The Online Scheduling and Appointment Booking System – Bookly plugin for WordPre | HIGH | 7.2 | NVD | Jun 13, 2026 |
| CVE-2026-9629 | The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via | MEDIUM | 6.4 | NVD | Jun 13, 2026 |
| CVE-2026-3297 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress | MEDIUM | 6.4 | NVD | Jun 13, 2026 |
| CVE-2026-9134 | The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting | MEDIUM | 6.4 | NVD | Jun 13, 2026 |
| CVE-2026-9109 | The GPTranslate – Multilingual AI Translation for WordPress: Automatically Trans | HIGH | 7.2 | NVD | Jun 13, 2026 |
| CVE-2026-9848 | The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPr | HIGH | 7.5 | NVD | Jun 13, 2026 |
| CVE-2026-54230 | A symlink following vulnerability was found in the ABRT post-create event handle | HIGH | 7.0 | NVD | Jun 13, 2026 |
| CVE-2026-54229 | A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir meth | HIGH | 7.0 | NVD | Jun 13, 2026 |
| CVE-2026-54228 | A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D | HIGH | 7.8 | NVD | Jun 13, 2026 |
| CVE-2026-6676 | Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when sca | HIGH | 7.8 | NVD | Jun 12, 2026 |
| CVE-2026-12068 | Information disclosure vulnerability in Avira Password Manager when used with Mo | HIGH | 7.4 | NVD | Jun 12, 2026 |
| CVE-2025-9033 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scan | HIGH | 7.8 | NVD | Jun 12, 2026 |
| CVE-2025-9032 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scan | HIGH | 7.8 | NVD | Jun 12, 2026 |
| CVE-2025-14098 | Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira A | HIGH | 7.8 | NVD | Jun 12, 2026 |
| CVE-2026-44171 | MariaDB server is a community developed fork of MySQL server | MEDIUM | 6.3 | NVD | Jun 12, 2026 |
| CVE-2026-44168 | MariaDB server is a community developed fork of MySQL server | HIGH | 8.0 | NVD | Jun 12, 2026 |
| CVE-2026-7387 | Mattermost versions 11 | HIGH | 8.8 | NVD | Jun 12, 2026 |
| CVE-2026-7184 | Mattermost versions 11 | MEDIUM | 6.5 | NVD | Jun 12, 2026 |
| CVE-2026-6961 | Mattermost versions 11 | HIGH | 7.6 | NVD | Jun 12, 2026 |
| CVE-2026-6739 | Mattermost versions 11 | MEDIUM | 6.7 | NVD | Jun 12, 2026 |
| CVE-2026-53982 | Cap-go Console < 12 | MEDIUM | 6.5 | NVD | Jun 12, 2026 |
| CVE-2026-53981 | Cap-go prior to 12 | HIGH | 7.6 | NVD | Jun 12, 2026 |
| CVE-2026-12066 | A security flaw has been discovered in PbootCMS up to 3 | HIGH | 7.3 | NVD | Jun 12, 2026 |
| CVE-2026-11849 | The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded | CRITICAL | 9.8 | NVD | Jun 12, 2026 |
| CVE-2026-50631 | Cxf — A race condition in AbstractOAuthDataProvider allows concurr | HIGH | 7.4 | NVD | Jun 12, 2026 |
| CVE-2026-50630 | Cxf — A CRLF injection vulnerability exists in the OAuth2 Authoriz | MEDIUM | 6.5 | NVD | Jun 12, 2026 |
| CVE-2026-50623 | Cxf — An authentication bypass vulnerability exists in the OAuth2 | MEDIUM | 6.5 | NVD | Jun 12, 2026 |
| CVE-2026-48914 | A flaw was found in QEMU's virtio-blk device | MEDIUM | 6.7 | NVD | Jun 12, 2026 |
| CVE-2026-11846 | The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has | HIGH | 8.1 | NVD | Jun 12, 2026 |
| CVE-2026-11845 | The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has | HIGH | 7.2 | NVD | Jun 12, 2026 |
| CVE-2026-12060 | Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Functio | MEDIUM | 6.5 | NVD | Jun 12, 2026 |
| CVE-2026-12059 | The SSH service of CelloOS developed by Cellopoint has an Improper Access Contro | HIGH | 8.8 | NVD | Jun 12, 2026 |
| CVE-2026-44892 | Netty is a network application framework for development of protocol servers and | HIGH | 7.5 | NVD | Jun 12, 2026 |
| CVE-2026-48610 | Under certain network configurations, a malicious actor with access to network c | HIGH | 8.1 | NVD | Jun 12, 2026 |
| CVE-2026-47370 | A malicious actor with access to the network and low privileges could exploit an | CRITICAL | 9.9 | NVD | Jun 12, 2026 |
| CVE-2026-47369 | A malicious actor with access to the network and low privileges could exploit an | CRITICAL | 9.9 | NVD | Jun 12, 2026 |
| CVE-2026-47368 | A malicious actor with access to the network could exploit a Path Traversal vuln | HIGH | 8.6 | NVD | Jun 12, 2026 |
| CVE-2026-47367 | A malicious actor with access to the network and low privileges could exploit an | CRITICAL | 9.9 | NVD | Jun 12, 2026 |
| CVE-2026-47365 | Argument injection vulnerability in WordPress Toolkit before 6 | CRITICAL | 9.9 | NVD | Jun 12, 2026 |
| CVE-2026-9125 | The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Script | MEDIUM | 6.4 | NVD | Jun 12, 2026 |
| CVE-2026-11933 | A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript | HIGH | 8.8 | NVD | Jun 12, 2026 |
| CVE-2026-35273 | Oracle - PeopleSoft Enterprise PeopleTools | CRITICAL | N/A | CISA | Jun 12, 2026 |
| CVE-2026-47238 | ClipBucket v5 is an open source video sharing platform | MEDIUM | 6.5 | NVD | Jun 11, 2026 |
| CVE-2026-45418 | ClipBucket v5 is an open source video sharing platform | HIGH | 8.8 | NVD | Jun 11, 2026 |
| CVE-2026-45060 | ClipBucket v5 is an open source video sharing platform | CRITICAL | 9.8 | NVD | Jun 11, 2026 |
| CVE-2026-42846 | ClipBucket v5 is an open source video sharing platform | CRITICAL | 9.8 | NVD | Jun 11, 2026 |
| CVE-2026-49261 | MariaDB server is a community developed fork of MySQL server | CRITICAL | 10.0 | NVD | Jun 11, 2026 |
| CVE-2026-48546 | KanaDojo before 0 | HIGH | 7.3 | NVD | Jun 11, 2026 |
| CVE-2026-47157 | aiograpi is an asynchronous Instagram API for Python | MEDIUM | 6.5 | NVD | Jun 11, 2026 |
| CVE-2026-46697 | Fediverse Embeds embeds fediverse posts on WordPress sites | HIGH | 7.5 | NVD | Jun 11, 2026 |
| CVE-2026-49982 | tmp is a temporary file and directory creator for node | HIGH | 8.2 | NVD | Jun 11, 2026 |
| CVE-2026-44496 | Axios — Axios is a promise based HTTP client for the browser and Nod | HIGH | 7.5 | NVD | Jun 11, 2026 |
| CVE-2026-44495 | Axios is a promise based HTTP client for the browser and Node | HIGH | 7.0 | NVD | Jun 11, 2026 |
| CVE-2026-44494 | Axios — Axios is a promise based HTTP client for the browser and Nod | HIGH | 8.7 | NVD | Jun 11, 2026 |
| CVE-2026-44492 | Axios — Axios is a promise based HTTP client for the browser and Nod | HIGH | 8.6 | NVD | Jun 11, 2026 |
| CVE-2026-44488 | Axios — Axios is a promise based HTTP client for the browser and Nod | HIGH | 7.5 | NVD | Jun 11, 2026 |
| CVE-2026-44487 | Axios — Axios is a promise based HTTP client for the browser and Nod | HIGH | 7.5 | NVD | Jun 11, 2026 |
| CVE-2026-44486 | Axios — Axios is a promise based HTTP client for the browser and Nod | HIGH | 7.5 | NVD | Jun 11, 2026 |
| CVE-2026-11945 | PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superu | MEDIUM | 6.4 | NVD | Jun 11, 2026 |
| CVE-2026-8589 | Gitlab — GitLab has remediated an issue in GitLab EE affecting all ve | HIGH | 7.3 | NVD | Jun 11, 2026 |
| CVE-2026-7250 | Gitlab — GitLab has remediated an issue in GitLab CE/EE affecting all | HIGH | 7.5 | NVD | Jun 11, 2026 |
| CVE-2026-6552 | Gitlab — GitLab has remediated an issue in GitLab EE affecting all ve | HIGH | 8.7 | NVD | Jun 11, 2026 |
| CVE-2026-1500 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17 | MEDIUM | 6.5 | NVD | Jun 11, 2026 |
| CVE-2026-10087 | GitLab has remediated an issue in GitLab EE affecting all versions from 17 | HIGH | 8.7 | NVD | Jun 11, 2026 |
| CVE-2023-33999 | Improper neutralization of input during web page generation ('cross-site scripti | HIGH | 7.1 | NVD | Jun 11, 2026 |
| CVE-2026-41856 | Spring For Graphql — The Spring GraphQL annotation detection mechanism for @Contr | HIGH | 7.5 | NVD | Jun 11, 2026 |
| CVE-2026-41700 | Spring For Graphql — Spring for GraphQL applications that have enabled the WebSoc | HIGH | 8.1 | NVD | Jun 11, 2026 |
| CVE-2026-41699 | Spring For Graphql — Spring for GraphQL applications are vulnerable to Unsafe Des | HIGH | 8.1 | NVD | Jun 11, 2026 |
| CVE-2026-40999 | When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spri | HIGH | 8.6 | NVD | Jun 11, 2026 |
| CVE-2026-40998 | Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource i | HIGH | 8.2 | NVD | Jun 11, 2026 |
| CVE-2026-40994 | Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compl | HIGH | 8.2 | NVD | Jun 11, 2026 |
| CVE-2026-40987 | A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywher | HIGH | 7.1 | NVD | Jun 11, 2026 |
| CVE-2026-10795 | The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable | HIGH | 8.1 | NVD | Jun 11, 2026 |
| CVE-2026-40985 | Applications that configure the WebFlowELExpressionParser are vulnerable to the | MEDIUM | 6.4 | NVD | Jun 11, 2026 |
| CVE-2026-10520 | Ivanti - Sentry | CRITICAL | N/A | CISA | Jun 11, 2026 |
| CVE-2026-47342 | Ofbiz — A privilege escalation vulnerability in Apache OFBiz allows | HIGH | 8.8 | NVD | Jun 10, 2026 |
| CVE-2026-47213 | Boxlite is a sandbox service that allows users to create lightweight virtual mac | MEDIUM | 6.5 | NVD | Jun 10, 2026 |
| CVE-2026-46703 | Boxlite is a sandbox service that allows users to create lightweight virtual mac | CRITICAL | 9.6 | NVD | Jun 10, 2026 |
| CVE-2026-46695 | Boxlite is a sandbox service that allows users to create lightweight virtual mac | CRITICAL | 10.0 | NVD | Jun 10, 2026 |
| CVE-2026-46557 | Imagemagick — ImageMagick is free and open-source software used for editin | MEDIUM | 6.2 | NVD | Jun 10, 2026 |
| CVE-2026-44693 | Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tr | HIGH | 8.8 | NVD | Jun 10, 2026 |
| CVE-2026-42558 | Xibo is an open source digital signage platform with a web content management sy | HIGH | 7.6 | NVD | Jun 10, 2026 |
| CVE-2026-42305 | Dulwich is a pure-Python implementation of the Git file formats and protocols | HIGH | 8.8 | NVD | Jun 10, 2026 |
| CVE-2026-46642 | draw | MEDIUM | 6.1 | NVD | Jun 10, 2026 |
| CVE-2026-46614 | Fission is an open-source, Kubernetes-native serverless framework that simplifie | CRITICAL | 9.8 | NVD | Jun 10, 2026 |
| CVE-2026-46612 | Fission is an open-source, Kubernetes-native serverless framework that simplifie | HIGH | 8.8 | NVD | Jun 10, 2026 |
| CVE-2026-45062 | FrankenPHP is a modern application server for PHP | HIGH | 8.1 | NVD | Jun 10, 2026 |
| CVE-2026-20258 | In Splunk Enterprise versions below 10 | HIGH | 7.1 | NVD | Jun 10, 2026 |
| CVE-2026-20253 | In Splunk Enterprise versions below 10 | CRITICAL | 9.8 | NVD | Jun 10, 2026 |
| CVE-2026-20252 | In Splunk Enterprise versions below 10 | HIGH | 7.6 | NVD | Jun 10, 2026 |
| CVE-2026-20251 | In Splunk Enterprise versions below 10 | HIGH | 8.8 | NVD | Jun 10, 2026 |
| CVE-2026-11417 | OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-li | HIGH | 7.3 | NVD | Jun 10, 2026 |
| CVE-2026-52758 | Ghidra — Ghidra before 12 | HIGH | 8.8 | NVD | Jun 10, 2026 |
| CVE-2026-52755 | Ghidra — Ghidra before 12 | HIGH | 7.8 | NVD | Jun 10, 2026 |
| CVE-2026-52754 | Ghidra — Ghidra before 12 | HIGH | 8.8 | NVD | Jun 10, 2026 |
| CVE-2026-52752 | Ghidra — Ghidra before 12 | HIGH | 7.8 | NVD | Jun 10, 2026 |
| CVE-2026-52751 | Ghidra — Ghidra before 12 | HIGH | 8.8 | NVD | Jun 10, 2026 |
| CVE-2026-52750 | Ghidra — Ghidra before 12 | HIGH | 7.8 | NVD | Jun 10, 2026 |
| CVE-2026-49498 | Ghidra — Ghidra 11 | HIGH | 8.8 | NVD | Jun 10, 2026 |
| CVE-2026-49496 | Ghidra — Ghidra before 12 | MEDIUM | 6.1 | NVD | Jun 10, 2026 |
| CVE-2026-49069 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | HIGH | 7.1 | NVD | Jun 10, 2026 |
| CVE-2025-71330 | image-size through 2 | HIGH | 7.5 | NVD | Jun 10, 2026 |
| CVE-2025-71329 | image-size through 2 | HIGH | 7.5 | NVD | Jun 10, 2026 |
| CVE-2026-24067 | Slate Digital Connect 1 | HIGH | 8.4 | NVD | Jun 10, 2026 |
| CVE-2026-24066 | Slate Digital Connect 1 | HIGH | 8.4 | NVD | Jun 10, 2026 |
| CVE-2026-11853 | Debusine is an integrated solution to build, distribute and maintain a Debian-ba | MEDIUM | 6.5 | NVD | Jun 10, 2026 |
| CVE-2026-11852 | Debusine is an integrated solution to build, distribute and maintain a Debian-ba | MEDIUM | 6.5 | NVD | Jun 10, 2026 |
| CVE-2025-6254 | The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in | CRITICAL | 9.8 | NVD | Jun 10, 2026 |
| CVE-2026-9019 | The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site S | MEDIUM | 6.4 | NVD | Jun 10, 2026 |
| CVE-2026-8613 | The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cr | MEDIUM | 6.4 | NVD | Jun 10, 2026 |
| CVE-2026-9067 | The Schema & Structured Data for WP & AMP WordPress plugin before 1 | CRITICAL | 9.1 | NVD | Jun 10, 2026 |
| CVE-2026-8071 | The Anti-Spam by CleanTalk | HIGH | 8.8 | NVD | Jun 10, 2026 |
| CVE-2026-3326 | The Xstore WordPress theme before 9 | HIGH | 8.6 | NVD | Jun 10, 2026 |
| CVE-2026-11837 | A local privilege escalation vulnerability was found in the ansible | HIGH | 7.3 | NVD | Jun 10, 2026 |
| CVE-2025-8444 | The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Tem | MEDIUM | 6.4 | NVD | Jun 10, 2026 |
| CVE-2026-40988 | An application using spring-security-saml2-service-provider and the REDIRECT bin | HIGH | 7.5 | NVD | Jun 10, 2026 |
| CVE-2026-9754 | An authenticated user with the read role may read limited amounts of uninitializ | MEDIUM | 6.5 | NVD | Jun 09, 2026 |
| CVE-2026-9753 | The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute | HIGH | 8.1 | NVD | Jun 09, 2026 |
| CVE-2026-9752 | An authorized user could trigger a server crash by running a query with a 2dsphe | MEDIUM | 6.5 | NVD | Jun 09, 2026 |
| CVE-2026-9750 | An authenticated user can cause a MongoDB server to crash or return incorrect re | MEDIUM | 6.5 | NVD | Jun 09, 2026 |
| CVE-2026-9749 | This issue can occur when running an aggregation pipeline that uses the internal | MEDIUM | 6.5 | NVD | Jun 09, 2026 |
| CVE-2026-9748 | The $_internalConvertBucketIndexStats stage used PauseExecution as a way to sign | MEDIUM | 6.5 | NVD | Jun 09, 2026 |
| CVE-2026-9747 | Adding fromRouter:true and runtimeConstants | MEDIUM | 6.5 | NVD | Jun 09, 2026 |
| CVE-2026-9746 | When using $changestreams and $_requestReshardingResumeToken with the exchange o | MEDIUM | 6.5 | NVD | Jun 09, 2026 |
| CVE-2026-9743 | In MongoDB Server 8 | MEDIUM | 6.5 | NVD | Jun 09, 2026 |
| CVE-2026-9742 | When OIDC authentication is enabled in configuration, clients may set specific v | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-9741 | A bug in query analysis processing of the $vectorSearch aggregation stage for Qu | MEDIUM | 6.5 | NVD | Jun 09, 2026 |
| CVE-2026-9740 | A vulnerability in MongoDB Server's BSON validation logic allows an unauthentica | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-46433 | Lldpd — lldpd is an implementation of IEEE 802 | MEDIUM | 6.5 | NVD | Jun 09, 2026 |
| CVE-2026-46374 | SQLFluff is a modular SQL linter and auto-formatter with support for multiple di | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-46373 | SQLFluff is a modular SQL linter and auto-formatter with support for multiple di | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-33828 | Windows 10 1607 — Trust boundary violation in Windows Attestation allows an au | HIGH | 7.8 | NVD | Jun 09, 2026 |
| CVE-2026-32193 | Improper limitation of a pathname to a restricted directory ('path traversal') i | HIGH | 8.8 | NVD | Jun 09, 2026 |
| CVE-2026-26142 | Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized a | CRITICAL | 9.8 | NVD | Jun 09, 2026 |
| CVE-2026-24181 | NVIDIA DALI contains a vulnerability in a component where an attacker could caus | HIGH | 7.3 | NVD | Jun 09, 2026 |
| CVE-2026-24180 | NVIDIA DALI contains a vulnerability in a component where an attacker could caus | HIGH | 7.3 | NVD | Jun 09, 2026 |
| CVE-2026-22926 | Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation | HIGH | 7.8 | NVD | Jun 09, 2026 |
| CVE-2017-20245 | Wow Viral Signups 2 | HIGH | 8.2 | NVD | Jun 09, 2026 |
| CVE-2017-20244 | Wow Forms WordPress Plugin version 2 | HIGH | 8.2 | NVD | Jun 09, 2026 |
| CVE-2017-20243 | WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQ | HIGH | 8.2 | NVD | Jun 09, 2026 |
| CVE-2016-20065 | Product Catalog 8 1 | HIGH | 8.2 | NVD | Jun 09, 2026 |
| CVE-2016-20064 | WP Vault 0 | MEDIUM | 6.2 | NVD | Jun 09, 2026 |
| CVE-2016-20063 | Single Personal Message 1 | HIGH | 7.1 | NVD | Jun 09, 2026 |
| CVE-2016-20062 | Simply Poll 1 | HIGH | 8.2 | NVD | Jun 09, 2026 |
| CVE-2026-41842 | Spring Framework — Spring MVC and WebFlux applications are vulnerable to Denial | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-41720 | Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a b | HIGH | 7.4 | NVD | Jun 09, 2026 |
| CVE-2026-41715 | In specific scenarios involving HTTP redirects from a secure to an insecure endp | MEDIUM | 6.1 | NVD | Jun 09, 2026 |
| CVE-2026-41007 | Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instanc | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-41006 | Spring HATEOAS's internal PropertyUtils | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-40984 | In Micrometer, it is possible for a user to provide specially crafted HTTP reque | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-40983 | In Micrometer, it is possible for a user to provide specially crafted gRPC reque | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-11603 | The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Re | MEDIUM | 6.1 | NVD | Jun 09, 2026 |
| CVE-2026-10738 | The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Si | MEDIUM | 6.4 | NVD | Jun 09, 2026 |
| CVE-2026-10024 | The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-S | MEDIUM | 6.4 | NVD | Jun 09, 2026 |
| CVE-2026-11646 | Chrome — Use after free in ViewTransitions in Google Chrome prior to | HIGH | 8.8 | NVD | Jun 09, 2026 |
| CVE-2026-11644 | Chrome — Use after free in Views in Google Chrome on Linux prior to 1 | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-11643 | Chrome — Use after free in Proxy in Google Chrome prior to 149 | HIGH | 8.1 | NVD | Jun 09, 2026 |
| CVE-2026-11642 | Chrome — Use after free in Web Apps in Google Chrome prior to 149 | HIGH | 8.3 | NVD | Jun 09, 2026 |
| CVE-2026-11641 | Chrome — Use after free in Bluetooth in Google Chrome on Windows prio | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-11640 | Chrome — Integer overflow in libyuv in Google Chrome prior to 149 | HIGH | 8.3 | NVD | Jun 09, 2026 |
| CVE-2026-11639 | Chrome — Use after free in Compositing in Google Chrome on Mac prior | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-11638 | Chrome — Use after free in Printing in Google Chrome prior to 149 | CRITICAL | 9.6 | NVD | Jun 09, 2026 |
| CVE-2026-11637 | Chrome — Use after free in Views in Google Chrome on Mac prior to 149 | HIGH | 8.8 | NVD | Jun 09, 2026 |
| CVE-2026-11636 | Chrome — Use after free in Autofill in Google Chrome on Windows prior | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-11635 | Chrome — Use after free in Bluetooth in Google Chrome on Mac prior to | HIGH | 8.3 | NVD | Jun 09, 2026 |
| CVE-2026-11634 | Chrome — Use after free in Gamepad in Google Chrome on Windows prior | CRITICAL | 9.6 | NVD | Jun 09, 2026 |
| CVE-2026-11633 | Chrome — Use after free in Bluetooth in Google Chrome on Mac prior to | HIGH | 8.8 | NVD | Jun 09, 2026 |
| CVE-2026-11632 | Chrome — Use after free in TabStrip in Google Chrome prior to 149 | HIGH | 7.5 | NVD | Jun 09, 2026 |
| CVE-2026-11631 | Chrome — Use after free in Aura in Google Chrome on Windows prior to | HIGH | 8.3 | NVD | Jun 09, 2026 |
| CVE-2026-11630 | Chrome — Use after free in File Input in Google Chrome prior to 149 | HIGH | 8.8 | NVD | Jun 09, 2026 |
| CVE-2026-11629 | Chrome — Use after free in Ozone in Google Chrome prior to 149 | HIGH | 8.8 | NVD | Jun 09, 2026 |
| CVE-2026-11628 | Chrome — Use after free in Ozone in Google Chrome prior to 149 | MEDIUM | 6.8 | NVD | Jun 09, 2026 |
| CVE-2026-11645 | Google - Chromium V8 | CRITICAL | N/A | CISA | Jun 09, 2026 |
| CVE-2026-20245 | Cisco - Catalyst SD-WAN Manager | CRITICAL | N/A | CISA | Jun 09, 2026 |
| CVE-2026-7473 | Arista - Extensible Operating System | CRITICAL | N/A | CISA | Jun 09, 2026 |
| CVE-2026-41448 | AdGuard Home, when started with the --glinet flag, contains an authentication by | CRITICAL | 9.4 | NVD | Jun 08, 2026 |
| CVE-2026-39910 | STACKIT IaaS API contains a missing authorization check vulnerability that allow | CRITICAL | 9.8 | NVD | Jun 08, 2026 |
| CVE-2026-39908 | OpenBullet2 through version 0 | MEDIUM | 6.5 | NVD | Jun 08, 2026 |
| CVE-2026-25856 | OpenBullet2 through version 0 | HIGH | 8.8 | NVD | Jun 08, 2026 |
| CVE-2026-25855 | OpenBullet2 through version 0 | HIGH | 8.8 | NVD | Jun 08, 2026 |
| CVE-2026-25559 | OpenBullet2 through version 0 | HIGH | 8.8 | NVD | Jun 08, 2026 |
| CVE-2026-25555 | OpenBullet2 through version 0 | CRITICAL | 9.8 | NVD | Jun 08, 2026 |
| CVE-2026-11611 | A flaw was found in 389 Directory Server | MEDIUM | 6.5 | NVD | Jun 08, 2026 |
| CVE-2026-11532 | A weakness has been identified in imvks786 student_management_system up to 9599b | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-11531 | A security flaw has been discovered in imvks786 student_management_system up to | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11530 | A vulnerability was identified in imvks786 student_management_system up to 9599b | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11577 | A flaw was found in Keycloak | HIGH | 7.2 | NVD | Jun 08, 2026 |
| CVE-2026-11514 | A flaw has been found in itsourcecode Hospital Management System 1 | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-11513 | A vulnerability was detected in itsourcecode Hospital Management System 1 | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-50752 | A weakness in the certificate validation logic of the deprecated IKEv1 key excha | HIGH | 7.4 | NVD | Jun 08, 2026 |
| CVE-2026-3011 | The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-S | MEDIUM | 6.4 | NVD | Jun 08, 2026 |
| CVE-2026-11510 | A security flaw has been discovered in CodeAstro Leave Management System 1 | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-11509 | A vulnerability was identified in CodeAstro Leave Management System 1 | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-11508 | A vulnerability was determined in CodeAstro Leave Management System 1 | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-11507 | A vulnerability was found in CodeAstro Leave Management System 1 | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-11506 | A vulnerability has been found in CodeAstro Leave Management System 1 | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-11504 | A vulnerability was detected in Tenda CX12L 16 | HIGH | 8.8 | NVD | Jun 08, 2026 |
| CVE-2026-41724 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting | HIGH | 8.0 | NVD | Jun 08, 2026 |
| CVE-2026-41723 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting | HIGH | 8.0 | NVD | Jun 08, 2026 |
| CVE-2026-41722 | VMware Cloud Foundation Operations contains multiple stored cross-site scripting | HIGH | 8.0 | NVD | Jun 08, 2026 |
| CVE-2026-3238 | A flaw was found in Samba’s WINS server component when running as an Active Dire | HIGH | 7.5 | NVD | Jun 08, 2026 |
| CVE-2026-11499 | A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon | CRITICAL | 9.8 | NVD | Jun 08, 2026 |
| CVE-2026-11498 | A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon | HIGH | 8.8 | NVD | Jun 08, 2026 |
| CVE-2026-11495 | A vulnerability was detected in CodeAstro Ingredients Stock Management System 1 | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-11490 | A vulnerability was determined in code-projects Online Music Site 1 | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11489 | A vulnerability was found in code-projects Online Music Site 1 | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11488 | A vulnerability has been found in code-projects Simple Flight Ticket Booking Sys | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11486 | A vulnerability was detected in SourceCodester Class and Exam Timetabling System | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11485 | A security vulnerability has been detected in SourceCodester Class and Exam Time | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11484 | A weakness has been identified in SourceCodester Class and Exam Timetabling Syst | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11483 | A security flaw has been discovered in SourceCodester Class and Exam Timetabling | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2023-54352 | WordPress Seotheme contains a remote code execution vulnerability that allows un | CRITICAL | 9.8 | NVD | Jun 08, 2026 |
| CVE-2023-54351 | WordPress Sonaar Music Plugin 4 | HIGH | 7.2 | NVD | Jun 08, 2026 |
| CVE-2023-54350 | WordPress Augmented-Reality plugin contains a remote code execution vulnerabilit | HIGH | 7.5 | NVD | Jun 08, 2026 |
| CVE-2022-50953 | WordPress Plugin admin-word-count-column 2 | MEDIUM | 6.2 | NVD | Jun 08, 2026 |
| CVE-2021-47984 | WordPress Plugin WP24 Domain Check 1 | MEDIUM | 6.4 | NVD | Jun 08, 2026 |
| CVE-2021-47983 | WordPress Plugin Stripe Payments 2 | MEDIUM | 6.4 | NVD | Jun 08, 2026 |
| CVE-2021-47982 | WordPress Plugin WP-Paginate 2 | MEDIUM | 6.4 | NVD | Jun 08, 2026 |
| CVE-2026-11474 | A security flaw has been discovered in Kushan2k student-management-system up to | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11473 | A vulnerability was identified in jflyfox jfinal_cms up to 5 | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-11472 | A vulnerability was determined in SourceCodester Class and Exam Timetabling Syst | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11471 | A vulnerability was found in SourceCodester Class and Exam Timetabling System 1 | HIGH | 7.3 | NVD | Jun 08, 2026 |
| CVE-2026-11470 | A vulnerability has been found in hs-web hsweb-framework up to 5 | MEDIUM | 6.3 | NVD | Jun 08, 2026 |
| CVE-2026-50751 | Check Point - Security Gateway | CRITICAL | N/A | CISA | Jun 08, 2026 |
| CVE-2026-42271 | BerriAI - LiteLLM | CRITICAL | N/A | CISA | Jun 08, 2026 |
| EDB-52610 | [webapps] OpenEMR 7.0.2 - Arbitrary File Read | HIGH | N/A | EXPLOIT-DB | Jun 08, 2026 |
| CVE-2026-11463 | A vulnerability was determined in USCiLab Cereal up to 1 | HIGH | 7.3 | NVD | Jun 07, 2026 |
| CVE-2026-11462 | A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up t | HIGH | 7.3 | NVD | Jun 07, 2026 |
| CVE-2026-11461 | A vulnerability has been found in NousResearch hermes-agent up to 0 | MEDIUM | 6.3 | NVD | Jun 07, 2026 |
| CVE-2026-11460 | A flaw has been found in Boost Serialization up to 1 | HIGH | 7.3 | NVD | Jun 07, 2026 |
| CVE-2026-49494 | Comodo Internet Security's firewall driver Inspect | HIGH | 7.5 | NVD | Jun 07, 2026 |
| CVE-2026-11457 | A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d44 | HIGH | 7.3 | NVD | Jun 07, 2026 |
| CVE-2026-11456 | A vulnerability was identified in Chanjet CRM 1 | HIGH | 7.3 | NVD | Jun 07, 2026 |
| CVE-2026-11453 | A vulnerability was found in Tiobon Employee Self-Service System up to 7 | MEDIUM | 6.3 | NVD | Jun 07, 2026 |
| CVE-2026-11452 | A vulnerability has been found in GL | HIGH | 7.3 | NVD | Jun 07, 2026 |
| CVE-2026-11451 | A flaw has been found in GL | HIGH | 7.3 | NVD | Jun 07, 2026 |
| CVE-2026-11450 | A vulnerability was detected in GL | HIGH | 7.3 | NVD | Jun 07, 2026 |
| CVE-2026-11449 | A security vulnerability has been detected in GL | MEDIUM | 6.3 | NVD | Jun 07, 2026 |
| CVE-2026-11447 | A security flaw has been discovered in GL | MEDIUM | 6.3 | NVD | Jun 07, 2026 |
| CVE-2026-26422 | clash-verge-service-ipc before 2 | HIGH | 8.4 | NVD | Jun 06, 2026 |
| CVE-2026-11441 | A vulnerability was identified in theonedev onedev up to 15 | MEDIUM | 6.3 | NVD | Jun 06, 2026 |
| CVE-2026-11440 | A vulnerability was determined in theonedev onedev up to 15 | MEDIUM | 6.3 | NVD | Jun 06, 2026 |
| CVE-2026-11439 | A vulnerability was found in theonedev onedev up to 15 | MEDIUM | 6.3 | NVD | Jun 06, 2026 |
| CVE-2026-11438 | A vulnerability has been found in theonedev onedev up to 15 | MEDIUM | 6.3 | NVD | Jun 06, 2026 |
| CVE-2026-11437 | A flaw has been found in perfree go-fastdfs-web up to 1 | HIGH | 7.3 | NVD | Jun 06, 2026 |
| CVE-2026-11435 | A security vulnerability has been detected in Jinher OA 1 | HIGH | 7.3 | NVD | Jun 06, 2026 |
| CVE-2026-11413 | A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4 | HIGH | 8.8 | NVD | Jun 06, 2026 |
| CVE-2026-11412 | A weakness has been identified in Jinher OA C6 | MEDIUM | 6.3 | NVD | Jun 06, 2026 |
| CVE-2026-11408 | A vulnerability was identified in vertex-app vertex up to 2026 | MEDIUM | 6.3 | NVD | Jun 06, 2026 |
| CVE-2026-11406 | A vulnerability was determined in GL | MEDIUM | 6.3 | NVD | Jun 06, 2026 |
| CVE-2026-9851 | The Booking Package plugin for WordPress is vulnerable to Privilege Escalation v | HIGH | 7.2 | NVD | Jun 06, 2026 |
| CVE-2026-9829 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress | MEDIUM | 6.5 | NVD | Jun 06, 2026 |
| CVE-2026-8901 | The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity For | HIGH | 7.2 | NVD | Jun 06, 2026 |
| CVE-2026-8438 | The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is v | HIGH | 7.2 | NVD | Jun 06, 2026 |
| CVE-2026-9290 | The WP User Manager – User Profile Builder & Membership plugin for WordPress is | HIGH | 7.5 | NVD | Jun 06, 2026 |
| CVE-2026-8900 | The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site | MEDIUM | 6.4 | NVD | Jun 06, 2026 |
| CVE-2026-8893 | The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cros | MEDIUM | 6.4 | NVD | Jun 06, 2026 |
| CVE-2026-7654 | The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection lea | HIGH | 8.8 | NVD | Jun 05, 2026 |
| CVE-2026-11344 | A vulnerability was found in code-projects Vehicle Management System 1 | HIGH | 7.3 | NVD | Jun 05, 2026 |
| CVE-2026-11342 | A vulnerability has been found in code-projects Hotel and Tourism Reservation Sy | HIGH | 7.3 | NVD | Jun 05, 2026 |
| CVE-2026-11341 | A flaw has been found in D-Link DWR-M920 up to 1 | MEDIUM | 6.3 | NVD | Jun 05, 2026 |
| CVE-2025-71318 | NetMan 204 fails to enforce authentication on its administrative pages and comma | CRITICAL | 9.8 | NVD | Jun 05, 2026 |
| CVE-2025-71317 | NetMan 204 contains a hard-coded backdoor account with the username and password | CRITICAL | 9.8 | NVD | Jun 05, 2026 |
| CVE-2026-48112 | 7-Zip is a file archiver with a high compression ratio | MEDIUM | 6.5 | NVD | Jun 05, 2026 |
| CVE-2026-11339 | A vulnerability was detected in D-Link DWR-M920 up to 1 | MEDIUM | 6.3 | NVD | Jun 05, 2026 |
| CVE-2025-5090 | CVX is not resilient to unexpected messages from a connected switch | MEDIUM | 6.5 | NVD | Jun 05, 2026 |
| CVE-2025-5089 | In a CVX cluster, an EOS switch connected to a CVX server is not resilient to ce | MEDIUM | 6.5 | NVD | Jun 05, 2026 |
| CVE-2025-5088 | An authenticated Redis session could be used to obtain full root access to all s | HIGH | 8.3 | NVD | Jun 05, 2026 |
| CVE-2026-50265 | A flaw was found in libinput | HIGH | 7.0 | NVD | Jun 05, 2026 |
| CVE-2026-21031 | Android — Improper authorization in AppBlock prior to SMR Jun-2026 Rel | HIGH | 7.8 | NVD | Jun 05, 2026 |
| CVE-2026-21030 | Android — Improper access control in MediaTek Audio HAL prior to SMR J | HIGH | 7.8 | NVD | Jun 05, 2026 |
| CVE-2026-21029 | Android — Improper export of android application components in Galaxy | HIGH | 7.8 | NVD | Jun 05, 2026 |
| CVE-2026-6274 | Improper Authentication, Missing authentication for critical function, Weak Auth | CRITICAL | 9.8 | NVD | Jun 05, 2026 |
| CVE-2026-49777 | Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin | CRITICAL | 10.0 | NVD | Jun 05, 2026 |
| CVE-2026-11332 | A flaw was found in ansible-core | HIGH | 7.8 | NVD | Jun 05, 2026 |
| CVE-2026-21826 | HCL Digital Experience and HCL Digital Experience Compose could be susceptible t | MEDIUM | 6.1 | NVD | Jun 05, 2026 |
| CVE-2026-21825 | HCL Digital Experience Compose is affected by a reflected cross-site scripting ( | MEDIUM | 6.1 | NVD | Jun 05, 2026 |
| CVE-2026-10732 | All versions of the package decompress are vulnerable to Arbitrary File Write vi | MEDIUM | 6.4 | NVD | Jun 05, 2026 |
| EDB-52609 | [webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection | HIGH | N/A | EXPLOIT-DB | Jun 05, 2026 |
| CVE-2026-28318 | SolarWinds - Serv-U | CRITICAL | N/A | CISA | Jun 05, 2026 |
| CVE-2026-10891 | Chrome — Use after free in GFX in Google Chrome on Linux prior to 149 | HIGH | 8.8 | NVD | Jun 04, 2026 |
| CVE-2026-10890 | Chrome — Use after free in Cast in Google Chrome prior to 149 | HIGH | 8.8 | NVD | Jun 04, 2026 |
| CVE-2026-10889 | Chrome — Out of bounds read in ANGLE in Google Chrome prior to 149 | HIGH | 8.3 | NVD | Jun 04, 2026 |
| CVE-2026-10888 | Chrome — Use after free in Cast Streaming in Google Chrome prior to 1 | HIGH | 8.8 | NVD | Jun 04, 2026 |
| CVE-2026-10887 | Chrome — Use after free in Chromoting in Google Chrome on Mac prior t | HIGH | 8.1 | NVD | Jun 04, 2026 |
| CVE-2026-10886 | Chrome — Use after free in FileSystem in Google Chrome prior to 149 | CRITICAL | 9.6 | NVD | Jun 04, 2026 |
| CVE-2026-10885 | Chrome — Use after free in Chrome for iOS in Google Chrome on iOS pri | HIGH | 8.8 | NVD | Jun 04, 2026 |
| CVE-2026-10884 | Chrome — Use after free in Chromecast in Google Chrome prior to 149 | HIGH | 8.3 | NVD | Jun 04, 2026 |
| CVE-2026-10883 | Chrome — Type Confusion in ANGLE in Google Chrome prior to 149 | HIGH | 8.8 | NVD | Jun 04, 2026 |
| CVE-2026-10882 | Chrome — Use after free in Network in Google Chrome prior to 149 | HIGH | 8.8 | NVD | Jun 04, 2026 |
| CVE-2026-10881 | Chrome — Out of bounds read and write in ANGLE in Google Chrome prior | CRITICAL | 9.6 | NVD | Jun 04, 2026 |
| CVE-2026-10875 | A security flaw has been discovered in projectworlds Online Art Gallery Shop Pro | MEDIUM | 6.3 | NVD | Jun 04, 2026 |
| CVE-2026-10874 | A vulnerability was identified in projectworlds Online Art Gallery Shop Project | MEDIUM | 6.3 | NVD | Jun 04, 2026 |
| CVE-2026-10873 | A vulnerability was determined in Shibby Tomato 1 | HIGH | 7.2 | NVD | Jun 04, 2026 |
| CVE-2026-10872 | A vulnerability was found in Shibby Tomato 1 | HIGH | 7.2 | NVD | Jun 04, 2026 |
| CVE-2025-8873 | On affected platforms running Arista EOS with IPsec configured, a specially craf | HIGH | 7.5 | NVD | Jun 04, 2026 |
| CVE-2024-27892 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set req | CRITICAL | 9.6 | NVD | Jun 04, 2026 |
| CVE-2024-27890 | Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set req | CRITICAL | 9.6 | NVD | Jun 04, 2026 |
| CVE-2025-71316 | SQLite 'sqldiff | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2025-65640 | Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page | MEDIUM | 6.3 | NVD | Jun 04, 2026 |
| CVE-2026-50292 | Libinput — In libinput before 1 | HIGH | 7.4 | NVD | Jun 04, 2026 |
| CVE-2026-48040 | Netty-Incubator-Codec-Ohttp — The netty incubator codec | CRITICAL | 9.1 | NVD | Jun 04, 2026 |
| CVE-2026-25551 | Seagull Software BarTender 2021 R1 through 12 | HIGH | 7.8 | NVD | Jun 04, 2026 |
| CVE-2026-25550 | Seagull Software BarTender 2010, 2016, and 2019 contain an unauthenticated remot | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2026-10880 | OSNexus QuantaStor SDS Manager is vulnerable to SQL injection in the login endpo | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2026-10796 | Node Version Manager — nvm (Node Version Manager) through 0 | HIGH | 7.5 | NVD | Jun 04, 2026 |
| CVE-2025-69755 | An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attac | HIGH | 8.2 | NVD | Jun 04, 2026 |
| CVE-2025-67448 | The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable | HIGH | 7.1 | NVD | Jun 04, 2026 |
| CVE-2025-67447 | The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2026-50076 | Deserialization of Untrusted Data in the Java replace-resolve path in Apache For | CRITICAL | 9.1 | NVD | Jun 04, 2026 |
| CVE-2026-49942 | Net::CIDR::Set versions through 0 | HIGH | 7.3 | NVD | Jun 04, 2026 |
| CVE-2026-49941 | Net::CIDR::Set versions through 0 | HIGH | 7.5 | NVD | Jun 04, 2026 |
| CVE-2026-49940 | Net::CIDR::Set versions through 0 | MEDIUM | 6.5 | NVD | Jun 04, 2026 |
| CVE-2026-46741 | Etsy::StatsD versions through 1 | HIGH | 7.5 | NVD | Jun 04, 2026 |
| CVE-2025-67446 | Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Route | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2019-25729 | PDF Signer 3 | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2019-25728 | Care2x 2 | HIGH | 8.2 | NVD | Jun 04, 2026 |
| CVE-2019-25727 | WordPress Plugin ad manager wd 1 | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2019-25726 | All in One Video Downloader 1 | HIGH | 8.2 | NVD | Jun 04, 2026 |
| CVE-2026-4104 | Authorization bypass through User-Controlled SQL primary key vulnerability in Ak | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2026-10843 | A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM polici | HIGH | 7.2 | NVD | Jun 04, 2026 |
| CVE-2026-10840 | A flaw was found in the OpenShift Pipelines operator | CRITICAL | 9.6 | NVD | Jun 04, 2026 |
| CVE-2025-52612 | Icontrol — HCL iControl was affected by Export CSV - CSV Injection vuln | HIGH | 7.1 | NVD | Jun 04, 2026 |
| CVE-2026-50210 | Connect M6E 5G Firmware — The device encrypts data using AES-CBC with static zero-fill | HIGH | 7.5 | NVD | Jun 04, 2026 |
| CVE-2026-50209 | Connect M6E 5G Firmware — Broadcast events allow malicious software to rewrite the dev | HIGH | 7.8 | NVD | Jun 04, 2026 |
| CVE-2026-50208 | Connect M6E 5G Firmware — High-risk TrustAllCerts routines disable standard TLS certif | CRITICAL | 9.4 | NVD | Jun 04, 2026 |
| CVE-2026-50207 | Connect M6E 5G Firmware — The system Binder boundary accepts unverified pass-through A | HIGH | 7.8 | NVD | Jun 04, 2026 |
| CVE-2026-3820 | There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-21 | HIGH | 7.2 | NVD | Jun 04, 2026 |
| CVE-2026-50206 | Connect M6E 5G Firmware — Incoming VPN network profile settings fail to process specia | MEDIUM | 6.8 | NVD | Jun 04, 2026 |
| CVE-2026-50205 | Connect M6E 5G Firmware — System log files output unencrypted SMTP server authenticati | HIGH | 8.2 | NVD | Jun 04, 2026 |
| CVE-2026-49204 | Connect M6E 5G Firmware — Leftover debug modules contain fixed credentials for interna | MEDIUM | 6.5 | NVD | Jun 04, 2026 |
| CVE-2026-49203 | Connect M6E 5G Firmware — Crucial management API endpoints for cellular eSIM allocatio | HIGH | 8.3 | NVD | Jun 04, 2026 |
| CVE-2026-49202 | Connect M6E 5G Firmware — Internal multimedia session archives are accessible without | HIGH | 8.6 | NVD | Jun 04, 2026 |
| CVE-2026-49194 | Connect M6E 5G Firmware — The debugging routine SCREEN_CLICK(5053) enables a connectio | HIGH | 8.8 | NVD | Jun 04, 2026 |
| CVE-2026-49193 | Connect M6E 5G Firmware — Overly permissive configuration settings on cloud storage co | HIGH | 7.5 | NVD | Jun 04, 2026 |
| CVE-2026-49191 | Connect M6E 5G Firmware — The production build of the M3WebServer hard-codes its backe | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2026-49190 | Connect M6E 5G Firmware — The system fails to evaluate instructional permissions over | HIGH | 8.8 | NVD | Jun 04, 2026 |
| CVE-2026-49189 | Connect M6E 5G Firmware — Unchecked public access permissions on a core Broadcast Rece | HIGH | 7.8 | NVD | Jun 04, 2026 |
| CVE-2026-49188 | Connect M6E 5G Firmware — The ai_cmd utility executes with full root permissions | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2026-49187 | Connect M6E 5G Firmware — The hard-coded APK resource files never expire, and the shar | HIGH | 7.5 | NVD | Jun 04, 2026 |
| CVE-2026-10805 | A flaw was found in NetworkManager | MEDIUM | 6.7 | NVD | Jun 04, 2026 |
| CVE-2026-49186 | Connect M6E 5G Firmware — The local MQTT broker does not enforce topic-level Access Co | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2026-49185 | Connect M6E 5G Firmware — The FieldX MDM adb messaging topic passes unverified payload | CRITICAL | 9.8 | NVD | Jun 04, 2026 |
| CVE-2026-41283 | OpenStack Mistral through 22 | CRITICAL | 9.9 | NVD | Jun 04, 2026 |
| CVE-2026-41010 | ReleaseJob#unpack builds job_dir = File | HIGH | 8.2 | NVD | Jun 04, 2026 |
| CVE-2026-8829 | HTML::Entities versions before 3 | HIGH | 7.5 | NVD | Jun 04, 2026 |
| CVE-2026-41860 | CWE-326 in BOSH allows a local attacker to steal Basic-auth credentials or redir | HIGH | 8.8 | NVD | Jun 04, 2026 |
| CVE-2026-41859 | A network man-in-the-middle between nats-sync and the BOSH director can steal th | HIGH | 7.8 | NVD | Jun 04, 2026 |
| CVE-2026-41858 | Weak Randomness / Insecure Cryptographic Primitive (CWE-338) in Get-RandomPasswo | HIGH | 7.5 | NVD | Jun 04, 2026 |
| CVE-2026-41011 | PackagePersister | HIGH | 8.2 | NVD | Jun 04, 2026 |
| CVE-2026-8653 | The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to generic SQL I | MEDIUM | 6.5 | NVD | Jun 04, 2026 |
| CVE-2026-7764 | An out-of-bounds read vulnerability in the morse | MEDIUM | 6.8 | NVD | Jun 04, 2026 |
| CVE-2026-10737 | The SP Project & Document Manager plugin for WordPress is vulnerable to unauthor | HIGH | 7.5 | NVD | Jun 04, 2026 |
| CVE-2026-8722 | Net::Async::Statsd::Client versions through 0 | MEDIUM | 6.5 | NVD | Jun 04, 2026 |
| CVE-2026-10777 | A vulnerability was identified in ealpha072 Student-Management-System up to 0145 | HIGH | 7.3 | NVD | Jun 03, 2026 |
| CVE-2026-36612 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2 | MEDIUM | 6.4 | NVD | Jun 03, 2026 |
| CVE-2026-36611 | Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of un | HIGH | 7.3 | NVD | Jun 03, 2026 |
| CVE-2026-36609 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static au | HIGH | 7.3 | NVD | Jun 03, 2026 |
| CVE-2026-36608 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddP | HIGH | 8.8 | NVD | Jun 03, 2026 |
| CVE-2026-36607 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthent | HIGH | 8.8 | NVD | Jun 03, 2026 |
| CVE-2026-36606 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configu | HIGH | 7.1 | NVD | Jun 03, 2026 |
| CVE-2026-36605 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 is vulnerable to | MEDIUM | 6.5 | NVD | Jun 03, 2026 |
| CVE-2026-36604 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 does not validat | MEDIUM | 6.5 | NVD | Jun 03, 2026 |
| CVE-2026-36603 | Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 exposes 15 of 18 | HIGH | 8.1 | NVD | Jun 03, 2026 |
| CVE-2026-20233 | A vulnerability in the web-based user interface of Cisco Webex Meetings could ha | MEDIUM | 6.1 | NVD | Jun 03, 2026 |
| CVE-2026-20230 | A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco U | HIGH | 8.6 | NVD | Jun 03, 2026 |
| CVE-2026-20175 | A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker | MEDIUM | 6.1 | NVD | Jun 03, 2026 |
| CVE-2019-25720 | Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL | MEDIUM | 6.5 | NVD | Jun 03, 2026 |
| CVE-2026-35084 | A remote attacker with user privileges can exploit a stack buffer overflow in da | HIGH | 8.8 | NVD | Jun 03, 2026 |
| CVE-2026-35083 | A remote attacker with user privileges can exploit a stack buffer overflow to ga | HIGH | 8.8 | NVD | Jun 03, 2026 |
| CVE-2026-35082 | The ugw-logread method allows a remote attacker with user privileges to access a | HIGH | 8.8 | NVD | Jun 03, 2026 |
| CVE-2026-35081 | The ugw-logstop method allows a remote attacker with user privileges to terminat | HIGH | 8.1 | NVD | Jun 03, 2026 |
| CVE-2026-35080 | The ugw-restoreinfo method allows a remote attacker with user privileges to dele | HIGH | 8.1 | NVD | Jun 03, 2026 |
| CVE-2026-35079 | The ugw-restore method allows a remote attacker with user privileges to delete a | HIGH | 8.1 | NVD | Jun 03, 2026 |
| CVE-2026-35078 | The ugw-logstop method allows a remote attacker with user privileges to delete | HIGH | 8.1 | NVD | Jun 03, 2026 |
| CVE-2026-35077 | The ugw-delete-file method allows a remote attacker with user privileges to del | HIGH | 8.1 | NVD | Jun 03, 2026 |
| CVE-2026-35076 | The bac-scanresult method allows a remote attacker with user privileges to delet | HIGH | 8.1 | NVD | Jun 03, 2026 |
| CVE-2026-35075 | An unauthenticated remote attacker can recover a default, hard coded password fr | CRITICAL | 9.8 | NVD | Jun 03, 2026 |
| CVE-2026-47065 | ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via j | CRITICAL | 9.8 | NVD | Jun 03, 2026 |
| CVE-2026-41032 | It is possible for an unauthenticated adjacent attacker to download log files of | HIGH | 7.5 | NVD | Jun 03, 2026 |
| CVE-2025-15656 | Incorrect Privilege Assignment vulnerability in Mojoomla School Management allow | HIGH | 8.8 | NVD | Jun 03, 2026 |
| CVE-2025-15655 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 7.6 | NVD | Jun 03, 2026 |
| CVE-2025-14774 | T-Mac Plus — Incorrect Authorization vulnerability in ABB T-MAC Plus | HIGH | 7.4 | NVD | Jun 03, 2026 |
| CVE-2025-14773 | T-Mac Plus — Improper neutralization of input during web page generation | HIGH | 8.0 | NVD | Jun 03, 2026 |
| CVE-2025-14772 | T-Mac Plus — Authorization bypass through User-Controlled key vulnerabili | HIGH | 8.8 | NVD | Jun 03, 2026 |
| CVE-2025-14771 | T-Mac Plus — Files or directories accessible to external parties vulnerab | CRITICAL | 9.9 | NVD | Jun 03, 2026 |
| CVE-2026-4035 | Mlflow — A vulnerability in mlflow/mlflow versions prior to 3 | HIGH | 7.7 | NVD | Jun 03, 2026 |
| CVE-2025-15654 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | HIGH | 7.1 | NVD | Jun 03, 2026 |
| CVE-2026-10690 | A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0 | MEDIUM | 6.3 | NVD | Jun 03, 2026 |
| CVE-2026-45247 | Mirasvit - Mirasvit Full Page Cache Warmer | CRITICAL | N/A | CISA | Jun 03, 2026 |
| CVE-2026-44654 | Librechat — LibreChat is an enhanced ChatGPT clone that supports multipl | HIGH | 8.1 | NVD | Jun 02, 2026 |
| CVE-2026-44653 | Librechat — LibreChat is an enhanced ChatGPT clone that supports multipl | MEDIUM | 6.5 | NVD | Jun 02, 2026 |
| CVE-2026-42504 | Decoding a maliciously-crafted MIME header containing many invalid encoded-words | HIGH | 7.5 | NVD | Jun 02, 2026 |
| CVE-2026-35482 | alf | HIGH | 8.0 | NVD | Jun 02, 2026 |
| CVE-2026-32625 | Librechat — LibreChat is an enhanced ChatGPT clone that supports multipl | CRITICAL | 9.6 | NVD | Jun 02, 2026 |
| CVE-2026-31942 | Librechat — LibreChat is an enhanced ChatGPT clone that supports multipl | HIGH | 7.1 | NVD | Jun 02, 2026 |
| CVE-2026-27145 | (*x509 | MEDIUM | 6.5 | NVD | Jun 02, 2026 |
| CVE-2026-10662 | A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3 | MEDIUM | 6.3 | NVD | Jun 02, 2026 |
| CVE-2019-25724 | Dräger Infinity M300 patient worn monitors with software version VG2 | MEDIUM | 6.5 | NVD | Jun 02, 2026 |
| CVE-2019-25722 | Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL | HIGH | 7.6 | NVD | Jun 02, 2026 |
| CVE-2019-25721 | Dräger Infinity M300 patient worn monitors with software version VG2 | MEDIUM | 6.5 | NVD | Jun 02, 2026 |
| CVE-2026-49943 | CZ | MEDIUM | 6.3 | NVD | Jun 02, 2026 |
| CVE-2026-42074 | Openclaude — OpenClaude is an open-source coding-agent command line inter | CRITICAL | 9.8 | NVD | Jun 02, 2026 |
| CVE-2026-42073 | Openclaude — OpenClaude is an open-source coding-agent command line inter | MEDIUM | 6.5 | NVD | Jun 02, 2026 |
| CVE-2026-40715 | Dell ThinOS 10, versions prior to ThinOS10 2602_10 | HIGH | 7.8 | NVD | Jun 02, 2026 |
| CVE-2026-40713 | Dell ThinOS 10, versions prior to ThinOS10 2602_10 | MEDIUM | 6.1 | NVD | Jun 02, 2026 |
| CVE-2026-24237 | NVIDIA NVTabular contains a vulnerability where an attacker could cause improper | HIGH | 7.8 | NVD | Jun 02, 2026 |
| CVE-2026-24221 | NVIDIA NVTabular contains a vulnerability where an attacker could cause improper | HIGH | 7.8 | NVD | Jun 02, 2026 |
| CVE-2026-10606 | A vulnerability was determined in DedeCMS 5 | HIGH | 7.3 | NVD | Jun 02, 2026 |
| CVE-2026-0611 | Spacelabs Healthcare Sentinel versions 10 | CRITICAL | 9.8 | NVD | Jun 02, 2026 |
| CVE-2026-10622 | Improper Authentication in REST API in Collibra Agent, allows a remote unauthent | HIGH | 8.2 | NVD | Jun 02, 2026 |
| CVE-2026-10621 | Path traversal in restore handler in Collibra Agent, allows an attacker to write | HIGH | 7.5 | NVD | Jun 02, 2026 |
| CVE-2025-69369 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | HIGH | 8.1 | NVD | Jun 02, 2026 |
| CVE-2025-68886 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | HIGH | 8.1 | NVD | Jun 02, 2026 |
| CVE-2025-58897 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | HIGH | 8.1 | NVD | Jun 02, 2026 |
| CVE-2025-58707 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | HIGH | 8.1 | NVD | Jun 02, 2026 |
| CVE-2019-25719 | Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors | HIGH | 8.6 | NVD | Jun 02, 2026 |
| CVE-2026-8993 | D | MEDIUM | 6.5 | NVD | Jun 02, 2026 |
| CVE-2026-42685 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | HIGH | 7.1 | NVD | Jun 02, 2026 |
| CVE-2026-42684 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | CRITICAL | 9.3 | NVD | Jun 02, 2026 |
| CVE-2026-42670 | Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star | HIGH | 7.5 | NVD | Jun 02, 2026 |
| CVE-2026-42669 | Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly | HIGH | 7.5 | NVD | Jun 02, 2026 |
| CVE-2026-39551 | Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Ob | HIGH | 8.1 | NVD | Jun 02, 2026 |
| CVE-2026-39550 | Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows | HIGH | 8.1 | NVD | Jun 02, 2026 |
| CVE-2025-58705 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | HIGH | 8.1 | NVD | Jun 02, 2026 |
| CVE-2025-58024 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | HIGH | 7.5 | NVD | Jun 02, 2026 |
| CVE-2025-53440 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP | HIGH | 8.1 | NVD | Jun 02, 2026 |
| CVE-2025-52759 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | HIGH | 7.1 | NVD | Jun 02, 2026 |
| CVE-2026-8885 | The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cros | MEDIUM | 6.4 | NVD | Jun 02, 2026 |
| CVE-2026-4081 | The ZeM STL plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi | MEDIUM | 6.4 | NVD | Jun 02, 2026 |
| CVE-2026-4080 | The Easy Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting | MEDIUM | 6.4 | NVD | Jun 02, 2026 |
| CVE-2026-2425 | The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross | MEDIUM | 6.1 | NVD | Jun 02, 2026 |
| CVE-2026-2382 | The FPW Category Thumbnails plugin for WordPress is vulnerable to Stored Cross-S | MEDIUM | 6.4 | NVD | Jun 02, 2026 |
| CVE-2026-1784 | The Route OpenShift resource allows to define routes to make pods reachable at a | HIGH | 8.8 | NVD | Jun 02, 2026 |
| CVE-2026-1451 | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting | MEDIUM | 6.1 | NVD | Jun 02, 2026 |
| CVE-2026-1450 | The rognone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting | MEDIUM | 6.1 | NVD | Jun 02, 2026 |
| CVE-2026-8293 | The Really Simple Security WordPress plugin before 9 | HIGH | 7.5 | NVD | Jun 02, 2026 |
| CVE-2025-48595 | Android - Framework | CRITICAL | N/A | CISA | Jun 02, 2026 |
| CVE-2022-0492 | Linux - Kernel | CRITICAL | N/A | CISA | Jun 02, 2026 |
| CVE-2026-24088 | Ar9380 Firmware — Cryptographic Issue while processing a specific partition wh | HIGH | 8.2 | NVD | Jun 01, 2026 |
| CVE-2026-24087 | Ar8031 Firmware — Memory corruption while processing fastboot OEM commands | HIGH | 7.2 | NVD | Jun 01, 2026 |
| CVE-2026-24085 | Qca6391 Firmware — Memory Corruption when processing display command line infor | HIGH | 7.2 | NVD | Jun 01, 2026 |
| CVE-2026-10297 | A vulnerability was identified in itsourcecode Fees Management System 1 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10296 | A vulnerability was determined in itsourcecode Fees Management System 1 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2025-59614 | Cologne Firmware — Memory Corruption when sending random number generator comma | MEDIUM | 6.7 | NVD | Jun 01, 2026 |
| CVE-2025-59613 | Cologne Firmware — Memory Corruption when output buffer size is smaller than in | MEDIUM | 6.7 | NVD | Jun 01, 2026 |
| CVE-2025-59612 | Cologne Firmware — Memory corruption in windows drivers while sending incorrect | MEDIUM | 6.7 | NVD | Jun 01, 2026 |
| CVE-2025-59611 | Aqt1000 Firmware — Memory corruption in diagnostic services due to absence of i | MEDIUM | 6.7 | NVD | Jun 01, 2026 |
| CVE-2025-59610 | Snapdragon G1 Gen 2 Gaming Platform Firmware — Memory Corruption when processing IOCTL requests with mismat | MEDIUM | 6.4 | NVD | Jun 01, 2026 |
| CVE-2025-59606 | Cologne Firmware — Memory Corruption when writing to invalid memory locations o | HIGH | 7.8 | NVD | Jun 01, 2026 |
| CVE-2025-59605 | Snapdragon G1 Gen 2 Gaming Platform Firmware — Memory Corruption when processing device identifier strings | HIGH | 7.8 | NVD | Jun 01, 2026 |
| CVE-2025-59604 | Snapdragon 480 5G Mobile Platform Firmware — Memory Corruption when running a memory copy operation due t | HIGH | 7.8 | NVD | Jun 01, 2026 |
| CVE-2025-59601 | Fastconnect 7800 Firmware — Information Disclosure when resetting device to factory defa | MEDIUM | 6.5 | NVD | Jun 01, 2026 |
| CVE-2019-25718 | Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that | HIGH | 8.4 | NVD | Jun 01, 2026 |
| CVE-2026-42674 | Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Ma | HIGH | 7.5 | NVD | Jun 01, 2026 |
| CVE-2026-42673 | Insertion of Sensitive Information Into Sent Data vulnerability in Logtivity Act | HIGH | 7.5 | NVD | Jun 01, 2026 |
| CVE-2026-42672 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | CRITICAL | 9.3 | NVD | Jun 01, 2026 |
| CVE-2026-42671 | Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Inco | MEDIUM | 6.5 | NVD | Jun 01, 2026 |
| CVE-2026-38950 | An issue in ESA AnomalyMatch before 1 | HIGH | 7.8 | NVD | Jun 01, 2026 |
| CVE-2026-37227 | FlexRIC v2 | HIGH | 7.5 | NVD | Jun 01, 2026 |
| CVE-2026-37225 | FlexRIC v2 | HIGH | 7.5 | NVD | Jun 01, 2026 |
| CVE-2026-37224 | FlexRIC v2 | HIGH | 7.5 | NVD | Jun 01, 2026 |
| CVE-2026-37223 | FlexRIC v2 | HIGH | 7.5 | NVD | Jun 01, 2026 |
| CVE-2026-37222 | FlexRIC v2 | HIGH | 7.5 | NVD | Jun 01, 2026 |
| CVE-2026-10274 | A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833a | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10273 | A vulnerability was found in php-censor up to 2 | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-10272 | A vulnerability has been found in a4m4 Student-Management-System up to f0c5f6842 | MEDIUM | 6.5 | NVD | Jun 01, 2026 |
| CVE-2026-10271 | A flaw has been found in a4m4 Student-Management-System up to f0c5f6842c5e8c431f | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10270 | A vulnerability was detected in D-Link DI-7001 MINI up to 19 | HIGH | 8.8 | NVD | Jun 01, 2026 |
| CVE-2026-10269 | A security vulnerability has been detected in decolua 9router up to 0 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10118 | A flaw was found in Poppler's Splash backend | HIGH | 7.8 | NVD | Jun 01, 2026 |
| CVE-2022-4991 | Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a | HIGH | 7.4 | NVD | Jun 01, 2026 |
| CVE-2026-10258 | A weakness has been identified in itsourcecode Content Management System 1 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10257 | A security flaw has been discovered in itsourcecode Content Management System 1 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10256 | A vulnerability was identified in itsourcecode Content Management System 1 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10253 | A vulnerability was detected in itsourcecode Online House Rental System 1 | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-10252 | A security vulnerability has been detected in itsourcecode Online House Rental S | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-10251 | A weakness has been identified in itsourcecode Online House Rental System 1 | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-25600 | The PDBM application relies on a static, hard‑coded secret embedded in the PDBM | MEDIUM | 6.4 | NVD | Jun 01, 2026 |
| CVE-2026-25599 | Missing authentication and clear‑text transmission of data from the heat pumps t | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10250 | A security flaw has been discovered in itsourcecode Online Blood Bank Management | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-10249 | A vulnerability was identified in itsourcecode Online Blood Bank Management Syst | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-10240 | A vulnerability was identified in JeecgBoot up to 3 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10239 | A vulnerability was determined in JeecgBoot up to 3 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10236 | A vulnerability has been found in SourceCodester Water Billing Management System | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-45192 | Airflow — A bug in the GET `/api/v2/connections/{connection_id}` REST | MEDIUM | 6.5 | NVD | Jun 01, 2026 |
| CVE-2026-35563 | Directory Ldap Api — It was identified that the LDAP client implementation in ver | HIGH | 8.5 | NVD | Jun 01, 2026 |
| CVE-2026-10235 | A flaw has been found in CodeAstro Ingredients Stock Management System 1 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10227 | A vulnerability has been found in raisulislamg4 student_management_system_by_php | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-10226 | A flaw has been found in raisulislamg4 student_management_system_by_php up to 31 | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-10225 | A vulnerability was detected in raisulislamg4 student_management_system_by_php u | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-10223 | A weakness has been identified in NousResearch hermes-agent up to 2026 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10217 | A flaw has been found in nextlevelbuilder GoClaw up to 3 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10214 | A weakness has been identified in zhayujie chatgpt-on-wechat up to 2 | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-10212 | A vulnerability was identified in AstrBotDevs AstrBot 4 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10211 | A vulnerability was determined in AstrBotDevs AstrBot 4 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10210 | A vulnerability was found in AstrBotDevs AstrBot 4 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10209 | A vulnerability has been found in code-projects Online Hospital Management Syste | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10208 | A flaw has been found in code-projects Online Hospital Management System 1 | HIGH | 7.3 | NVD | Jun 01, 2026 |
| CVE-2026-10206 | A vulnerability was detected in D-Link DI-8400 up to 16 | HIGH | 8.8 | NVD | Jun 01, 2026 |
| CVE-2026-10205 | A security vulnerability has been detected in Metasoft 美特软件 MetaCRM 6 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10204 | A weakness has been identified in OFCMS 1 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10203 | A security flaw has been discovered in OFCMS 1 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2026-10202 | A vulnerability was identified in OFCMS 1 | MEDIUM | 6.3 | NVD | Jun 01, 2026 |
| CVE-2024-21182 | Oracle - WebLogic Server | CRITICAL | N/A | CISA | Jun 01, 2026 |
| EDB-52607 | [webapps] WordPress OrderConvo 14 - Path Traversal | HIGH | N/A | EXPLOIT-DB | Jun 01, 2026 |
| EDB-52608 | [webapps] Drupal Core 10.5.5 - Error-Based SQL Injection | HIGH | N/A | EXPLOIT-DB | Jun 01, 2026 |
| CVE-2026-8796 | Sereal::Decoder versions before 5 | HIGH | 8.1 | NVD | May 31, 2026 |
| CVE-2026-10194 | A weakness has been identified in OFFIS DCMTK 3 | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10193 | A security flaw has been discovered in OFCMS up to 1 | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10192 | A vulnerability was identified in Tenda W12 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10191 | A vulnerability was determined in Tenda W12 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10190 | A vulnerability was found in Tenda W12 3 | MEDIUM | 6.5 | NVD | May 31, 2026 |
| CVE-2026-10189 | A vulnerability has been found in Tenda W12 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10188 | A flaw has been found in Tenda W12 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10187 | A vulnerability was detected in Totolink N300RH 6 | CRITICAL | 9.8 | NVD | May 31, 2026 |
| CVE-2026-10186 | A security vulnerability has been detected in code-projects Online Hospital Mana | HIGH | 7.3 | NVD | May 31, 2026 |
| CVE-2026-10185 | A weakness has been identified in SourceCodester Hospitals Patient Records Manag | HIGH | 7.3 | NVD | May 31, 2026 |
| CVE-2026-10184 | A security flaw has been discovered in SourceCodester Hospitals Patient Records | HIGH | 7.3 | NVD | May 31, 2026 |
| CVE-2026-10183 | A vulnerability was identified in TRENDnet TEW-432BRP 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10182 | A vulnerability was determined in TRENDnet TEW-432BRP 3 | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-49490 | OpenCATS from version 0 | HIGH | 8.1 | NVD | May 31, 2026 |
| CVE-2026-49489 | OpenCATS through 0 | HIGH | 8.5 | NVD | May 31, 2026 |
| CVE-2026-10181 | A vulnerability was found in TRENDnet TEW-432BRP 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10180 | A vulnerability has been found in TRENDnet TEW-432BRP 3 | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10179 | A flaw has been found in TRENDnet TEW-432BRP 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10178 | A vulnerability was detected in code-projects Online Music Site 1 | HIGH | 7.3 | NVD | May 31, 2026 |
| CVE-2026-10177 | A security vulnerability has been detected in Aider-AI Aider 0 | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10176 | A weakness has been identified in Aider-AI Aider 0 | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10175 | A security flaw has been discovered in Aider-AI Aider 0 | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10174 | A vulnerability was identified in Aider-AI Aider 0 | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10172 | A security flaw has been discovered in Bdtask Multi-Store Inventory Management S | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10170 | A flaw has been found in code-projects Visitor Management System 1 | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10168 | A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School St | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10167 | A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Manage | HIGH | 7.3 | NVD | May 31, 2026 |
| CVE-2026-10166 | A vulnerability was determined in Edimax BR-6478AC 1 | MEDIUM | 6.3 | NVD | May 31, 2026 |
| CVE-2026-10165 | A vulnerability was identified in Edimax BR-6478AC 1 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10164 | A vulnerability was found in Edimax BR-6478AC 1 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10163 | A vulnerability has been found in Edimax BR-6478AC 1 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10162 | A flaw has been found in TRENDnet TEW-432BRP 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10161 | A vulnerability was detected in TRENDnet TEW-432BRP 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10160 | A security vulnerability has been detected in TRENDnet TEW-432BRP 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10159 | A weakness has been identified in TRENDnet TEW-432BRP 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10158 | A security flaw has been discovered in TRENDnet TEW-432BRP 3 | HIGH | 8.8 | NVD | May 31, 2026 |
| CVE-2026-10157 | A vulnerability was identified in Open5GS up to 2 | HIGH | 7.3 | NVD | May 31, 2026 |
| CVE-2026-10152 | A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0 | MEDIUM | 6.3 | NVD | May 30, 2026 |
| CVE-2026-10127 | A weakness has been identified in Edimax BR-6478AC 1 | MEDIUM | 6.3 | NVD | May 30, 2026 |
| CVE-2026-10126 | A security flaw has been discovered in Edimax BR-6478AC 1 | HIGH | 8.8 | NVD | May 30, 2026 |
| CVE-2018-25417 | AiOPMSD Final 1 | HIGH | 8.2 | NVD | May 30, 2026 |
| CVE-2018-25416 | AiOPMSD Final 1 | HIGH | 8.2 | NVD | May 30, 2026 |
| CVE-2018-25415 | AiOPMSD Final 1 | HIGH | 8.2 | NVD | May 30, 2026 |
| CVE-2018-25414 | AiOPMSD Final 1 | HIGH | 8.2 | NVD | May 30, 2026 |
| CVE-2018-25413 | AiOPMSD Final 1 | HIGH | 8.2 | NVD | May 30, 2026 |
| CVE-2018-25412 | Delta Sql 1 | CRITICAL | 9.8 | NVD | May 30, 2026 |
| CVE-2018-25411 | MGB OpenSource Guestbook 0 | HIGH | 8.2 | NVD | May 30, 2026 |
| CVE-2018-25410 | SIM-PKH 2 | HIGH | 7.1 | NVD | May 30, 2026 |
| CVE-2018-25409 | SIM-PKH 2 | HIGH | 8.8 | NVD | May 30, 2026 |
| CVE-2018-25408 | The Open ISES Project 3 | HIGH | 7.5 | NVD | May 30, 2026 |
| CVE-2018-25407 | eNdonesia Portal 8 | HIGH | 8.2 | NVD | May 30, 2026 |
| CVE-2018-25406 | eNdonesia Portal 8 | HIGH | 8.2 | NVD | May 30, 2026 |
| CVE-2018-25405 | eNdonesia Portal 8 | HIGH | 8.2 | NVD | May 30, 2026 |
| CVE-2026-10120 | A vulnerability was detected in TRENDnet TEW-432BRP 3 | HIGH | 8.8 | NVD | May 30, 2026 |
| CVE-2026-10119 | A security vulnerability has been detected in TRENDnet TEW-432BRP 3 | HIGH | 8.8 | NVD | May 30, 2026 |
| CVE-2026-9757 | The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlat | HIGH | 7.5 | NVD | May 30, 2026 |
| CVE-2026-7465 | The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for W | HIGH | 8.8 | NVD | May 30, 2026 |
| CVE-2026-7459 | The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPres | HIGH | 7.5 | NVD | May 30, 2026 |
| CVE-2026-5071 | The SocketCAN implementation validates the length of a user-provided buffer cont | MEDIUM | 6.1 | NVD | May 30, 2026 |
| CVE-2026-10111 | A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1 | HIGH | 7.3 | NVD | May 30, 2026 |
| CVE-2026-10110 | A vulnerability was detected in code-projects Student Details Management System | HIGH | 7.3 | NVD | May 30, 2026 |
| EDB-52604 | [webapps] YAMCS yamcs-core 5.12.7 - User Enumeration | HIGH | N/A | EXPLOIT-DB | May 30, 2026 |
| EDB-52603 | [webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection | HIGH | N/A | EXPLOIT-DB | May 30, 2026 |
| EDB-52606 | [remote] Notepad++ 8.9.6 - Arbitrary Code Execution | HIGH | N/A | EXPLOIT-DB | May 30, 2026 |
| EDB-52605 | [webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting | HIGH | N/A | EXPLOIT-DB | May 30, 2026 |
| CVE-2026-47125 | Arcane is an interface for managing Docker containers, images, networks, and vol | HIGH | 8.8 | NVD | May 29, 2026 |
| CVE-2026-45661 | Dokploy is a free, self-hostable Platform as a Service (PaaS) | CRITICAL | 9.9 | NVD | May 29, 2026 |
| CVE-2026-45633 | Dokploy is a free, self-hostable Platform as a Service (PaaS) | CRITICAL | 9.9 | NVD | May 29, 2026 |
| CVE-2026-45632 | Dokploy is a free, self-hostable Platform as a Service (PaaS) | CRITICAL | 9.9 | NVD | May 29, 2026 |
| CVE-2026-45631 | Dokploy is a free, self-hostable Platform as a Service (PaaS) | CRITICAL | 10.0 | NVD | May 29, 2026 |
| CVE-2026-45630 | Dokploy is a free, self-hostable Platform as a Service (PaaS) | CRITICAL | 9.0 | NVD | May 29, 2026 |
| CVE-2026-45629 | Dokploy is a free, self-hostable Platform as a Service (PaaS) | CRITICAL | 9.9 | NVD | May 29, 2026 |
| CVE-2026-45628 | Dokploy is a free, self-hostable Platform as a Service (PaaS) | CRITICAL | 9.6 | NVD | May 29, 2026 |
| CVE-2026-45627 | Arcane is an interface for managing Docker containers, images, networks, and vol | HIGH | 8.2 | NVD | May 29, 2026 |
| CVE-2026-45626 | Arcane is an interface for managing Docker containers, images, networks, and vol | MEDIUM | 6.3 | NVD | May 29, 2026 |
| CVE-2026-45625 | Arcane is an interface for managing Docker containers, images, networks, and vol | CRITICAL | 9.9 | NVD | May 29, 2026 |
| CVE-2026-44697 | Klever-Go is the Go implementation of the Klever blockchain protocol | HIGH | 8.6 | NVD | May 29, 2026 |
| CVE-2026-10108 | xiaomusic v0 | HIGH | 7.5 | NVD | May 29, 2026 |
| CVE-2026-10107 | MoviePilot v2 contains a server-side request forgery vulnerability in the image | HIGH | 7.7 | NVD | May 29, 2026 |
| CVE-2026-10105 | agno 2 | HIGH | 8.3 | NVD | May 29, 2026 |
| CVE-2026-9558 | A Server-Side Template Injection (SSTI) vulnerability exists in Mautic's theme e | CRITICAL | 9.9 | NVD | May 29, 2026 |
| CVE-2026-9557 | A Server-Side Request Forgery (SSRF) vulnerability exists in Mautic's Focus comp | MEDIUM | 6.4 | NVD | May 29, 2026 |
| CVE-2026-46579 | A flaw was found in the OpenShift Router | HIGH | 7.4 | NVD | May 29, 2026 |
| CVE-2026-42965 | A flaw was found in the OpenShift Router | HIGH | 7.7 | NVD | May 29, 2026 |
| CVE-2026-10056 | CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before ver | HIGH | 7.5 | NVD | May 29, 2026 |
| CVE-2026-9243 | The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross | MEDIUM | 6.4 | NVD | May 29, 2026 |
| CVE-2026-4776 | An SQL injection vulnerability exists in Mautic's API contact filtering mechanis | HIGH | 7.1 | NVD | May 29, 2026 |
| CVE-2026-3655 | The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulner | CRITICAL | 9.8 | NVD | May 29, 2026 |
| CVE-2025-11262 | The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Sc | HIGH | 7.2 | NVD | May 29, 2026 |
| CVE-2026-9714 | The Simple Divi Shortcode plugin for WordPress is vulnerable to Stored Cross-Sit | MEDIUM | 6.4 | NVD | May 29, 2026 |
| CVE-2026-9493 | Service Center developed by BankPro E-Service Technology has an Insecure Direct | MEDIUM | 6.5 | NVD | May 29, 2026 |
| CVE-2026-8732 | The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via A | CRITICAL | 9.8 | NVD | May 29, 2026 |
| CVE-2026-6275 | The StatCounter – Free Real Time Visitor Stats plugin for WordPress is vulnerabl | MEDIUM | 6.4 | NVD | May 29, 2026 |
| CVE-2025-14042 | The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerab | MEDIUM | 6.4 | NVD | May 29, 2026 |
| CVE-2025-11993 | The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vuln | HIGH | 8.8 | NVD | May 29, 2026 |
| EDB-52596 | [webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52595 | [local] ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52593 | [local] ZTE ZXHN H188A V6 - Authentication Bypass | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52592 | [local] ZTE H298A / H108N - Unauthenticated Credential Exposure | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52591 | [local] Linux Kernel - Local Privilege Escalation | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52590 | [webapps] MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52589 | [remote] Wing FTP Server 8.1.3 - Authenticated Remote Code Execution | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52588 | [webapps] CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated) | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52587 | [remote] strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52586 | [dos] strongSwan 5.9.13 - DoS | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52594 | [local] ZTE Routers - Unauthenticated Denial of Service | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| CVE-2026-0257 | Palo Alto Networks - PAN-OS | CRITICAL | N/A | CISA | May 29, 2026 |
| EDB-52601 | [remote] Microsoft - NTLMv2 Hash Capture | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52600 | [webapps] MikroORM 7.0.13 - SQL Injection | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52598 | [webapps] Prodigy Commerce 3.3.0 - Local File Inclusion | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| EDB-52597 | [webapps] Langflow 1.3.0 - Remote Code Execution | HIGH | N/A | EXPLOIT-DB | May 29, 2026 |
| CVE-2026-10019 | Chrome — Integer overflow in ANGLE in Google Chrome prior to 148 | HIGH | 8.8 | NVD | May 28, 2026 |
| CVE-2026-10018 | Chrome — Integer overflow in ANGLE in Google Chrome prior to 148 | MEDIUM | 6.5 | NVD | May 28, 2026 |
| CVE-2026-10017 | Out of bounds read in Headless in Google Chrome prior to 148 | HIGH | 8.3 | NVD | May 28, 2026 |
| CVE-2026-10016 | Use after free in DOM in Google Chrome prior to 148 | HIGH | 8.8 | NVD | May 28, 2026 |
| CVE-2026-10015 | Integer overflow in WTF in Google Chrome prior to 148 | HIGH | 8.8 | NVD | May 28, 2026 |
| CVE-2026-10014 | Use after free in WebMIDI in Google Chrome on Android prior to 148 | HIGH | 8.3 | NVD | May 28, 2026 |
| CVE-2026-10013 | Use after free in WebCodecs in Google Chrome prior to 148 | HIGH | 8.8 | NVD | May 28, 2026 |
| CVE-2026-10012 | Chrome — Use after free in Skia in Google Chrome prior to 148 | HIGH | 8.3 | NVD | May 28, 2026 |
| CVE-2026-10009 | Integer overflow in Skia in Google Chrome prior to 148 | HIGH | 7.5 | NVD | May 28, 2026 |
| CVE-2026-10008 | Uninitialized Use in GPU in Google Chrome on Android prior to 148 | MEDIUM | 6.5 | NVD | May 28, 2026 |
| CVE-2026-10007 | Use after free in SVG in Google Chrome prior to 148 | HIGH | 8.8 | NVD | May 28, 2026 |
| CVE-2026-10006 | Chrome — Race in WebAudio in Google Chrome prior to 148 | HIGH | 7.5 | NVD | May 28, 2026 |
| CVE-2026-10005 | Use after free in WebAppInstalls in Google Chrome on Mac prior to 148 | HIGH | 7.5 | NVD | May 28, 2026 |
| CVE-2026-10004 | Chrome — Insufficient validation of untrusted input in Passwords in G | MEDIUM | 6.5 | NVD | May 28, 2026 |
| CVE-2026-10003 | Use after free in Views in Google Chrome prior to 148 | HIGH | 7.5 | NVD | May 28, 2026 |
| CVE-2026-10002 | Chrome — Use after free in PDFium in Google Chrome prior to 148 | HIGH | 8.8 | NVD | May 28, 2026 |
| CVE-2026-10001 | Chrome — Use after free in PerformanceManager in Google Chrome prior | HIGH | 8.3 | NVD | May 28, 2026 |
| CVE-2026-10000 | Use after free in Passwords in Google Chrome on Windows prior to 148 | HIGH | 8.3 | NVD | May 28, 2026 |
| CVE-2026-44543 | Local Path Provisioner provides a way for the Kubernetes users to utilize the lo | HIGH | 8.7 | NVD | May 28, 2026 |
| CVE-2026-44466 | Zed is a code editor | HIGH | 8.6 | NVD | May 28, 2026 |
| CVE-2026-44465 | Zed is a code editor | HIGH | 8.6 | NVD | May 28, 2026 |
| CVE-2026-44463 | Zed is a code editor | HIGH | 8.6 | NVD | May 28, 2026 |
| CVE-2026-44462 | Zed is a code editor | MEDIUM | 6.4 | NVD | May 28, 2026 |
| CVE-2026-44461 | Zed is a code editor | HIGH | 8.6 | NVD | May 28, 2026 |
| CVE-2026-41141 | EspoCRM is an open source customer relationship management application | MEDIUM | 6.5 | NVD | May 28, 2026 |
| CVE-2026-38707 | Ir315 Firmware — A command injection vulnerability exists in the IPSec VPN fe | CRITICAL | 9.8 | NVD | May 28, 2026 |
| CVE-2026-38704 | Ir315 Firmware — A command injection vulnerability exists in the WireGuard VP | CRITICAL | 9.8 | NVD | May 28, 2026 |
| CVE-2026-38703 | Ir315 Firmware — A command injection vulnerability exists in the ZeroTier VPN | CRITICAL | 9.8 | NVD | May 28, 2026 |
| CVE-2026-38702 | Ir315 Firmware — A command injection vulnerability exists in the Admin Access | CRITICAL | 9.8 | NVD | May 28, 2026 |
| CVE-2026-24444 | SDMC NE6037 cable modem routers running firmware 7 | CRITICAL | 9.8 | NVD | May 28, 2026 |
| CVE-2026-44594 | esm | HIGH | 7.5 | NVD | May 28, 2026 |
| CVE-2026-44358 | Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflo | HIGH | 8.2 | NVD | May 28, 2026 |
| CVE-2026-41565 | CryptX versions before 0 | HIGH | 7.5 | NVD | May 28, 2026 |
| CVE-2026-35676 | phpMyFAQ before 4 | HIGH | 8.2 | NVD | May 28, 2026 |
| CVE-2026-35675 | phpMyFAQ before 4 | HIGH | 8.2 | NVD | May 28, 2026 |
| CVE-2026-35672 | phpMyFAQ before 4 | HIGH | 7.5 | NVD | May 28, 2026 |
| CVE-2026-35671 | phpMyFAQ before 4 | HIGH | 8.8 | NVD | May 28, 2026 |
| CVE-2026-49238 | An issue was discovered in Canonical Multipass before version 1 | HIGH | 8.4 | NVD | May 28, 2026 |
| CVE-2026-49237 | An issue was discovered in Canonical Multipass for macOS before version 1 | HIGH | 7.8 | NVD | May 28, 2026 |
| CVE-2026-37579 | An issue in SMSGate sms-core<=2 | HIGH | 7.3 | NVD | May 28, 2026 |
| CVE-2026-37266 | An issue in Responsive File Manager Responsive FileManager Version 9 | HIGH | 8.0 | NVD | May 28, 2026 |
| CVE-2026-9644 | The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to S | MEDIUM | 6.4 | NVD | May 28, 2026 |
| CVE-2026-9009 | The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnera | HIGH | 8.8 | NVD | May 28, 2026 |
| CVE-2026-3173 | The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Objec | MEDIUM | 6.5 | NVD | May 28, 2026 |
| CVE-2026-9796 | A flaw was found in Keycloak | MEDIUM | 6.5 | NVD | May 28, 2026 |
| CVE-2026-9795 | A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature | HIGH | 7.3 | NVD | May 28, 2026 |
| CVE-2026-9792 | A flaw was found in Keycloak's Client Policies, specifically within the `org | MEDIUM | 6.5 | NVD | May 28, 2026 |
| CVE-2026-7802 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authoriza | HIGH | 8.8 | NVD | May 28, 2026 |
| CVE-2026-5737 | The Independent Analytics plugin for WordPress is vulnerable to Server-Side Requ | MEDIUM | 6.5 | NVD | May 28, 2026 |
| CVE-2026-32999 | Insufficient character filtering in backup agent signing module on Comet Backup | CRITICAL | 9.0 | NVD | May 28, 2026 |
| CVE-2026-2374 | The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cros | HIGH | 7.2 | NVD | May 28, 2026 |
| CVE-2026-8915 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo | HIGH | 8.8 | NVD | May 28, 2026 |
| CVE-2026-46416 | Microsoft UFO open-source framework for intelligent automation across devices an | MEDIUM | 6.3 | NVD | May 27, 2026 |
| CVE-2026-46414 | Microsoft UFO open-source framework for intelligent automation across devices an | HIGH | 8.8 | NVD | May 27, 2026 |
| CVE-2026-46402 | Microsoft UFO open-source framework for intelligent automation across devices an | HIGH | 8.1 | NVD | May 27, 2026 |
| CVE-2026-45322 | Microsoft UFO open-source framework for intelligent automation across devices an | HIGH | 7.8 | NVD | May 27, 2026 |
| CVE-2026-44322 | Free5Gc — free5GC is an open-source implementation of the 5G core netw | HIGH | 7.5 | NVD | May 27, 2026 |
| CVE-2026-44321 | Free5Gc — free5GC is an open-source implementation of the 5G core netw | HIGH | 7.5 | NVD | May 27, 2026 |
| CVE-2026-44320 | Free5Gc — free5GC is an open-source implementation of the 5G core netw | HIGH | 7.3 | NVD | May 27, 2026 |
| CVE-2026-44319 | Free5Gc — free5GC is an open-source implementation of the 5G core netw | HIGH | 7.5 | NVD | May 27, 2026 |
| CVE-2026-44318 | Free5Gc — free5GC is an open-source implementation of the 5G core netw | MEDIUM | 6.5 | NVD | May 27, 2026 |
| CVE-2026-44317 | Free5Gc — free5GC is an open-source implementation of the 5G core netw | MEDIUM | 6.5 | NVD | May 27, 2026 |
| CVE-2026-44316 | Free5Gc — free5GC is an open-source implementation of the 5G core netw | HIGH | 7.5 | NVD | May 27, 2026 |
| CVE-2026-44315 | Free5Gc — free5GC is an open-source implementation of the 5G core netw | CRITICAL | 9.4 | NVD | May 27, 2026 |
| CVE-2026-42459 | Free5Gc — free5GC is an open-source implementation of the 5G core netw | HIGH | 7.5 | NVD | May 27, 2026 |
| CVE-2026-42083 | Free5Gc — free5GC is an open-source implementation of the 5G core netw | HIGH | 8.2 | NVD | May 27, 2026 |
| CVE-2026-42081 | free5GC is an open-source implementation of the 5G core network | MEDIUM | 6.1 | NVD | May 27, 2026 |
| CVE-2026-38945 | Command injection in Raynet rvia version 12 | HIGH | 7.8 | NVD | May 27, 2026 |
| CVE-2026-38930 | OpenRapid RapidCMS v1 | MEDIUM | 6.5 | NVD | May 27, 2026 |
| CVE-2026-42738 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | HIGH | 7.1 | NVD | May 27, 2026 |
| CVE-2026-42737 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') v | HIGH | 8.6 | NVD | May 27, 2026 |
| CVE-2026-42736 | Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Be | HIGH | 7.5 | NVD | May 27, 2026 |
| CVE-2026-42735 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic | HIGH | 8.2 | NVD | May 27, 2026 |
| CVE-2026-42734 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | HIGH | 7.1 | NVD | May 27, 2026 |
| CVE-2026-42733 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | HIGH | 7.1 | NVD | May 27, 2026 |
| CVE-2026-42732 | Improper Validation of Specified Quantity in Input vulnerability in Ads by WPQua | MEDIUM | 6.5 | NVD | May 27, 2026 |
| CVE-2026-42731 | Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verifi | CRITICAL | 9.8 | NVD | May 27, 2026 |
| CVE-2026-42730 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 8.5 | NVD | May 27, 2026 |
| CVE-2026-42729 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | HIGH | 7.1 | NVD | May 27, 2026 |
| CVE-2026-42728 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | HIGH | 7.1 | NVD | May 27, 2026 |
| CVE-2026-42727 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | CRITICAL | 9.3 | NVD | May 27, 2026 |
| CVE-2026-42726 | Missing Authorization vulnerability in Strategy11 Team AWP Classifieds another-w | MEDIUM | 6.5 | NVD | May 27, 2026 |
| CVE-2026-42725 | Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checko | MEDIUM | 6.5 | NVD | May 27, 2026 |
| CVE-2026-3349 | The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross- | MEDIUM | 6.1 | NVD | May 27, 2026 |
| CVE-2026-3012 | A flaw was found in Samba’s certificate auto-enrollment Group Policy handling | HIGH | 8.0 | NVD | May 27, 2026 |
| CVE-2025-0898 | The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary | MEDIUM | 6.5 | NVD | May 27, 2026 |
| CVE-2026-8844 | The Responsive Check plugin for WordPress is vulnerable to Stored Cross-Site Scr | MEDIUM | 6.4 | NVD | May 27, 2026 |
| CVE-2026-8842 | The Google+ Link Name plugin for WordPress is vulnerable to Stored Cross-Site Sc | MEDIUM | 6.4 | NVD | May 27, 2026 |
| CVE-2026-8837 | The WP Iframe Geo Style for Amazon affiliates plugin for WordPress is vulnerable | MEDIUM | 6.4 | NVD | May 27, 2026 |
| CVE-2026-8787 | The Firebase Support & Chat Management plugin for WordPress is vulnerable to pri | HIGH | 8.8 | NVD | May 27, 2026 |
| CVE-2026-8760 | The Login with OTP plugin for WordPress is vulnerable to authentication bypass i | CRITICAL | 9.8 | NVD | May 27, 2026 |
| CVE-2026-8707 | The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross- | MEDIUM | 6.1 | NVD | May 27, 2026 |
| CVE-2026-8703 | The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scrip | MEDIUM | 6.4 | NVD | May 27, 2026 |
| CVE-2026-8702 | The GBI To Print plugin for WordPress is vulnerable to Stored Cross-Site Scripti | MEDIUM | 6.4 | NVD | May 27, 2026 |
| CVE-2026-8701 | The GNTT Post Title Ticker plugin for WordPress is vulnerable to Stored Cross-Si | MEDIUM | 6.4 | NVD | May 27, 2026 |
| CVE-2026-8698 | The Cryptocurrency Prijsvergelijking Widget plugin for WordPress is vulnerable t | MEDIUM | 6.4 | NVD | May 27, 2026 |
| CVE-2026-8048 | The My Email Shortcode plugin for WordPress is vulnerable to Stored Cross-Site S | MEDIUM | 6.4 | NVD | May 27, 2026 |
| CVE-2026-8040 | The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Script | MEDIUM | 6.4 | NVD | May 27, 2026 |
| CVE-2026-6268 | The EventPress WordPress theme before 22 | HIGH | 7.1 | NVD | May 27, 2026 |
| CVE-2026-8450 | HTTP::Daemon versions before 6 | CRITICAL | 9.1 | NVD | May 27, 2026 |
| CVE-2026-49000 | An insecure password scheme refers to vulnerabilities arising from improper sele | HIGH | 7.0 | NVD | May 27, 2026 |
| CVE-2026-9631 | A vulnerability was detected in UTT HiPER 1250GW up to 3 | HIGH | 8.8 | NVD | May 27, 2026 |
| CVE-2026-9628 | A weakness has been identified in UTT HiPER 1200GW up to 2 | HIGH | 8.8 | NVD | May 27, 2026 |
| CVE-2026-9627 | A security flaw has been discovered in UTT HiPER 1200GW up to 2 | HIGH | 8.8 | NVD | May 27, 2026 |
| CVE-2026-9207 | Connect — Tanium addressed an unauthorized code execution vulnerabilit | HIGH | 8.8 | NVD | May 27, 2026 |
| CVE-2026-9156 | Tanium addressed a denial of service vulnerability in Tanium Server | MEDIUM | 6.5 | NVD | May 27, 2026 |
| CVE-2026-6565 | The Style Kits – Advanced Theme Styles for Elementor, Elementor Kits & Elementor | MEDIUM | 6.4 | NVD | May 27, 2026 |
| CVE-2026-49014 | In GDAL 3 | HIGH | 7.4 | NVD | May 27, 2026 |
| CVE-2026-9607 | A vulnerability was found in itsourcecode Courier Management System 1 | MEDIUM | 6.3 | NVD | May 27, 2026 |
| CVE-2026-9606 | A vulnerability has been found in itsourcecode Courier Management System 1 | HIGH | 7.3 | NVD | May 27, 2026 |
| CVE-2026-9605 | A flaw has been found in GNU libredwg up to 0 | HIGH | 7.3 | NVD | May 27, 2026 |
| CVE-2026-45321 | TanStack - TanStack | CRITICAL | N/A | CISA | May 27, 2026 |
| EDB-52585 | [local] Linux Kernel - Local Privilege Escalation | HIGH | N/A | EXPLOIT-DB | May 27, 2026 |
| EDB-52584 | [webapps] Casdoor 3.54.1 - Arbitrary File Write via Path Traversal | HIGH | N/A | EXPLOIT-DB | May 27, 2026 |
| EDB-52583 | [webapps] EspoCRM 9.3.3 - SSRF | HIGH | N/A | EXPLOIT-DB | May 27, 2026 |
| EDB-52582 | [webapps] scramble - Remote Code Execution | HIGH | N/A | EXPLOIT-DB | May 27, 2026 |
| EDB-52581 | [hardware] MeiG Smart FORGE_SLT711 - OS Command Injection | HIGH | N/A | EXPLOIT-DB | May 27, 2026 |
| EDB-52580 | [local] Realtek rtl819x - Local Privilege | HIGH | N/A | EXPLOIT-DB | May 27, 2026 |
| EDB-52579 | [webapps] OpenCATS 0.9.7.4 - SQL Injection | HIGH | N/A | EXPLOIT-DB | May 27, 2026 |
| CVE-2026-8398 | Daemon - Daemon Tools Lite | CRITICAL | N/A | CISA | May 27, 2026 |
| CVE-2026-48027 | Nx - Nx Console | CRITICAL | N/A | CISA | May 27, 2026 |
| CVE-2026-40383 | Joomla\! — An improper validation of user-supplied input leads to a loc | CRITICAL | 9.8 | NVD | May 26, 2026 |
| CVE-2026-35222 | Joomla\! — Improperly validated order clauses lead to a SQL injection v | CRITICAL | 9.8 | NVD | May 26, 2026 |
| CVE-2026-35221 | Joomla\! — Improperly built filter clauses lead to a SQL injection vuln | CRITICAL | 9.8 | NVD | May 26, 2026 |
| CVE-2026-30895 | Joomla\! — Lack of output escaping leads to a XSS vector in the readmor | MEDIUM | 6.1 | NVD | May 26, 2026 |
| CVE-2026-30894 | Joomla\! — Lack of output escaping leads to a XSS vector in the content | MEDIUM | 6.1 | NVD | May 26, 2026 |
| CVE-2026-25901 | Joomla\! — Lack of output escaping leads to a XSS vector in the multili | MEDIUM | 6.1 | NVD | May 26, 2026 |
| CVE-2026-25900 | Joomla\! — Lack of output escaping leads to a XSS vector in the feed mo | MEDIUM | 6.1 | NVD | May 26, 2026 |
| CVE-2026-24212 | Isaac Launchable — NVIDIA Isaac Launchable for Linux contains a vulnerability w | HIGH | 7.5 | NVD | May 26, 2026 |
| CVE-2026-24162 | NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker cou | HIGH | 7.8 | NVD | May 26, 2026 |
| CVE-2025-36126 | IBM Cognos Analytics 11 | MEDIUM | 6.4 | NVD | May 26, 2026 |
| CVE-2026-41401 | libyang before 5 | MEDIUM | 6.5 | NVD | May 26, 2026 |
| CVE-2026-40034 | gix-submodule before 0 | HIGH | 7.8 | NVD | May 26, 2026 |
| CVE-2026-40033 | Freerdp — FreeRDP before 3 | HIGH | 8.8 | NVD | May 26, 2026 |
| CVE-2026-9544 | A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Busine | HIGH | 7.3 | NVD | May 26, 2026 |
| CVE-2026-9543 | A vulnerability has been found in Totolink N300RH 6 | CRITICAL | 9.8 | NVD | May 26, 2026 |
| CVE-2026-9542 | A weakness has been identified in CodeAstro Leave Management System 1 | MEDIUM | 6.3 | NVD | May 26, 2026 |
| CVE-2026-7374 | A flaw was found in KubeVirt's virt-handler component | CRITICAL | 9.9 | NVD | May 26, 2026 |
| CVE-2026-48133 | When the Identity Awareness blade is enabled with Browser-Based Authentication, | HIGH | 7.5 | NVD | May 26, 2026 |
| CVE-2026-48132 | The Security Gateway does not correctly validate a length value in certain IKE p | HIGH | 8.1 | NVD | May 26, 2026 |
| CVE-2026-48131 | The VPN service may mishandle an unexpected IKE fragment value received on the I | HIGH | 8.1 | NVD | May 26, 2026 |
| CVE-2025-11482 | An Allocation of Resources Without Limits or Throttling vulnerability in the OPC | HIGH | 7.5 | NVD | May 26, 2026 |
| CVE-2026-25104 | MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability | HIGH | 7.8 | NVD | May 26, 2026 |
| CVE-2026-8047 | The affected products perform improper length checking when parsing incoming HTT | HIGH | 7.5 | NVD | May 26, 2026 |
| CVE-2026-8046 | The affected products insufficiently verify authorization when deleting user acc | HIGH | 8.1 | NVD | May 26, 2026 |
| CVE-2026-44469 | The affected product extracts installation files to a temporary directory with i | HIGH | 7.8 | NVD | May 26, 2026 |
| CVE-2026-44468 | The affected product creates a directory with insecure default permissions durin | HIGH | 7.8 | NVD | May 26, 2026 |
| CVE-2026-9534 | A flaw has been found in Totolink CA750-PoE 6 | MEDIUM | 6.3 | NVD | May 26, 2026 |
| CVE-2026-9533 | A vulnerability was detected in Totolink CA750-PoE 6 | MEDIUM | 6.3 | NVD | May 26, 2026 |
| CVE-2026-9532 | A security vulnerability has been detected in Totolink CA750-PoE 6 | MEDIUM | 6.3 | NVD | May 26, 2026 |
| CVE-2026-9496 | Versions of the package pacote from 11 | HIGH | 7.5 | NVD | May 26, 2026 |
| CVE-2026-9495 | Versions of the package @koa/router from 14 | HIGH | 7.3 | NVD | May 26, 2026 |
| CVE-2026-9531 | A weakness has been identified in Totolink CA750-PoE 6 | MEDIUM | 6.3 | NVD | May 26, 2026 |
| CVE-2026-9528 | A vulnerability was identified in itsourcecode Electronic Judging System 1 | HIGH | 7.3 | NVD | May 26, 2026 |
| CVE-2026-9526 | A vulnerability was found in itsourcecode Electronic Judging System 1 | HIGH | 7.3 | NVD | May 26, 2026 |
| CVE-2026-9517 | A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem | HIGH | 7.3 | NVD | May 26, 2026 |
| CVE-2026-9515 | A vulnerability was detected in Totolink CA750-PoE 6 | MEDIUM | 6.3 | NVD | May 26, 2026 |
| CVE-2026-8376 | Perl — Perl versions through 5 | CRITICAL | 9.8 | NVD | May 26, 2026 |
| EDB-52573 | [local] Linux Kernel 6.8 - Local Privilege Escalation | HIGH | N/A | EXPLOIT-DB | May 26, 2026 |
| EDB-52574 | [webapps] cPanel - CRLF Injection | HIGH | N/A | EXPLOIT-DB | May 26, 2026 |
| EDB-52575 | [webapps] Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover | HIGH | N/A | EXPLOIT-DB | May 26, 2026 |
| EDB-52576 | [hardware] D-Link DSL2600U - 'rom-0' Admin Password Disclosure | HIGH | N/A | EXPLOIT-DB | May 26, 2026 |
| EDB-52577 | [webapps] Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service | HIGH | N/A | EXPLOIT-DB | May 26, 2026 |
| EDB-52578 | [webapps] Grav CMS 2.0.0-beta.2 - Remote Code Execution | HIGH | N/A | EXPLOIT-DB | May 26, 2026 |
| CVE-2026-48172 | LiteSpeed - cPanel Plugin | CRITICAL | N/A | CISA | May 26, 2026 |
| CVE-2026-9514 | A security vulnerability has been detected in Totolink CA750-PoE 6 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-9513 | A weakness has been identified in Totolink CA750-PoE 6 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-9512 | A security flaw has been discovered in Totolink CA750-PoE 6 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-48837 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 8.5 | NVD | May 25, 2026 |
| CVE-2026-45438 | Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce a | HIGH | 7.5 | NVD | May 25, 2026 |
| CVE-2026-45435 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | MEDIUM | 6.5 | NVD | May 25, 2026 |
| CVE-2026-45217 | Authentication Bypass Using an Alternate Path or Channel vulnerability in ThemeH | MEDIUM | 6.5 | NVD | May 25, 2026 |
| CVE-2026-45216 | Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows P | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-45209 | Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows | HIGH | 7.5 | NVD | May 25, 2026 |
| CVE-2026-42776 | Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Ex | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-42774 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | CRITICAL | 9.3 | NVD | May 25, 2026 |
| CVE-2026-42773 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | CRITICAL | 9.3 | NVD | May 25, 2026 |
| CVE-2026-42763 | Missing Authorization vulnerability in SePay team SePay Gateway allows Retrieve | MEDIUM | 6.5 | NVD | May 25, 2026 |
| CVE-2026-39436 | Cross-Site Request Forgery (CSRF) vulnerability in bgermann CformsII allows Cros | HIGH | 7.1 | NVD | May 25, 2026 |
| CVE-2026-24937 | Improper Control of Generation of Code ('Code Injection') vulnerability in Video | HIGH | 7.2 | NVD | May 25, 2026 |
| CVE-2026-48846 | In Roundcube Webmail 1 | MEDIUM | 6.5 | NVD | May 25, 2026 |
| CVE-2026-48845 | In Roundcube Webmail 1 | MEDIUM | 6.5 | NVD | May 25, 2026 |
| CVE-2026-48844 | Roundcube Webmail 1 | HIGH | 7.5 | NVD | May 25, 2026 |
| CVE-2026-48843 | Roundcube Webmail 1 | HIGH | 7.2 | NVD | May 25, 2026 |
| CVE-2026-48842 | Roundcube Webmail 1 | HIGH | 8.1 | NVD | May 25, 2026 |
| CVE-2026-9483 | A vulnerability was found in SourceCodester Student Grades Management System 1 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-9482 | A vulnerability has been found in Edimax EW-7438RPn 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9481 | A flaw has been found in Edimax EW-7438RPn 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9480 | A vulnerability was detected in Edimax EW-7438RPn 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9479 | A security vulnerability has been detected in Edimax EW-7438RPn 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9478 | A weakness has been identified in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9477 | A security flaw has been discovered in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9476 | A vulnerability was identified in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9475 | A vulnerability was determined in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9474 | A vulnerability was found in yashpokharna2555 StudentManagementSystem up to cb2f | HIGH | 7.3 | NVD | May 25, 2026 |
| CVE-2026-9473 | A vulnerability has been found in c-rick jimeng-mcp 1 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-9472 | A flaw has been found in dazeb markdown-downloader up to 3d4394b34b6c99d81af8176 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-27768 | SQL Injection affecting the Access Manager role | MEDIUM | 6.6 | NVD | May 25, 2026 |
| CVE-2018-25359 | Splinterware System Scheduler Pro 5 | HIGH | 8.4 | NVD | May 25, 2026 |
| CVE-2026-9461 | A security vulnerability has been detected in Edimax EW-7438RPn 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9460 | A weakness has been identified in Edimax EW-7438RPn 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9459 | A security flaw has been discovered in Edimax EW-7438RPn 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9458 | A vulnerability was identified in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9457 | A vulnerability was determined in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9456 | A vulnerability was found in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9455 | A vulnerability has been found in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9454 | A flaw has been found in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9453 | A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76 | HIGH | 7.3 | NVD | May 25, 2026 |
| CVE-2026-9452 | A security vulnerability has been detected in FoundDream miniclawd up to 2d65665 | HIGH | 7.3 | NVD | May 25, 2026 |
| CVE-2026-9451 | A weakness has been identified in code-projects Employee Management System 1 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-9450 | A security flaw has been discovered in code-projects Employee Management System | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-9449 | A vulnerability was identified in code-projects Employee Management System 1 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-9447 | A vulnerability was found in SourceCodester Simple POS and Inventory System 1 | HIGH | 7.3 | NVD | May 25, 2026 |
| CVE-2026-9436 | A flaw has been found in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9435 | A vulnerability was detected in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-4915 | Mattermost versions 11 | MEDIUM | 6.5 | NVD | May 25, 2026 |
| CVE-2026-45249 | A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines | MEDIUM | 6.1 | NVD | May 25, 2026 |
| CVE-2026-9434 | A security vulnerability has been detected in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9433 | A weakness has been identified in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9432 | A security flaw has been discovered in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9431 | A vulnerability was identified in Tenda F1202 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9430 | A vulnerability was determined in Tenda F1202 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9429 | A vulnerability was found in Tenda F1202 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9428 | A vulnerability has been found in Tenda F1202 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-41863 | Spring AI's support for Anthropic's Skills API used LLM-influenced filenames uns | MEDIUM | 6.5 | NVD | May 25, 2026 |
| CVE-2026-25193 | Insertion of Sensitive Information into Log File (CWE-532) in some Command Centr | HIGH | 8.1 | NVD | May 25, 2026 |
| CVE-2026-9427 | A flaw has been found in Edimax EW-7438RPn 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9426 | A vulnerability was detected in Edimax EW-7438RPn 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9425 | A security vulnerability has been detected in Edimax EW-7438RPn 1 | HIGH | 8.8 | NVD | May 25, 2026 |
| CVE-2026-9424 | A weakness has been identified in Edimax EW-7438RPn 1 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-9422 | A vulnerability was identified in KLiK SocialMediaWebsite 1 | HIGH | 7.3 | NVD | May 25, 2026 |
| CVE-2026-9412 | A vulnerability was determined in SourceCodester Indian Invoicing System 1 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-9411 | A vulnerability was found in SourceCodester Indian Invoicing System 1 | MEDIUM | 6.3 | NVD | May 25, 2026 |
| CVE-2026-9408 | A vulnerability was detected in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9407 | A security vulnerability has been detected in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9406 | A weakness has been identified in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9405 | A security flaw has been discovered in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 25, 2026 |
| CVE-2026-9404 | A vulnerability was identified in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 24, 2026 |
| CVE-2026-9403 | A vulnerability was determined in Edimax BR-6675nD 1 | HIGH | 8.8 | NVD | May 24, 2026 |
| CVE-2026-9402 | A vulnerability was found in Edimax BR-6675nD 1 | MEDIUM | 6.3 | NVD | May 24, 2026 |
| CVE-2026-9401 | A vulnerability has been found in Edimax BR-6675nD 1 | HIGH | 8.8 | NVD | May 24, 2026 |
| CVE-2026-9400 | A flaw has been found in Edimax BR-6675nD 1 | MEDIUM | 6.3 | NVD | May 24, 2026 |
| CVE-2026-9399 | A vulnerability was detected in Edimax BR-6675nD 1 | HIGH | 8.8 | NVD | May 24, 2026 |
| CVE-2026-9397 | A weakness has been identified in Besen BS20 EV Charging Station up to 20260426 | HIGH | 8.1 | NVD | May 24, 2026 |
| CVE-2026-9393 | A vulnerability was found in H3C Magic B0 up to 100R002 | HIGH | 8.8 | NVD | May 24, 2026 |
| CVE-2026-9082 | Drupal - Core | CRITICAL | N/A | CISA | May 22, 2026 |
| CVE-2026-39593 | Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorr | MEDIUM | 6.5 | NVD | May 21, 2026 |
| CVE-2026-48207 | Deserialization of untrusted data in Apache Fory PyFory | CRITICAL | 9.8 | NVD | May 21, 2026 |
| CVE-2026-44064 | An out-of-bounds read in ASP session ID handling in Netatalk 1 | HIGH | 7.1 | NVD | May 21, 2026 |
| CVE-2026-44062 | A missing output length bounds check in pull_charset_flags() in Netatalk 2 | HIGH | 7.5 | NVD | May 21, 2026 |
| CVE-2026-44060 | An integer underflow in dsi_writeinit() in Netatalk 1 | HIGH | 7.5 | NVD | May 21, 2026 |
| CVE-2026-44058 | An authentication bypass vulnerability in Netatalk 2 | HIGH | 7.2 | NVD | May 21, 2026 |
| CVE-2026-44056 | A stack-based buffer overflow in desktop | MEDIUM | 6.4 | NVD | May 21, 2026 |
| CVE-2026-44055 | A logic error involving bitwise OR operations in Netatalk 3 | HIGH | 7.5 | NVD | May 21, 2026 |
| CVE-2026-44054 | Netatalk 2 | MEDIUM | 6.5 | NVD | May 21, 2026 |
| CVE-2026-44053 | Netatalk 1 | HIGH | 7.4 | NVD | May 21, 2026 |
| CVE-2026-44052 | Netatalk 2 | HIGH | 7.5 | NVD | May 21, 2026 |
| CVE-2026-44051 | An improper link resolution vulnerability in Netatalk 3 | HIGH | 8.1 | NVD | May 21, 2026 |
| CVE-2026-44050 | A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk | CRITICAL | 9.9 | NVD | May 21, 2026 |
| CVE-2026-44049 | An out-of-bounds write due to improper null termination in convert_charset() in | HIGH | 7.5 | NVD | May 21, 2026 |
| CVE-2026-44048 | A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in N | HIGH | 8.8 | NVD | May 21, 2026 |
| CVE-2026-44047 | An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3 | HIGH | 8.8 | NVD | May 21, 2026 |
| CVE-2026-6279 | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthe | CRITICAL | 9.8 | NVD | May 21, 2026 |
| CVE-2026-1543 | The Avada (Fusion) Builder plugin for WordPress is vulnerable to Stored Cross-Si | MEDIUM | 6.4 | NVD | May 21, 2026 |
| CVE-2026-9149 | A flaw was found in libsolv | MEDIUM | 6.5 | NVD | May 21, 2026 |
| CVE-2026-40165 | authentik is an open-source identity provider | HIGH | 8.7 | NVD | May 21, 2026 |
| CVE-2025-34291 | Langflow - Langflow | CRITICAL | N/A | CISA | May 21, 2026 |
| EDB-52568 | [webapps] FUXA 1.2.9 - RCE | HIGH | N/A | EXPLOIT-DB | May 21, 2026 |
| EDB-52569 | [webapps] solaredge - (CSRF-OOB-Injection) | HIGH | N/A | EXPLOIT-DB | May 21, 2026 |
| EDB-52570 | [local] Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path | HIGH | N/A | EXPLOIT-DB | May 21, 2026 |
| EDB-52571 | [webapps] BookStack 25.12.1 - Denial of Service | HIGH | N/A | EXPLOIT-DB | May 21, 2026 |
| EDB-52572 | [webapps] Cockpit 359 - RCE | HIGH | N/A | EXPLOIT-DB | May 21, 2026 |
| CVE-2026-34926 | Trend Micro - Apex One | CRITICAL | N/A | CISA | May 21, 2026 |
| CVE-2026-9150 | A flaw was found in libsolv | MEDIUM | 6.5 | NVD | May 20, 2026 |
| CVE-2026-24216 | Bionemo Framework — NVIDIA BioNemo for Linux contains a vulnerability where a us | HIGH | 7.8 | NVD | May 20, 2026 |
| CVE-2026-24188 | NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of | HIGH | 8.2 | NVD | May 20, 2026 |
| CVE-2026-30691 | Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1 | MEDIUM | 6.1 | NVD | May 20, 2026 |
| CVE-2026-20240 | Splunk — In Splunk Enterprise versions below 10 | MEDIUM | 6.5 | NVD | May 20, 2026 |
| CVE-2026-20239 | Splunk — In Splunk Enterprise versions below 10 | HIGH | 7.5 | NVD | May 20, 2026 |
| CVE-2026-20238 | In Splunk AI Toolkit versions below 5 | MEDIUM | 6.5 | NVD | May 20, 2026 |
| CVE-2026-9087 | A flaw was found in Keycloak | MEDIUM | 6.4 | NVD | May 20, 2026 |
| CVE-2026-7613 | The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored | HIGH | 7.2 | NVD | May 20, 2026 |
| CVE-2026-44926 | InfoScale CmdServer before 7 | HIGH | 8.8 | NVD | May 20, 2026 |
| CVE-2026-44925 | Infoscale Operations Manager — Cross-Site Request Forgery (CSRF) vulnerability in InfoScale | HIGH | 8.8 | NVD | May 20, 2026 |
| CVE-2026-44923 | Infoscale Operations Manager — SQL injection in InfoScale VIOM before v9 | MEDIUM | 6.5 | NVD | May 20, 2026 |
| CVE-2026-20223 | A vulnerability in the access validation of internal REST APIs of Cisco Sec | CRITICAL | 10.0 | NVD | May 20, 2026 |
| CVE-2026-20206 | A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Age | MEDIUM | 6.3 | NVD | May 20, 2026 |
| CVE-2026-20171 | A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as featu | MEDIUM | 6.8 | NVD | May 20, 2026 |
| CVE-2026-42834 | Windows Admin Center — Improper link resolution before file access ('link following | HIGH | 7.8 | NVD | May 20, 2026 |
| CVE-2026-42383 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 7.6 | NVD | May 20, 2026 |
| CVE-2026-3593 | Bind — A use-after-free vulnerability exists within the DNS-over-HT | HIGH | 7.4 | NVD | May 20, 2026 |
| CVE-2026-3039 | Bind — BIND servers that are configured to use TKEY-based authentic | HIGH | 7.5 | NVD | May 20, 2026 |
| CVE-2026-29518 | Rsync — Rsync versions before 3 | HIGH | 7.0 | NVD | May 20, 2026 |
| CVE-2026-27405 | Missing Authorization vulnerability in Magepeople inc | MEDIUM | 6.5 | NVD | May 20, 2026 |
| CVE-2026-24573 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti | MEDIUM | 6.5 | NVD | May 20, 2026 |
| CVE-2025-11954 | Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technolog | HIGH | 8.0 | NVD | May 20, 2026 |
| CVE-2026-22315 | Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Co | HIGH | 7.2 | NVD | May 20, 2026 |
| CVE-2026-22314 | Improper Control of Generation of Code ('Code Injection') vulnerability in Mesal | CRITICAL | 9.0 | NVD | May 20, 2026 |
| CVE-2026-0857 | Cleartext Storage of Sensitive Information in Memory vulnerability in Mesalvo Me | MEDIUM | 6.0 | NVD | May 20, 2026 |
| CVE-2026-0856 | Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component | HIGH | 7.8 | NVD | May 20, 2026 |
| CVE-2026-41054 | In `src/havegecmd | HIGH | 7.8 | NVD | May 20, 2026 |
| CVE-2026-35070 | Dell SmartFabric Storage Software, versions prior to 1 | MEDIUM | 6.4 | NVD | May 20, 2026 |
| CVE-2026-33278 | Unbound — NLnet Labs Unbound 1 | CRITICAL | 9.8 | NVD | May 20, 2026 |
| CVE-2026-5200 | The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution | HIGH | 8.8 | NVD | May 20, 2026 |
| CVE-2026-5776 | The Email Encoder WordPress plugin before 2 | MEDIUM | 6.1 | NVD | May 20, 2026 |
| CVE-2026-47784 | Memcached — In memcached before 1 | HIGH | 8.1 | NVD | May 20, 2026 |
| CVE-2026-47783 | Memcached — In memcached before 1 | HIGH | 8.1 | NVD | May 20, 2026 |
| CVE-2026-2955 | The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable | MEDIUM | 6.4 | NVD | May 20, 2026 |
| CVE-2026-9057 | A broken access control issue has been identified in the Talend Administration C | HIGH | 8.2 | NVD | May 20, 2026 |
| CVE-2026-7522 | The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Lo | HIGH | 8.8 | NVD | May 20, 2026 |
| CVE-2026-43618 | Rsync — Rsync version 3 | HIGH | 8.1 | NVD | May 20, 2026 |
| CVE-2026-3985 | The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for Wo | HIGH | 7.5 | NVD | May 20, 2026 |
| CVE-2026-45585 | Windows 11 24H2 — Microsoft is aware of a security feature bypass vulnerabilit | MEDIUM | 6.8 | NVD | May 20, 2026 |
| CVE-2026-35593 | Trilium Notes is an open-source, cross-platform hierarchical note taking applica | MEDIUM | 6.8 | NVD | May 20, 2026 |
| CVE-2009-1537 | Microsoft - DirectX | CRITICAL | N/A | CISA | May 20, 2026 |
| CVE-2026-41091 | Microsoft - Defender | CRITICAL | N/A | CISA | May 20, 2026 |
| CVE-2010-0806 | Microsoft - Internet Explorer | CRITICAL | N/A | CISA | May 20, 2026 |
| CVE-2010-0249 | Microsoft - Internet Explorer | CRITICAL | N/A | CISA | May 20, 2026 |
| CVE-2009-3459 | Adobe - Acrobat and Reader | CRITICAL | N/A | CISA | May 20, 2026 |
| CVE-2008-4250 | Microsoft - Windows | CRITICAL | N/A | CISA | May 20, 2026 |
| CVE-2026-45498 | Microsoft - Defender | CRITICAL | N/A | CISA | May 20, 2026 |
| CVE-2026-8495 | Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing | CRITICAL | 9.8 | NVD | May 19, 2026 |
| CVE-2026-6871 | Obfuscate — Improper Neutralization of Input During Web Page Generation | MEDIUM | 6.1 | NVD | May 19, 2026 |
| CVE-2026-6367 | Drupal — Improper Neutralization of Input During Web Page Generation | MEDIUM | 6.1 | NVD | May 19, 2026 |
| CVE-2026-6366 | Drupal — Improperly Controlled Modification of Dynamically-Determined | MEDIUM | 6.6 | NVD | May 19, 2026 |
| CVE-2026-6365 | Drupal — Improper Neutralization of Input During Web Page Generation | MEDIUM | 6.1 | NVD | May 19, 2026 |
| CVE-2026-6095 | Orejime — Improper Neutralization of Input During Web Page Generation | MEDIUM | 6.1 | NVD | May 19, 2026 |
| CVE-2026-33741 | EspoCRM is an open source customer relationship management application | MEDIUM | 6.8 | NVD | May 19, 2026 |
| CVE-2026-33642 | Kitty is a cross-platform GPU based terminal | CRITICAL | 9.9 | NVD | May 19, 2026 |
| CVE-2026-32738 | Libheif — libheif is a HEIF and AVIF file format decoder and encoder | MEDIUM | 6.5 | NVD | May 19, 2026 |
| CVE-2026-47107 | Windmill prior to 1 | HIGH | 8.1 | NVD | May 19, 2026 |
| CVE-2026-33633 | Kitty is a cross-platform GPU based terminal | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2025-61081 | In BYD Atto3, an attacker can obtain an authentication key through Brute Force a | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2026-47358 | Terrascan — Terrascan v1 | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2026-47357 | Terrascan — Terrascan v1 | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2026-47356 | Terrascan — Terrascan v1 | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2026-36829 | An authentication bypass vulnerability exists in the embedded HTTP server of Pan | CRITICAL | 9.8 | NVD | May 19, 2026 |
| CVE-2026-36828 | A command injection vulnerability exists in the /cgi-bin/tools/ajax_cmd endpoint | HIGH | 8.8 | NVD | May 19, 2026 |
| CVE-2026-8912 | The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2026-4883 | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload du | CRITICAL | 9.8 | NVD | May 19, 2026 |
| CVE-2026-7571 | A flaw was found in Keycloak | HIGH | 7.1 | NVD | May 19, 2026 |
| CVE-2026-7507 | A session fixation vulnerability was found in Keycloak's login-actions endpoints | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2026-7504 | A flaw was found in Keycloak's URL validation logic during redirect operations | HIGH | 8.1 | NVD | May 19, 2026 |
| CVE-2026-7307 | A flaw was found in Keycloak | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2026-4630 | A flaw was found in Keycloak | MEDIUM | 6.8 | NVD | May 19, 2026 |
| CVE-2026-43493 | crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can | CRITICAL | 9.8 | NVD | May 19, 2026 |
| CVE-2026-37982 | A flaw was found in Keycloak | MEDIUM | 6.8 | NVD | May 19, 2026 |
| CVE-2026-37979 | A flaw was found in Keycloak | MEDIUM | 6.5 | NVD | May 19, 2026 |
| CVE-2026-29220 | Ofbiz — Improper Limitation of a Pathname to a Restricted Directory | MEDIUM | 6.5 | NVD | May 19, 2026 |
| CVE-2026-29207 | Ofbiz — Improper Neutralization of Special Elements Used in a Templa | MEDIUM | 6.5 | NVD | May 19, 2026 |
| CVE-2026-44408 | There is an unauthorized access vulnerability in ZTE MU5250 | MEDIUM | 6.3 | NVD | May 19, 2026 |
| CVE-2026-4885 | The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbit | CRITICAL | 9.8 | NVD | May 19, 2026 |
| CVE-2026-47314 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo | HIGH | 7.8 | NVD | May 19, 2026 |
| CVE-2026-8813 | This affects versions of the package exifreader before 4 | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2026-47311 | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows | HIGH | 7.8 | NVD | May 19, 2026 |
| CVE-2026-47310 | Use after free vulnerability in Samsung Open Source Escargot allows Pointer Mani | HIGH | 7.8 | NVD | May 19, 2026 |
| CVE-2025-15609 | The Fortis for WooCommerce WordPress plugin before 1 | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2026-28733 | in OpenHarmony v6 | MEDIUM | 6.5 | NVD | May 19, 2026 |
| CVE-2026-27648 | in OpenHarmony v6 | HIGH | 8.8 | NVD | May 19, 2026 |
| CVE-2026-25781 | in OpenHarmony v6 | HIGH | 8.4 | NVD | May 19, 2026 |
| CVE-2026-24792 | in OpenHarmony v6 | HIGH | 8.1 | NVD | May 19, 2026 |
| CVE-2026-22069 | A local privilege escalation vulnerability exists in O+ Connect because it fails | HIGH | 7.3 | NVD | May 19, 2026 |
| CVE-2026-33233 | AutoGPT is a workflow automation platform for creating, deploying, and managing | HIGH | 7.6 | NVD | May 19, 2026 |
| CVE-2026-33232 | AutoGPT is a workflow automation platform for creating, deploying, and managing | HIGH | 7.5 | NVD | May 19, 2026 |
| CVE-2026-32323 | Mullvad VPN is a VPN client app for desktop and mobile | HIGH | 7.3 | NVD | May 19, 2026 |
| CVE-2026-30950 | AutoGPT is a workflow automation platform for creating, deploying, and managing | HIGH | 7.1 | NVD | May 18, 2026 |
| CVE-2026-8836 | A vulnerability was found in lwIP up to 2 | CRITICAL | 9.8 | NVD | May 18, 2026 |
| CVE-2026-45243 | Summarize — Summarize prior to 0 | MEDIUM | 6.1 | NVD | May 18, 2026 |
| CVE-2026-45242 | Summarize — Summarize prior to 0 | HIGH | 7.1 | NVD | May 18, 2026 |
| CVE-2026-45231 | DumbAssets through 1 | MEDIUM | 6.1 | NVD | May 18, 2026 |
| CVE-2026-45495 | Edge Chromium — Microsoft Edge (Chromium-based) Remote Code Execution Vulner | HIGH | 8.8 | NVD | May 18, 2026 |
| CVE-2026-45230 | DumbAssets through 1 | CRITICAL | 9.1 | NVD | May 18, 2026 |
| CVE-2026-42822 | Improper authentication in Azure Local Disconnected Operations allows an unautho | CRITICAL | 10.0 | NVD | May 18, 2026 |
| CVE-2026-29965 | Mailinspector — HSC MailInspector 5 | MEDIUM | 6.1 | NVD | May 18, 2026 |
| CVE-2026-29964 | Mailinspector — HSC MailInspector v5 | MEDIUM | 6.1 | NVD | May 18, 2026 |
| CVE-2026-29963 | Mailinspector — HSC MailInspector 5 | HIGH | 7.5 | NVD | May 18, 2026 |
| CVE-2026-29962 | Mailinspector — HSC MailInspector v5 | HIGH | 7.5 | NVD | May 18, 2026 |
| CVE-2023-24215 | Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware | CRITICAL | 9.1 | NVD | May 18, 2026 |
| CVE-2026-8843 | Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will su | MEDIUM | 6.5 | NVD | May 18, 2026 |
| CVE-2026-41085 | Thermo Fisher Scientific Torrent Suite Dx through 5 | HIGH | 8.8 | NVD | May 18, 2026 |
| CVE-2026-38719 | OpENer v2 | MEDIUM | 6.2 | NVD | May 18, 2026 |
| CVE-2026-20685 | An attacker in a privileged network position may be able to leak sensitive infor | MEDIUM | 6.5 | NVD | May 18, 2026 |
| CVE-2025-57282 | ngrok v4 | HIGH | 8.8 | NVD | May 18, 2026 |
| CVE-2025-56352 | In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the br | HIGH | 7.5 | NVD | May 18, 2026 |
| CVE-2026-41948 | Dify — Dify version 1 | HIGH | 7.7 | NVD | May 18, 2026 |
| CVE-2026-41947 | Dify — Dify version 1 | HIGH | 7.4 | NVD | May 18, 2026 |
| CVE-2026-39079 | An issue in prestashop upsshipping all versions through at least 2 | HIGH | 7.5 | NVD | May 18, 2026 |
| CVE-2026-26462 | Offline Hospital Management System 5 | HIGH | 7.3 | NVD | May 18, 2026 |
| CVE-2026-42009 | A flaw was found in gnutls | HIGH | 7.5 | NVD | May 18, 2026 |
| CVE-2026-7304 | Sglang — SGLangs multimodal generation runtime is vulnerable to unaut | CRITICAL | 9.8 | NVD | May 18, 2026 |
| CVE-2026-7302 | Sglang — SGLangs multimodal generation runtime is vulnerable to an un | CRITICAL | 9.1 | NVD | May 18, 2026 |
| CVE-2026-7301 | Sglang — SGLangs multimodal generation runtime scheduler's ROUTER soc | CRITICAL | 9.8 | NVD | May 18, 2026 |
| CVE-2026-41119 | Dell Live Optics Windows and Personal Edition collectors contain an improper cer | MEDIUM | 6.8 | NVD | May 18, 2026 |
| CVE-2026-3471 | Mattermost Desktop App versions <=6 | MEDIUM | 6.5 | NVD | May 18, 2026 |
| CVE-2026-3117 | Mattermost Plugins versions <=11 | MEDIUM | 6.5 | NVD | May 18, 2026 |
| CVE-2026-8788 | Net::Statsd::Lite versions through 0 | HIGH | 7.3 | NVD | May 18, 2026 |
| CVE-2026-6495 | The Ajax Load More WordPress plugin before 7 | HIGH | 7.1 | NVD | May 18, 2026 |
| CVE-2026-6381 | The WP Maps WordPress plugin before 4 | HIGH | 7.5 | NVD | May 18, 2026 |
| CVE-2026-6379 | The WP Photo Album Plus WordPress plugin before 9 | HIGH | 8.6 | NVD | May 18, 2026 |
| CVE-2026-3220 | The Autoptimize WordPress plugin before 3 | HIGH | 8.8 | NVD | May 18, 2026 |
| CVE-2026-8777 | A vulnerability was found in Edimax BR-6428NS 1 | MEDIUM | 6.3 | NVD | May 18, 2026 |
| CVE-2026-8776 | A vulnerability has been found in Edimax BR-6428NS 1 | HIGH | 8.8 | NVD | May 18, 2026 |
| CVE-2026-8775 | A flaw has been found in Edimax BR-6428NS 1 | HIGH | 8.8 | NVD | May 18, 2026 |
| CVE-2026-8774 | A vulnerability was detected in Edimax BR-6228NC 1 | MEDIUM | 6.3 | NVD | May 18, 2026 |
| CVE-2026-8771 | A security flaw has been discovered in linlinjava litemall up to 1 | HIGH | 7.3 | NVD | May 18, 2026 |
| CVE-2026-8768 | Ai — A vulnerability was found in vercel ai up to 3 | HIGH | 7.3 | NVD | May 17, 2026 |
| CVE-2026-8764 | A security vulnerability has been detected in H3C Magic B3 up to 100R002 | HIGH | 7.2 | NVD | May 17, 2026 |
| CVE-2026-8721 | Crypt::OpenSSL::PKCS12 versions through 1 | CRITICAL | 9.8 | NVD | May 17, 2026 |
| CVE-2026-8507 | Crypt::OpenSSL::PKCS12 versions through 1 | CRITICAL | 9.8 | NVD | May 17, 2026 |
| CVE-2026-46720 | Net::Statsd::Tiny versions before 0 | HIGH | 8.2 | NVD | May 17, 2026 |
| CVE-2018-25333 | Nordex N149/4 | HIGH | 8.2 | NVD | May 17, 2026 |
| CVE-2018-25332 | GitBucket 4 | CRITICAL | 9.8 | NVD | May 17, 2026 |
| CVE-2018-25331 | Zenar Content Management System contains a cross-site scripting vulnerability th | MEDIUM | 6.1 | NVD | May 17, 2026 |
| CVE-2018-25330 | Joomla! extension EkRishta 2 | HIGH | 8.2 | NVD | May 17, 2026 |
| CVE-2018-25329 | WordPress Plugin WP with Spritz 1 | HIGH | 7.5 | NVD | May 17, 2026 |
| CVE-2018-25328 | VX Search 10 | HIGH | 8.4 | NVD | May 17, 2026 |
| CVE-2018-25326 | Google Drive for WordPress 2 | HIGH | 7.5 | NVD | May 17, 2026 |
| CVE-2018-25325 | Woocommerce CSV Importer 3 | HIGH | 7.5 | NVD | May 17, 2026 |
| CVE-2018-25324 | Simple Fields 0 | MEDIUM | 6.2 | NVD | May 17, 2026 |
| CVE-2018-25323 | Allok AVI DivX MPEG to DVD Converter 2 | HIGH | 8.4 | NVD | May 17, 2026 |
| CVE-2018-25322 | Allok Fast AVI MPEG Splitter 1 | HIGH | 8.4 | NVD | May 17, 2026 |
| CVE-2018-25320 | ACL Analytics versions 11 | CRITICAL | 9.8 | NVD | May 17, 2026 |
| CVE-2018-25319 | Redaxo CMS Addon MyEvents 2 | HIGH | 7.1 | NVD | May 17, 2026 |
| CVE-2026-8751 | A security flaw has been discovered in h2oai h2o-3 up to 7402 | HIGH | 7.3 | NVD | May 17, 2026 |
| CVE-2026-8747 | A weakness has been identified in Z-BlogPHP 1 | MEDIUM | 6.3 | NVD | May 17, 2026 |
| CVE-2026-8743 | A vulnerability was found in Open5GS up to 2 | MEDIUM | 6.3 | NVD | May 17, 2026 |
| CVE-2026-8740 | A flaw has been found in Sanluan PublicCMS 5 | MEDIUM | 6.3 | NVD | May 17, 2026 |
| CVE-2026-8738 | A security vulnerability has been detected in Sanluan PublicCMS 5 | MEDIUM | 6.5 | NVD | May 17, 2026 |
| CVE-2026-8735 | A vulnerability was identified in Oinone Pamirs up to 7 | MEDIUM | 6.3 | NVD | May 17, 2026 |
| CVE-2026-8734 | A vulnerability was determined in Oinone Pamirs up to 7 | HIGH | 7.3 | NVD | May 17, 2026 |
| CVE-2026-8733 | A vulnerability was found in Investintech SlimPDFReader up to 2 | MEDIUM | 6.3 | NVD | May 17, 2026 |
| CVE-2026-8719 | The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPre | HIGH | 8.8 | NVD | May 17, 2026 |
| CVE-2026-8725 | A weakness has been identified in CoreWorxLab CAAL up to 1 | HIGH | 7.3 | NVD | May 17, 2026 |
| CVE-2026-46728 | Das U-Boot before 2026 | HIGH | 8.2 | NVD | May 16, 2026 |
| CVE-2020-37244 | Supsystic Membership 1 | HIGH | 8.2 | NVD | May 16, 2026 |
| CVE-2020-37243 | Supsystic Pricing Table 1 | HIGH | 8.2 | NVD | May 16, 2026 |
| CVE-2020-37242 | Supsystic Ultimate Maps 1 | HIGH | 8.2 | NVD | May 16, 2026 |
| CVE-2020-37240 | Queue Management System 4 | MEDIUM | 6.4 | NVD | May 16, 2026 |
| CVE-2020-37239 | libbabl 0 | CRITICAL | 9.8 | NVD | May 16, 2026 |
| CVE-2020-37238 | CMS Made Simple 2 | MEDIUM | 6.4 | NVD | May 16, 2026 |
| CVE-2020-37237 | Composr CMS 10 | MEDIUM | 6.4 | NVD | May 16, 2026 |
| CVE-2020-37236 | NewsLister contains an authenticated persistent cross-site scripting vulnerabili | MEDIUM | 6.4 | NVD | May 16, 2026 |
| CVE-2020-37235 | WordPress Theme Wibar 1 | MEDIUM | 6.4 | NVD | May 16, 2026 |
| CVE-2020-37234 | Internet Download Manager 6 | MEDIUM | 6.2 | NVD | May 16, 2026 |
| CVE-2020-37233 | WordPress Plugin Buddypress 6 | MEDIUM | 6.4 | NVD | May 16, 2026 |
| CVE-2020-37232 | Advanced System Care Service 13 | HIGH | 7.8 | NVD | May 16, 2026 |
| CVE-2020-37231 | Privacy Drive 3 | HIGH | 7.8 | NVD | May 16, 2026 |
| CVE-2020-37230 | Syncplify | HIGH | 7.8 | NVD | May 16, 2026 |
| CVE-2020-37229 | OKI sPSV Port Manager 1 | HIGH | 7.8 | NVD | May 16, 2026 |
| CVE-2020-37228 | iDS6 DSSPro Digital Signage System 6 | CRITICAL | 9.8 | NVD | May 16, 2026 |
| CVE-2020-37227 | HS Brand Logo Slider 2 | HIGH | 8.8 | NVD | May 16, 2026 |
| CVE-2026-8657 | Versions of the package jsondiffpatch before 0 | HIGH | 8.2 | NVD | May 16, 2026 |
| CVE-2026-8656 | Versions of the package jsondiffpatch before 0 | MEDIUM | 6.1 | NVD | May 16, 2026 |
| CVE-2026-8695 | radare2 6 | HIGH | 7.5 | NVD | May 15, 2026 |
| CVE-2026-45539 | Microsoft APM is an open-source, community-driven dependency manager for AI agen | HIGH | 7.4 | NVD | May 15, 2026 |
| CVE-2026-45037 | Tabby (formerly Terminus) is a highly configurable terminal emulator | HIGH | 7.1 | NVD | May 15, 2026 |
| CVE-2026-45036 | Tabby (formerly Terminus) is a highly configurable terminal emulator | HIGH | 7.0 | NVD | May 15, 2026 |
| CVE-2026-44717 | MCP Calculate Server is a mathematical calculation service based on MCP protocol | CRITICAL | 9.8 | NVD | May 15, 2026 |
| CVE-2026-44714 | The bitcoinj library is a Java implementation of the Bitcoin protocol | HIGH | 7.5 | NVD | May 15, 2026 |
| CVE-2026-44641 | Microsoft APM is an open-source, community-driven dependency manager for AI agen | HIGH | 7.1 | NVD | May 15, 2026 |
| CVE-2026-42207 | Magento Long Term Support (LTS) is an unofficial, community-driven project provi | MEDIUM | 6.1 | NVD | May 15, 2026 |
| CVE-2026-41258 | OpenMRS is an open source electronic medical record system platform | CRITICAL | 9.1 | NVD | May 15, 2026 |
| CVE-2026-35194 | Code injection in SQL code generation in Apache Flink 1 | HIGH | 8.1 | NVD | May 15, 2026 |
| CVE-2026-8669 | Imager versions through 1 | MEDIUM | 6.5 | NVD | May 15, 2026 |
| CVE-2026-39054 | Oinone Pamirs 7 | HIGH | 7.3 | NVD | May 15, 2026 |
| CVE-2026-39053 | Oinone Pamirs 7 | MEDIUM | 6.5 | NVD | May 15, 2026 |
| CVE-2026-39052 | Oinone Pamirs 7 | MEDIUM | 6.5 | NVD | May 15, 2026 |
| CVE-2026-38728 | An issue in Nodemailer smtp_server before v | HIGH | 7.5 | NVD | May 15, 2026 |
| CVE-2026-34253 | A buffer underflow vulnerability has been identified in the ogg123 utility from | HIGH | 8.2 | NVD | May 15, 2026 |
| CVE-2025-67437 | Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable | MEDIUM | 6.5 | NVD | May 15, 2026 |
| CVE-2026-8503 | Apache::Session::Generate::SHA256 versions before 1 | MEDIUM | 6.5 | NVD | May 15, 2026 |
| CVE-2026-6415 | The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to S | MEDIUM | 6.4 | NVD | May 15, 2026 |
| CVE-2026-6403 | The Quick Playground plugin for WordPress is vulnerable to Path Traversal in ver | HIGH | 7.5 | NVD | May 15, 2026 |
| CVE-2026-6228 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege | HIGH | 8.8 | NVD | May 15, 2026 |
| CVE-2026-5229 | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in v | CRITICAL | 9.8 | NVD | May 15, 2026 |
| CVE-2026-4683 | The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthori | MEDIUM | 6.5 | NVD | May 15, 2026 |
| CVE-2026-6646 | The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via th | MEDIUM | 6.4 | NVD | May 15, 2026 |
| CVE-2026-4094 | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is | HIGH | 8.1 | NVD | May 15, 2026 |
| CVE-2026-41702 | VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that o | HIGH | 7.8 | NVD | May 15, 2026 |
| EDB-52565 | [local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution | HIGH | N/A | EXPLOIT-DB | May 15, 2026 |
| CVE-2026-42897 | Microsoft - Microsoft | CRITICAL | N/A | CISA | May 15, 2026 |
| EDB-52566 | [local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing | HIGH | N/A | EXPLOIT-DB | May 15, 2026 |
| EDB-52567 | [local] Windows Snipping Tool - NTLMv2 Hash Hijack | HIGH | N/A | EXPLOIT-DB | May 15, 2026 |
| CVE-2026-44514 | Kubetail is a real-time logging dashboard for Kubernetes | MEDIUM | 6.5 | NVD | May 14, 2026 |
| CVE-2026-44513 | Diffusers is the a library for pretrained diffusion models | HIGH | 8.8 | NVD | May 14, 2026 |
| CVE-2026-44511 | Katalyst Koi is a framework for building Rails admin functionality | HIGH | 7.4 | NVD | May 14, 2026 |
| CVE-2026-42555 | Valtimo is an open-source business process automation platform | CRITICAL | 9.1 | NVD | May 14, 2026 |
| CVE-2026-20224 | A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN | HIGH | 8.6 | NVD | May 14, 2026 |
| CVE-2026-6476 | SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_creat | HIGH | 7.2 | NVD | May 14, 2026 |
| CVE-2026-6475 | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allo | HIGH | 8.8 | NVD | May 14, 2026 |
| CVE-2026-6473 | Integer wraparound in multiple PostgreSQL server features allows an unprivileged | HIGH | 8.8 | NVD | May 14, 2026 |
| CVE-2025-15025 | Authorization bypass through User-Controlled key vulnerability in Yordam Informa | HIGH | 8.8 | NVD | May 14, 2026 |
| CVE-2026-6008 | Authorization bypass through User-Controlled key vulnerability in Im Park Inform | MEDIUM | 6.8 | NVD | May 14, 2026 |
| CVE-2026-4031 | The Database Backup for WordPress plugin for WordPress is vulnerable to authoriz | HIGH | 7.5 | NVD | May 14, 2026 |
| CVE-2026-4030 | The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor | HIGH | 8.1 | NVD | May 14, 2026 |
| CVE-2026-4029 | The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor | HIGH | 7.5 | NVD | May 14, 2026 |
| CVE-2025-12008 | Authorization bypass through User-Controlled key vulnerability in APPYAP Technol | HIGH | 8.8 | NVD | May 14, 2026 |
| CVE-2026-4527 | Gitlab — GitLab has remediated an issue in GitLab CE/EE affecting all | MEDIUM | 6.5 | NVD | May 14, 2026 |
| CVE-2026-4524 | Gitlab — GitLab has remediated an issue in GitLab CE/EE affecting all | MEDIUM | 6.5 | NVD | May 14, 2026 |
| CVE-2026-1659 | Gitlab — GitLab has remediated an issue in GitLab CE/EE affecting all | HIGH | 7.5 | NVD | May 14, 2026 |
| CVE-2026-1322 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16 | MEDIUM | 6.8 | NVD | May 14, 2026 |
| CVE-2026-1184 | GitLab has remediated an issue in GitLab EE affecting all versions from 11 | MEDIUM | 6.5 | NVD | May 14, 2026 |
| CVE-2025-15345 | The MapGeo – Interactive Geo Maps plugin for WordPress is vulnerable to Reflecte | MEDIUM | 6.1 | NVD | May 14, 2026 |
| CVE-2025-14870 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18 | HIGH | 7.5 | NVD | May 14, 2026 |
| CVE-2025-14869 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18 | HIGH | 7.5 | NVD | May 14, 2026 |
| CVE-2026-5361 | The Envira Gallery Lite plugin for WordPress is vulnerable to Stored Cross-Site | MEDIUM | 6.4 | NVD | May 14, 2026 |
| CVE-2026-5486 | The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL I | MEDIUM | 6.5 | NVD | May 14, 2026 |
| CVE-2026-46446 | SOGo before 5 | HIGH | 7.1 | NVD | May 14, 2026 |
| CVE-2026-46445 | SOGo before 5 | HIGH | 7.1 | NVD | May 14, 2026 |
| CVE-2026-46419 | Yubico webauthn-server-core (aka java-webauthn-server) 2 | HIGH | 7.5 | NVD | May 14, 2026 |
| EDB-52564 | [webapps] WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI | HIGH | N/A | EXPLOIT-DB | May 14, 2026 |
| CVE-2026-20182 | Cisco - Catalyst SD-WAN | CRITICAL | N/A | CISA | May 14, 2026 |
| EDB-52561 | [webapps] PJPROJECT 2.16 - Heap Bufferoverflow | HIGH | N/A | EXPLOIT-DB | May 14, 2026 |
| EDB-52562 | [webapps] ePati Antikor NGFW 2.0.1301 - Authentication Bypass | HIGH | N/A | EXPLOIT-DB | May 14, 2026 |
| EDB-52563 | [webapps] Apache HertzBeat 1.8.0 - Remote Code Execution | HIGH | N/A | EXPLOIT-DB | May 14, 2026 |
| CVE-2026-8500 | Web::Passwd versions through 0 | CRITICAL | 9.8 | NVD | May 13, 2026 |
| CVE-2026-32991 | Improper authorization checks of team members privileges allow a team member to | HIGH | 7.1 | NVD | May 13, 2026 |
| CVE-2026-29206 | Insufficient sanitization of SQL queries in the `sqloptimizer` utility script al | HIGH | 8.1 | NVD | May 13, 2026 |
| CVE-2026-44005 | Vm2 — vm2 is an open source vm/sandbox for Node | CRITICAL | 10.0 | NVD | May 13, 2026 |
| CVE-2026-44004 | Vm2 — vm2 is an open source vm/sandbox for Node | HIGH | 7.5 | NVD | May 13, 2026 |
| CVE-2026-44001 | Vm2 — vm2 is an open source vm/sandbox for Node | HIGH | 8.6 | NVD | May 13, 2026 |
| CVE-2026-44000 | Vm2 — vm2 is an open source vm/sandbox for Node | MEDIUM | 6.5 | NVD | May 13, 2026 |
| CVE-2026-43999 | Vm2 — vm2 is an open source vm/sandbox for Node | CRITICAL | 9.9 | NVD | May 13, 2026 |
| CVE-2026-43998 | Vm2 — vm2 is an open source vm/sandbox for Node | HIGH | 8.5 | NVD | May 13, 2026 |
| CVE-2026-43997 | Vm2 — vm2 is an open source vm/sandbox for Node | CRITICAL | 10.0 | NVD | May 13, 2026 |
| CVE-2026-44575 | Next.Js — Next | HIGH | 7.5 | NVD | May 13, 2026 |
| CVE-2026-44574 | Next.Js — Next | HIGH | 8.1 | NVD | May 13, 2026 |
| CVE-2026-44573 | Next.Js — Next | HIGH | 7.5 | NVD | May 13, 2026 |
| CVE-2026-2695 | A command injection vulnerability was discovered in TeamViewer DEX Platform On-P | MEDIUM | 6.3 | NVD | May 13, 2026 |
| CVE-2024-48519 | Buffer Overflow vulnerability in Ardupilot rover commit v | MEDIUM | 6.2 | NVD | May 13, 2026 |
| CVE-2026-3425 | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File | HIGH | 8.8 | NVD | May 13, 2026 |
| CVE-2026-6276 | Curl — Using libcurl, when a custom `Host:` header is first set for | HIGH | 7.5 | NVD | May 13, 2026 |
| CVE-2026-5773 | Curl — libcurl might in some circumstances reuse the wrong connecti | HIGH | 7.5 | NVD | May 13, 2026 |
| CVE-2026-5545 | Curl — libcurl might in some circumstances reuse the wrong connecti | MEDIUM | 6.5 | NVD | May 13, 2026 |
| CVE-2026-4798 | The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection | HIGH | 7.5 | NVD | May 13, 2026 |
| CVE-2026-4782 | The Avada Builder plugin for WordPress is vulnerable to Arbitrary File Read in a | MEDIUM | 6.5 | NVD | May 13, 2026 |
| CVE-2026-21021 | Android — Improper input validation in Routines prior to SMR May-2026 | MEDIUM | 6.8 | NVD | May 13, 2026 |
| CVE-2026-21020 | Android — Improper export of android application components in OmaCP p | HIGH | 7.8 | NVD | May 13, 2026 |
| CVE-2026-21018 | Android — Out-of-bounds write in SveService prior to SMR May-2026 Rele | MEDIUM | 6.7 | NVD | May 13, 2026 |
| CVE-2025-11159 | Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a J | CRITICAL | 9.1 | NVD | May 13, 2026 |
| CVE-2026-7635 | The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnera | HIGH | 8.1 | NVD | May 13, 2026 |
| CVE-2026-7619 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Dona | MEDIUM | 6.5 | NVD | May 13, 2026 |
| CVE-2026-6962 | The Cost of Goods: Product Cost & Profit Calculator for WooCommerce plugin for W | MEDIUM | 6.4 | NVD | May 13, 2026 |
| CVE-2026-6828 | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Fo | MEDIUM | 6.4 | NVD | May 13, 2026 |
| EDB-52557 | [webapps] Flowise < 3.0.5 - Missing Authentication for Critical Function | HIGH | N/A | EXPLOIT-DB | May 13, 2026 |
| EDB-52559 | [webapps] glances 4.5.2 - command injection | HIGH | N/A | EXPLOIT-DB | May 13, 2026 |
| EDB-52560 | [webapps] Ninja Forms Uploads - Unauthenticated PHP File Upload | HIGH | N/A | EXPLOIT-DB | May 13, 2026 |
| EDB-52558 | [webapps] coreruleset 4.21.0 - Firewall Bypass | HIGH | N/A | EXPLOIT-DB | May 13, 2026 |
| CVE-2026-8108 | The installation of Fuji Tellus adds a driver to the kernel which grants all use | HIGH | 7.8 | NVD | May 12, 2026 |
| CVE-2026-5371 | The MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Ma | HIGH | 7.1 | NVD | May 12, 2026 |
| CVE-2026-44548 | ChurchCRM is an open-source church management system | HIGH | 8.1 | NVD | May 12, 2026 |
| CVE-2026-44547 | ChurchCRM is an open-source church management system | CRITICAL | 9.6 | NVD | May 12, 2026 |
| CVE-2026-44245 | Kyverno is a policy engine designed for cloud native platform engineering teams | MEDIUM | 6.1 | NVD | May 12, 2026 |
| CVE-2026-43685 | Filemaker Cloud — A Remote Code Execution vulnerability in Claris FileMaker Cl | HIGH | 7.2 | NVD | May 12, 2026 |
| CVE-2026-43680 | Filemaker Cloud — A Remote Code Execution vulnerability in Claris FileMaker Cl | HIGH | 7.2 | NVD | May 12, 2026 |
| CVE-2026-42289 | ChurchCRM is an open-source church management system | HIGH | 8.8 | NVD | May 12, 2026 |
| CVE-2026-42288 | ChurchCRM is an open-source church management system | CRITICAL | 10.0 | NVD | May 12, 2026 |
| CVE-2026-41901 | Thymeleaf is a server-side Java template engine for web and standalone environme | CRITICAL | 9.0 | NVD | May 12, 2026 |
| CVE-2026-1250 | The Court Reservation – Manage Your Court Bookings Online plugin for WordPress i | HIGH | 7.5 | NVD | May 12, 2026 |
| CVE-2025-15463 | The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to a | MEDIUM | 6.5 | NVD | May 12, 2026 |
| CVE-2025-65719 | An issue in Open Source Kubectl MCP Server v1 | CRITICAL | 9.8 | NVD | May 12, 2026 |
| CVE-2026-35071 | Insightiq — Dell PowerScale InsightIQ, versions 6 | HIGH | 8.2 | NVD | May 12, 2026 |
| CVE-2026-33603 | Attacker can use a specially crafted base64 exchange between Dovecot and Client | MEDIUM | 6.8 | NVD | May 12, 2026 |
| CVE-2026-27851 | When safe filter is used with variable expansion, all following pipelines on the | HIGH | 7.4 | NVD | May 12, 2026 |
| CVE-2026-45218 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 7.7 | NVD | May 12, 2026 |
| CVE-2026-45214 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 8.5 | NVD | May 12, 2026 |
| CVE-2026-45213 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 7.6 | NVD | May 12, 2026 |
| CVE-2026-45211 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 8.5 | NVD | May 12, 2026 |
| CVE-2026-42742 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 8.5 | NVD | May 12, 2026 |
| CVE-2026-42741 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 8.5 | NVD | May 12, 2026 |
| CVE-2026-41713 | Spring Ai — A malicious user could craft input that is stored in convers | HIGH | 8.2 | NVD | May 12, 2026 |
| CVE-2026-41712 | Spring Ai — Spring AI's chat memory component contained a problematic de | HIGH | 7.5 | NVD | May 12, 2026 |
| CVE-2026-2465 | Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering | HIGH | 8.8 | NVD | May 12, 2026 |
| CVE-2026-5715 | The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scriptin | MEDIUM | 6.4 | NVD | May 12, 2026 |
| CVE-2026-5340 | The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scr | MEDIUM | 6.4 | NVD | May 12, 2026 |
| CVE-2026-5028 | The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-bas | MEDIUM | 6.5 | NVD | May 12, 2026 |
| CVE-2026-4920 | The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting | MEDIUM | 6.4 | NVD | May 12, 2026 |
| CVE-2026-4859 | The SP Blog Designer plugin for WordPress is vulnerable to Stored Cross-Site Scr | MEDIUM | 6.4 | NVD | May 12, 2026 |
| CVE-2026-39432 | Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Inco | HIGH | 8.2 | NVD | May 12, 2026 |
| CVE-2026-2993 | The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable | HIGH | 7.5 | NVD | May 12, 2026 |
| CVE-2026-2300 | The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripti | MEDIUM | 6.4 | NVD | May 12, 2026 |
| CVE-2026-1681 | Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 add | MEDIUM | 6.1 | NVD | May 12, 2026 |
| CVE-2026-0804 | An ACAP configuration file lacked sufficient input validation, which could allow | MEDIUM | 6.7 | NVD | May 12, 2026 |
| CVE-2026-0802 | An ACAP configuration file lacked sufficient input validation, which could allow | MEDIUM | 6.0 | NVD | May 12, 2026 |
| CVE-2026-0541 | ACAP applications can gain elevated privileges due to improper input validation | MEDIUM | 6.7 | NVD | May 12, 2026 |
| CVE-2026-43887 | Outline is a service that allows for collaborative documentation | HIGH | 7.3 | NVD | May 11, 2026 |
| CVE-2026-43886 | Outline is a service that allows for collaborative documentation | HIGH | 8.2 | NVD | May 11, 2026 |
| CVE-2026-43884 | WWBN AVideo is an open source video platform | HIGH | 7.7 | NVD | May 11, 2026 |
| CVE-2026-43878 | WWBN AVideo is an open source video platform | MEDIUM | 6.1 | NVD | May 11, 2026 |
| CVE-2026-43876 | WWBN AVideo is an open source video platform | MEDIUM | 6.4 | NVD | May 11, 2026 |
| CVE-2026-43875 | WWBN AVideo is an open source video platform | MEDIUM | 6.8 | NVD | May 11, 2026 |
| CVE-2026-43873 | WWBN AVideo is an open source video platform | HIGH | 7.5 | NVD | May 11, 2026 |
| CVE-2026-42564 | jotty·page is a self-hosted app for your checklists and notes | HIGH | 8.2 | NVD | May 11, 2026 |
| CVE-2026-42046 | libcaca is a colour ASCII art library | HIGH | 7.8 | NVD | May 11, 2026 |
| CVE-2026-34961 | Barebox — barebox prior to version 2026 | MEDIUM | 6.2 | NVD | May 11, 2026 |
| CVE-2026-34960 | barebox prior to version 2026 | MEDIUM | 6.5 | NVD | May 11, 2026 |
| CVE-2026-44738 | Grav is a file-based Web platform | HIGH | 7.7 | NVD | May 11, 2026 |
| CVE-2026-42843 | Grav API Plugin is a RESTful API for Grav CMS that provides full headless access | HIGH | 8.8 | NVD | May 11, 2026 |
| CVE-2026-42603 | OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses | HIGH | 8.8 | NVD | May 11, 2026 |
| CVE-2026-36906 | Cross Site Scripting vulnerability in iotgateway v | MEDIUM | 6.1 | NVD | May 11, 2026 |
| CVE-2026-33362 | In Meari IoT SDK builds embedded in CloudEdge 5 | HIGH | 8.6 | NVD | May 11, 2026 |
| CVE-2026-33361 | In Meari IoT SDK image handling (libmrplayer | HIGH | 7.5 | NVD | May 11, 2026 |
| CVE-2026-33359 | In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage | HIGH | 7.5 | NVD | May 11, 2026 |
| CVE-2026-33357 | In Meari client applications embedding "com | HIGH | 7.5 | NVD | May 11, 2026 |
| CVE-2026-33356 | In Meari IoT Cloud MQTT Broker deployments running EMQX 4 | HIGH | 7.7 | NVD | May 11, 2026 |
| CVE-2026-31254 | The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 | HIGH | 7.3 | NVD | May 11, 2026 |
| CVE-2026-31253 | The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5 | HIGH | 7.3 | NVD | May 11, 2026 |
| CVE-2026-31251 | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) cont | HIGH | 7.3 | NVD | May 11, 2026 |
| CVE-2026-31250 | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) cont | HIGH | 7.3 | NVD | May 11, 2026 |
| CVE-2026-31249 | CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) cont | HIGH | 7.3 | NVD | May 11, 2026 |
| CVE-2026-31248 | Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks t | HIGH | 7.5 | NVD | May 11, 2026 |
| CVE-2026-26946 | Elastic Cloud Storage — Dell ECS versions 3 | MEDIUM | 6.7 | NVD | May 11, 2026 |
| CVE-2025-8325 | The software fails to enforce role-based access controls for certain Gateway API | MEDIUM | 6.3 | NVD | May 11, 2026 |
| CVE-2025-10908 | Due to a lack of user account state validation during authentication, locked use | HIGH | 7.3 | NVD | May 11, 2026 |
| CVE-2026-43826 | The OpenSearch logging provider, when configured with a `host` URL that embeds c | MEDIUM | 6.5 | NVD | May 11, 2026 |
| CVE-2026-41018 | The Elasticsearch logging provider, when configured with a `host` URL that embed | MEDIUM | 6.5 | NVD | May 11, 2026 |
| CVE-2026-5084 | WebDyne::Session versions through 2 | MEDIUM | 6.5 | NVD | May 11, 2026 |
| CVE-2026-43500 | Linux Kernel — rxrpc: Also unshare DATA/RESPONSE packets when paged frags a | HIGH | 7.8 | NVD | May 11, 2026 |
| CVE-2026-6433 | The Custom css-js-php WordPress plugin through 2 | HIGH | 7.3 | NVD | May 11, 2026 |
| CVE-2026-8264 | Ac6 Firmware — A weakness has been identified in Tenda AC6 15 | MEDIUM | 6.3 | NVD | May 11, 2026 |
| CVE-2026-8260 | A vulnerability was found in D-Link DCS-935L up to 1 | HIGH | 8.8 | NVD | May 11, 2026 |
| CVE-2026-8177 | XML::LibXML versions through 2 | HIGH | 7.5 | NVD | May 10, 2026 |
| CVE-2026-45191 | Net::CIDR::Lite versions before 0 | MEDIUM | 6.5 | NVD | May 10, 2026 |
| CVE-2026-45190 | Net::CIDR::Lite versions before 0 | MEDIUM | 6.5 | NVD | May 10, 2026 |
| CVE-2026-45180 | Catalyst::Plugin::Statsd versions through 0 | HIGH | 7.5 | NVD | May 10, 2026 |
| CVE-2021-47940 | WordPress Plugin Download From Files version 1 | CRITICAL | 9.8 | NVD | May 10, 2026 |
| CVE-2021-47939 | Evolution CMS 3 | HIGH | 8.8 | NVD | May 10, 2026 |
| CVE-2021-47938 | ImpressCMS 1 | HIGH | 8.8 | NVD | May 10, 2026 |
| CVE-2021-47937 | e107 CMS 2 | HIGH | 8.8 | NVD | May 10, 2026 |
| CVE-2021-47936 | OpenCATS 0 | CRITICAL | 9.8 | NVD | May 10, 2026 |
| CVE-2021-47935 | Sentry 8 | HIGH | 8.8 | NVD | May 10, 2026 |
| CVE-2021-47933 | WordPress MStore API 2 | CRITICAL | 9.8 | NVD | May 10, 2026 |
| CVE-2021-47932 | WordPress TheCartPress 1 | CRITICAL | 9.8 | NVD | May 10, 2026 |
| CVE-2021-47931 | Exponent CMS 2 | MEDIUM | 6.4 | NVD | May 10, 2026 |
| CVE-2021-47930 | Balbooa Joomla Forms Builder 2 | HIGH | 8.2 | NVD | May 10, 2026 |
| CVE-2021-47929 | Filterable Portfolio Gallery 1 | MEDIUM | 6.4 | NVD | May 10, 2026 |
| CVE-2021-47928 | Opencart TMD Vendor System 3 | HIGH | 8.2 | NVD | May 10, 2026 |
| CVE-2021-47927 | WordPress Plugin WP Symposium Pro 2021 | MEDIUM | 6.4 | NVD | May 10, 2026 |
| CVE-2021-47926 | Contact Form to Email 1 | MEDIUM | 6.4 | NVD | May 10, 2026 |
| CVE-2021-47925 | CMDBuild 3 | MEDIUM | 6.4 | NVD | May 10, 2026 |
| CVE-2021-47924 | Ultimate Product Catalog 5 | MEDIUM | 6.4 | NVD | May 10, 2026 |
| CVE-2021-47923 | OpenCart 3 | CRITICAL | 9.8 | NVD | May 10, 2026 |
| CVE-2021-47922 | Slider by Soliloquy 2 | MEDIUM | 6.4 | NVD | May 10, 2026 |
| CVE-2021-47910 | AccessPress Social Icons 1 | MEDIUM | 6.4 | NVD | May 10, 2026 |
| CVE-2021-47907 | Rocket LMS 1 | MEDIUM | 6.4 | NVD | May 10, 2026 |
| CVE-2026-8231 | A vulnerability has been found in CodeAstro Online Catering Ordering System 1 | MEDIUM | 6.3 | NVD | May 10, 2026 |
| CVE-2026-8230 | A flaw has been found in Wavlink NU516U1 240425 | MEDIUM | 6.3 | NVD | May 10, 2026 |
| CVE-2026-8229 | A vulnerability was detected in Wavlink NU516U1 240425 | MEDIUM | 6.3 | NVD | May 10, 2026 |
| CVE-2026-8228 | A security vulnerability has been detected in Wavlink NU516U1 240425 | MEDIUM | 6.3 | NVD | May 10, 2026 |
| CVE-2026-8227 | A weakness has been identified in Wavlink NU516U1 240425 | MEDIUM | 6.3 | NVD | May 10, 2026 |
| CVE-2026-8217 | A security flaw has been discovered in Industrial Application Software IAS Cania | MEDIUM | 6.3 | NVD | May 10, 2026 |
| CVE-2026-8216 | A vulnerability was identified in Industrial Application Software IAS Canias ERP | HIGH | 7.3 | NVD | May 10, 2026 |
| CVE-2026-45184 | Kdenlive before 26 | MEDIUM | 6.5 | NVD | May 09, 2026 |
| CVE-2026-42605 | AzuraCast is a self-hosted, all-in-one web radio management suite | HIGH | 8.8 | NVD | May 09, 2026 |
| CVE-2026-42576 | apko allows users to build and publish OCI container images built from apk packa | MEDIUM | 6.5 | NVD | May 09, 2026 |
| CVE-2026-42575 | apko allows users to build and publish OCI container images built from apk packa | HIGH | 7.5 | NVD | May 09, 2026 |
| CVE-2026-42574 | apko allows users to build and publish OCI container images built from apk packa | HIGH | 7.5 | NVD | May 09, 2026 |
| CVE-2026-42569 | phpVMS is a PHP application to run and simulate an airline | CRITICAL | 9.4 | NVD | May 09, 2026 |
| CVE-2026-42562 | Plainpad is a self hosted note taking app | HIGH | 8.3 | NVD | May 09, 2026 |
| CVE-2026-8193 | A weakness has been identified in Akaunting 3 | MEDIUM | 6.3 | NVD | May 09, 2026 |
| CVE-2026-8192 | A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425 | MEDIUM | 6.3 | NVD | May 09, 2026 |
| CVE-2026-8191 | A vulnerability was identified in Wavlink NU516U1 M16U1_V240425 | MEDIUM | 6.3 | NVD | May 09, 2026 |
| CVE-2026-8190 | A vulnerability was determined in Wavlink NU516U1 M16U1_V240425 | MEDIUM | 6.3 | NVD | May 09, 2026 |
| CVE-2026-8189 | A vulnerability was found in Wavlink NU516U1 M16U1_V240425 | MEDIUM | 6.3 | NVD | May 09, 2026 |
| CVE-2026-8188 | A vulnerability has been found in Wavlink NU516U1 M16U1_V240425 | MEDIUM | 6.3 | NVD | May 09, 2026 |
| CVE-2026-8185 | A security vulnerability has been detected in UGREEN CM933 1 | MEDIUM | 6.3 | NVD | May 09, 2026 |
| CVE-2026-3828 | Some Hikvision switch products (discontinued since December 2023) are vulnerable | HIGH | 7.2 | NVD | May 09, 2026 |
| CVE-2026-1749 | There is an Access Control Vulnerability in some HikCentral Professional version | MEDIUM | 6.8 | NVD | May 09, 2026 |
| CVE-2026-42560 | auth provides authentication via oauth2, direct and email | CRITICAL | 9.1 | NVD | May 09, 2026 |
| CVE-2026-42452 | Termix is a web-based server management platform with SSH terminal, tunneling, a | HIGH | 8.1 | NVD | May 08, 2026 |
| CVE-2026-42451 | Grimmory is a self-hosted digital library | MEDIUM | 6.3 | NVD | May 08, 2026 |
| CVE-2026-42354 | Sentry is an error tracking and performance monitoring tool | CRITICAL | 9.1 | NVD | May 08, 2026 |
| CVE-2026-42352 | pygeoapi is a Python server implementation of the OGC API suite of standards | HIGH | 8.6 | NVD | May 08, 2026 |
| CVE-2026-42351 | pygeoapi is a Python server implementation of the OGC API suite of standards | HIGH | 7.5 | NVD | May 08, 2026 |
| CVE-2026-42346 | Postiz is an AI social media scheduling tool | MEDIUM | 6.5 | NVD | May 08, 2026 |
| CVE-2026-42345 | FastGPT is an AI Agent building platform | HIGH | 7.7 | NVD | May 08, 2026 |
| CVE-2026-42344 | FastGPT is an AI Agent building platform | MEDIUM | 6.3 | NVD | May 08, 2026 |
| CVE-2026-42302 | FastGPT is an AI Agent building platform | CRITICAL | 9.8 | NVD | May 08, 2026 |
| CVE-2026-42298 | Postiz is an AI social media scheduling tool | CRITICAL | 10.0 | NVD | May 08, 2026 |
| CVE-2026-42291 | SysReptor is a fully customizable pentest reporting platform | MEDIUM | 6.8 | NVD | May 08, 2026 |
| CVE-2026-42224 | ipl/web is a set of common web components for php projects | HIGH | 7.6 | NVD | May 08, 2026 |
| CVE-2026-41520 | Cilium is a networking, observability, and security solution with an eBPF-based | HIGH | 7.9 | NVD | May 08, 2026 |
| CVE-2026-41432 | New API is a large language mode (LLM) gateway and artificial intelligence (AI) | HIGH | 7.1 | NVD | May 08, 2026 |
| CVE-2026-42189 | Russh is a Rust SSH client & server library | HIGH | 7.5 | NVD | May 08, 2026 |
| CVE-2026-42181 | Lemmy is a link aggregator and forum for the fediverse | MEDIUM | 6.5 | NVD | May 08, 2026 |
| CVE-2026-42180 | Lemmy is a link aggregator and forum for the fediverse | MEDIUM | 6.3 | NVD | May 08, 2026 |
| CVE-2026-42176 | Scoold is a Q&A and a knowledge sharing platform for teams | MEDIUM | 6.7 | NVD | May 08, 2026 |
| CVE-2026-8178 | An issue exists in Amazon Redshift JDBC Driver versions prior to 2 | HIGH | 8.1 | NVD | May 08, 2026 |
| CVE-2026-41511 | OpenMcdf is a fully | MEDIUM | 6.2 | NVD | May 08, 2026 |
| CVE-2026-29203 | A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlink | HIGH | 8.8 | NVD | May 08, 2026 |
| CVE-2026-29202 | Insufficient input validation of the `plugin` parameter of the `create_user` plu | HIGH | 8.8 | NVD | May 08, 2026 |
| CVE-2026-6659 | Crypt::PasswdMD5 versions through 1 | HIGH | 7.5 | NVD | May 08, 2026 |
| CVE-2026-42072 | Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub- | CRITICAL | 9.8 | NVD | May 08, 2026 |
| CVE-2026-42030 | MapServer is a system for developing web-based GIS applications | MEDIUM | 6.1 | NVD | May 08, 2026 |
| CVE-2026-38360 | Directory Traversal vulnerability in fohrloop dash-uploader v | CRITICAL | 9.8 | NVD | May 08, 2026 |
| CVE-2026-25199 | Cloudstack — Instances deployed via the Proxmox extension allow unauthori | CRITICAL | 9.1 | NVD | May 08, 2026 |
| CVE-2026-25077 | Cloudstack — Account users are allowed by default to register templates t | MEDIUM | 6.3 | NVD | May 08, 2026 |
| CVE-2025-69233 | Cloudstack — Due to multiple time-of-check time-of-use race conditions in | MEDIUM | 6.5 | NVD | May 08, 2026 |
| CVE-2025-66467 | Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows use | HIGH | 8.0 | NVD | May 08, 2026 |
| CVE-2025-66172 | The CloudStack Backup plugin has an improper access logic in versions 4 | MEDIUM | 6.5 | NVD | May 08, 2026 |
| CVE-2025-66171 | The CloudStack Backup plugin has an improper access logic in versions 4 | MEDIUM | 6.5 | NVD | May 08, 2026 |
| CVE-2025-66170 | The CloudStack Backup plugin has an improper authorization logic in versions 4 | MEDIUM | 6.5 | NVD | May 08, 2026 |
| CVE-2022-50994 | DrayTek Vigor 2960 firmware versions prior to 1 | HIGH | 8.1 | NVD | May 08, 2026 |
| CVE-2026-8153 | OS command injection in Dashboard Server interface in Universal Robots PolyScope | CRITICAL | 9.8 | NVD | May 08, 2026 |
| CVE-2024-33722 | SOPlanning 1 | MEDIUM | 6.3 | NVD | May 08, 2026 |
| CVE-2024-33288 | Prison Management System Using PHP v1 | HIGH | 7.3 | NVD | May 08, 2026 |
| CVE-2024-30167 | /cgi-bin/time | MEDIUM | 6.3 | NVD | May 08, 2026 |
| CVE-2024-27686 | Mikrotik RouterOS (x86) 6 | HIGH | 7.5 | NVD | May 08, 2026 |
| CVE-2026-8148 | NAVER MYBOX Explorer for Windows before 3 | HIGH | 7.8 | NVD | May 08, 2026 |
| CVE-2026-8138 | A vulnerability was found in Tenda CX12L 16 | HIGH | 8.8 | NVD | May 08, 2026 |
| CVE-2026-8137 | A vulnerability has been found in Totolink X5000R 9 | HIGH | 8.8 | NVD | May 08, 2026 |
| CVE-2026-42277 | Onyx is an open-source AI platform | MEDIUM | 6.5 | NVD | May 08, 2026 |
| CVE-2023-42345 | A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via upd | MEDIUM | 6.1 | NVD | May 08, 2026 |
| CVE-2023-42344 | Alkacon OpenCms before 10 | HIGH | 7.3 | NVD | May 08, 2026 |
| CVE-2023-42343 | A Cross Site Scripting vulnerability in Alkacon OpenCms before 10 | MEDIUM | 6.1 | NVD | May 08, 2026 |
| CVE-2022-45899 | Nokia Broadcast Message Center (BMC) before 13 | MEDIUM | 6.5 | NVD | May 08, 2026 |
| CVE-2022-26522 | The socket connection handler in aswArPot | HIGH | 7.8 | NVD | May 08, 2026 |
| CVE-2022-23961 | In Thruk Monitoring through 2 | MEDIUM | 6.1 | NVD | May 08, 2026 |
| CVE-2026-41500 | Electerm — electerm is an open-sourced terminal/ssh/sftp/telnet/serialp | CRITICAL | 9.8 | NVD | May 08, 2026 |
| CVE-2026-8128 | A vulnerability was found in SourceCodester SUP Online Shopping 1 | HIGH | 7.3 | NVD | May 08, 2026 |
| CVE-2026-8127 | A vulnerability has been found in eladmin up to 2 | MEDIUM | 6.3 | NVD | May 08, 2026 |
| CVE-2026-8126 | A flaw has been found in SourceCodester Comment System 1 | HIGH | 7.3 | NVD | May 08, 2026 |
| CVE-2026-8125 | A vulnerability was detected in code-projects Simple Chat System 1 | MEDIUM | 6.3 | NVD | May 08, 2026 |
| CVE-2026-8116 | A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1 | MEDIUM | 6.3 | NVD | May 08, 2026 |
| CVE-2026-42208 | BerriAI - LiteLLM | CRITICAL | N/A | CISA | May 08, 2026 |
| CVE-2026-6411 | This vulnerability, in the MAXHUB Pivot client application versions prior to v1 | HIGH | 7.3 | NVD | May 07, 2026 |
| CVE-2026-42880 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes | CRITICAL | 9.6 | NVD | May 07, 2026 |
| CVE-2026-8083 | A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System | HIGH | 7.3 | NVD | May 07, 2026 |
| CVE-2026-44742 | Postorius through 1 | HIGH | 7.2 | NVD | May 07, 2026 |
| CVE-2026-44244 | GitPython is a python library used to interact with Git repositories | HIGH | 7.8 | NVD | May 07, 2026 |
| CVE-2026-44243 | Gitpython — GitPython is a python library used to interact with Git repo | HIGH | 7.1 | NVD | May 07, 2026 |
| CVE-2026-42284 | Gitpython — GitPython is a python library used to interact with Git repo | HIGH | 8.1 | NVD | May 07, 2026 |
| CVE-2026-42215 | GitPython is a python library used to interact with Git repositories | HIGH | 8.8 | NVD | May 07, 2026 |
| CVE-2026-42214 | Notepad Next is a cross-platform, reimplementation of Notepad++ | HIGH | 7.8 | NVD | May 07, 2026 |
| CVE-2026-41906 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor | HIGH | 7.1 | NVD | May 07, 2026 |
| CVE-2026-41905 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor | HIGH | 7.7 | NVD | May 07, 2026 |
| CVE-2026-41904 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor | HIGH | 7.6 | NVD | May 07, 2026 |
| CVE-2026-41902 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framewor | CRITICAL | 9.1 | NVD | May 07, 2026 |
| CVE-2026-8081 | A vulnerability has been found in router-for-me CLIProxyAPI 6 | MEDIUM | 6.3 | NVD | May 07, 2026 |
| CVE-2026-37709 | Insecure Permissions vulnerability in grokability snipe-it v | CRITICAL | 9.8 | NVD | May 07, 2026 |
| CVE-2026-7415 | The MQTT broker embedded in Yarbo firmware v2 | CRITICAL | 9.8 | NVD | May 07, 2026 |
| CVE-2026-7414 | Yarbo firmware v2 | CRITICAL | 9.8 | NVD | May 07, 2026 |
| CVE-2026-7413 | A hidden, persistent backdoor was found in Yarbo firmware v2 | HIGH | 7.2 | NVD | May 07, 2026 |
| CVE-2026-8093 | Memory safety bugs present in Thunderbird 150 | HIGH | 8.1 | NVD | May 07, 2026 |
| CVE-2026-8092 | Memory safety bugs present in Thunderbird ESR 140 | HIGH | 8.1 | NVD | May 07, 2026 |
| CVE-2026-8091 | Incorrect boundary conditions in the Audio/Video: Playback component | CRITICAL | 9.8 | NVD | May 07, 2026 |
| CVE-2026-8090 | Firefox — Use-after-free in the DOM: Networking component | HIGH | 7.3 | NVD | May 07, 2026 |
| CVE-2026-6002 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vu | HIGH | 8.8 | NVD | May 07, 2026 |
| CVE-2026-5791 | Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Techno | CRITICAL | 9.6 | NVD | May 07, 2026 |
| CVE-2026-5784 | Improper neutralization of input during web page generation ('cross-site scripti | HIGH | 8.8 | NVD | May 07, 2026 |
| CVE-2026-6508 | Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Re | CRITICAL | 9.8 | NVD | May 07, 2026 |
| CVE-2026-42285 | GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go P | HIGH | 7.5 | NVD | May 07, 2026 |
| CVE-2026-42010 | A flaw was found in gnutls | HIGH | 7.1 | NVD | May 07, 2026 |
| CVE-2026-41643 | Gobgp — GoBGP is an open source Border Gateway Protocol (BGP) implem | HIGH | 7.5 | NVD | May 07, 2026 |
| CVE-2026-41642 | Gobgp — GoBGP is an open source Border Gateway Protocol (BGP) implem | HIGH | 7.5 | NVD | May 07, 2026 |
| CVE-2026-3953 | Improper neutralization of input during web page generation ('cross-site scripti | HIGH | 8.8 | NVD | May 07, 2026 |
| CVE-2026-33589 | Open-Notebook — Lack of user input validation in the file upload functionali | MEDIUM | 6.5 | NVD | May 07, 2026 |
| CVE-2026-33588 | Open-Notebook — Lack of user input validation in the file upload functionali | HIGH | 8.1 | NVD | May 07, 2026 |
| CVE-2026-33587 | Open-Notebook — Lack of user input sanitisation in Open Notebook v1 | CRITICAL | 10.0 | NVD | May 07, 2026 |
| CVE-2026-28201 | Open-Notebook — An improper input validation, together with an overly permis | HIGH | 7.8 | NVD | May 07, 2026 |
| CVE-2025-68060 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | HIGH | 7.6 | NVD | May 07, 2026 |
| CVE-2025-1978 | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the mainten | HIGH | 8.3 | NVD | May 07, 2026 |
| CVE-2024-43384 | A low privileged remote attacker can gain the root password due to improper remo | HIGH | 8.0 | NVD | May 07, 2026 |
| CVE-2026-4430 | Libreoffice — Out-of-bounds write vulnerability in The Document Foundation | HIGH | 7.8 | NVD | May 07, 2026 |
| CVE-2025-9661 | Virtual Storage One Block — OS command injection vulneravility in the management gui (ma | HIGH | 8.1 | NVD | May 07, 2026 |
| CVE-2026-8063 | An authenticated user can crash mongod when running $rankFusion or $scoreFusion | MEDIUM | 6.5 | NVD | May 07, 2026 |
| CVE-2026-7252 | The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page | HIGH | 8.1 | NVD | May 07, 2026 |
| CVE-2026-6692 | The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Uploa | HIGH | 8.8 | NVD | May 07, 2026 |
| CVE-2026-4348 | The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the ` | HIGH | 7.5 | NVD | May 07, 2026 |
| CVE-2026-41641 | Nocobase — NocoBase is an AI-powered no-code/low-code platform for buil | HIGH | 7.2 | NVD | May 07, 2026 |
| CVE-2026-41143 | YesWiki is a wiki system written in PHP | HIGH | 8.8 | NVD | May 07, 2026 |
| CVE-2026-41655 | Admidio is an open-source user management solution | MEDIUM | 6.5 | NVD | May 07, 2026 |
| CVE-2026-41640 | NocoBase is an AI-powered no-code/low-code platform for building business applic | HIGH | 7.5 | NVD | May 07, 2026 |
| CVE-2026-41201 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo | CRITICAL | 9.1 | NVD | May 07, 2026 |
| CVE-2026-41142 | Openexr — OpenEXR provides the specification and reference implementat | HIGH | 8.8 | NVD | May 07, 2026 |
| CVE-2026-41002 | The base directory (`spring | HIGH | 7.2 | NVD | May 07, 2026 |
| CVE-2026-40982 | Spring Cloud Config allows applications to serve arbitrary text and binary files | CRITICAL | 9.1 | NVD | May 07, 2026 |
| CVE-2026-40981 | When using Google Secrets Manager as a backend for the Spring Cloud Config serve | HIGH | 7.5 | NVD | May 07, 2026 |
| CVE-2026-4807 | The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing A | MEDIUM | 6.5 | NVD | May 07, 2026 |
| EDB-52552 | [local] NocoBase 2.0.27 - VM Sandbox Escape | HIGH | N/A | EXPLOIT-DB | May 07, 2026 |
| EDB-52553 | [webapps] Bludit CMS 3.18.4 - RCE | HIGH | N/A | EXPLOIT-DB | May 07, 2026 |
| EDB-52554 | [webapps] LuaJIT 2.1.1774638290 - Arbitrary Code Execution | HIGH | N/A | EXPLOIT-DB | May 07, 2026 |
| EDB-52555 | [webapps] Ghost CMS 6.19.0 - SQLi | HIGH | N/A | EXPLOIT-DB | May 07, 2026 |
| EDB-52556 | [remote] telnetd 2.7 - Buffer Overflow | HIGH | N/A | EXPLOIT-DB | May 07, 2026 |
| CVE-2026-6973 | Ivanti - Endpoint Manager Mobile (EPMM) | CRITICAL | N/A | CISA | May 07, 2026 |
| EDB-52551 | [webapps] ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF) | HIGH | N/A | EXPLOIT-DB | May 07, 2026 |
| CVE-2024-30151 | Bigfix Service Management — HCL BigFix Service Management (SX) is affected by a Broken | HIGH | 8.3 | NVD | May 06, 2026 |
| CVE-2026-7875 | NanoClaw version 1 | HIGH | 8.8 | NVD | May 06, 2026 |
| CVE-2026-42503 | gopls by default communicates via pipe | HIGH | 8.8 | NVD | May 06, 2026 |
| CVE-2026-23870 | A denial of service vulnerability could be triggered by sending specially crafte | HIGH | 7.5 | NVD | May 06, 2026 |
| CVE-2026-20188 | A vulnerability in the connection-handling mechanism of Cisco Crosswork Network | HIGH | 7.5 | NVD | May 06, 2026 |
| CVE-2026-20185 | A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of&nb | HIGH | 7.7 | NVD | May 06, 2026 |
| CVE-2026-20169 | A vulnerability in the web-based management interface of Cisco IoT Field Network | MEDIUM | 6.4 | NVD | May 06, 2026 |
| CVE-2026-20168 | A vulnerability in the web-based management interface of Cisco IoT Field Network | MEDIUM | 6.5 | NVD | May 06, 2026 |
| CVE-2026-20167 | A vulnerability in the web-based management interface of Cisco IoT Field Network | HIGH | 7.7 | NVD | May 06, 2026 |
| CVE-2026-20035 | A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an | HIGH | 7.2 | NVD | May 06, 2026 |
| CVE-2026-20034 | A vulnerability in the web-based management interface of Cisco Unity Connection | HIGH | 8.8 | NVD | May 06, 2026 |
| CVE-2025-31951 | HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Comm | HIGH | 8.8 | NVD | May 06, 2026 |
| CVE-2026-6420 | A flaw was found in Keylime | MEDIUM | 6.3 | NVD | May 06, 2026 |
| CVE-2026-42509 | Wicket — Improper Neutralization of Input During Web Page Generation | MEDIUM | 6.1 | NVD | May 06, 2026 |
| CVE-2026-40010 | Wicket — Missing invocation of Servlet http web request method change | CRITICAL | 9.1 | NVD | May 06, 2026 |
| CVE-2026-35255 | Cloud Native Environment Command Line Interface — Vulnerability in the Oracle Cloud Native Environment Command | MEDIUM | 6.6 | NVD | May 06, 2026 |
| CVE-2026-1719 | The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection | HIGH | 7.5 | NVD | May 06, 2026 |
| CVE-2026-7841 | A remote code execution vulnerability exists in Notification Settings on GeoVisi | HIGH | 8.8 | NVD | May 06, 2026 |
| CVE-2026-7457 | The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting | MEDIUM | 6.4 | NVD | May 06, 2026 |
| CVE-2026-7448 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for W | HIGH | 7.2 | NVD | May 06, 2026 |
| CVE-2026-7332 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for W | HIGH | 7.2 | NVD | May 06, 2026 |
| CVE-2026-6672 | The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnera | MEDIUM | 6.4 | NVD | May 06, 2026 |
| CVE-2026-35254 | Cloud Infrastructure Cli — Vulnerability in the Oracle OCI CLI product of Oracle Open S | MEDIUM | 6.1 | NVD | May 06, 2026 |
| CVE-2026-5753 | The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerab | MEDIUM | 6.5 | NVD | May 06, 2026 |
| CVE-2025-71256 | In nr modem, there is a possible improper input validation | HIGH | 7.5 | NVD | May 06, 2026 |
| CVE-2025-71255 | In Modem IMS, there is a possible improper input validation | HIGH | 7.5 | NVD | May 06, 2026 |
| CVE-2025-71254 | In Modem IMS, there is a possible improper input validation | HIGH | 7.5 | NVD | May 06, 2026 |
| CVE-2025-71253 | In Modem IMS, there is a possible improper input validation | HIGH | 7.5 | NVD | May 06, 2026 |
| CVE-2025-71252 | In Modem IMS, there is a possible improper input validation | HIGH | 7.5 | NVD | May 06, 2026 |
| CVE-2025-71251 | In IMS, there is a possible system crash due to improper input validation | HIGH | 7.5 | NVD | May 06, 2026 |
| CVE-2026-0300 | Palo Alto Networks - PAN-OS | CRITICAL | N/A | CISA | May 06, 2026 |
| CVE-2024-52911 | Bitcoin Core through 28 | HIGH | 7.5 | NVD | May 05, 2026 |
| CVE-2026-44331 | Proftpd — In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqlta | HIGH | 8.1 | CVE.ORG | May 05, 2026 |
| CVE-2026-42997 | An issue was discovered in idrac in OpenStack Ironic before 35 | HIGH | 7.7 | NVD | May 05, 2026 |
| CVE-2026-38428 | Kestra v1 | CRITICAL | 9.8 | NVD | May 05, 2026 |
| CVE-2026-30923 | Modsecurity — ModSecurity is an open source, cross platform web applicatio | HIGH | 7.5 | NVD | May 05, 2026 |
| CVE-2026-7857 | D-Link DI-8100 CGI user_group.asp sprintf buffer overflow | HIGH | 7.2 | CVE.ORG | May 05, 2026 |
| CVE-2026-7856 | D-Link DI-8100 Web Management url_member.asp buffer overflow | HIGH | 7.2 | CVE.ORG | May 05, 2026 |
| CVE-2026-27960 | OpenCTI privilege escalation and unauthenticated access via default admin account | CRITICAL | 9.8 | CVE.ORG | May 05, 2026 |
| CVE-2026-7855 | D-Link DI-8100 HTTP Request tggl.asp tggl_asp buffer overflow | HIGH | 8.8 | CVE.ORG | May 05, 2026 |
| CVE-2026-7854 | D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow | CRITICAL | 9.8 | CVE.ORG | May 05, 2026 |
| CVE-2026-7853 | D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow | CRITICAL | 9.8 | CVE.ORG | May 05, 2026 |
| CVE-2026-7851 | D-Link DI-8100 yyxz.asp sprintf stack-based overflow | HIGH | 7.2 | CVE.ORG | May 05, 2026 |
| CVE-2026-38432 | ERPNext v15 | MEDIUM | 6.1 | NVD | May 05, 2026 |
| CVE-2026-38431 | ERPNext v15 | CRITICAL | 9.8 | NVD | May 05, 2026 |
| CVE-2026-38429 | OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin I | CRITICAL | 9.8 | NVD | May 05, 2026 |
| CVE-2026-25589 | Redisbloom — RedisBloom is a probabilistic data structures module for Red | HIGH | 8.8 | NVD | May 05, 2026 |
| CVE-2026-25588 | Redistimeseries — RedisTimeSeries is a time-series module for Redis | HIGH | 8.8 | NVD | May 05, 2026 |
| CVE-2026-25243 | Redis — Redis is an in-memory data structure store | HIGH | 8.8 | NVD | May 05, 2026 |
| CVE-2026-23631 | Redis — Redis is an in-memory data structure store | HIGH | 8.1 | NVD | May 05, 2026 |
| CVE-2026-23479 | Redis — Redis is an in-memory data structure store | HIGH | 8.8 | NVD | May 05, 2026 |
| CVE-2026-7412 | Eclipse Basyx — In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Opera | HIGH | 8.6 | CVE.ORG | May 05, 2026 |
| CVE-2026-7411 | Eclipse Basyx — In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequat | CRITICAL | 10.0 | CVE.ORG | May 05, 2026 |
| CVE-2026-7834 | EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow | CRITICAL | 9.8 | CVE.ORG | May 05, 2026 |
| CVE-2026-4304 | WeePie Cookie Allow <= 3.4.11 - Unauthenticated SQL Injection via 'consent' Parameter | HIGH | 7.5 | CVE.ORG | May 05, 2026 |
| CVE-2026-7833 | EFM ipTIME C200 ApplyRestore Endpoint iux_set.cgi sub_408F90 command injection | HIGH | 7.2 | CVE.ORG | May 05, 2026 |
| CVE-2026-43528 | Openclaw — OpenClaw before 2026 | MEDIUM | 6.5 | NVD | May 05, 2026 |
| CVE-2026-43527 | Openclaw — OpenClaw before 2026 | HIGH | 7.7 | NVD | May 05, 2026 |
| CVE-2026-43526 | Openclaw — OpenClaw before 2026 | HIGH | 8.2 | NVD | May 05, 2026 |
| CVE-2026-42439 | Openclaw — OpenClaw before 2026 | HIGH | 8.5 | NVD | May 05, 2026 |
| CVE-2026-42438 | Openclaw — OpenClaw versions 2026 | HIGH | 7.7 | NVD | May 05, 2026 |
| CVE-2026-42437 | OpenClaw versions 2026 | HIGH | 7.5 | NVD | May 05, 2026 |
| CVE-2026-42436 | OpenClaw before 2026 | HIGH | 7.7 | NVD | May 05, 2026 |
| CVE-2026-42435 | OpenClaw versions from 2026 | HIGH | 8.8 | NVD | May 05, 2026 |
| CVE-2026-42434 | OpenClaw versions 2026 | HIGH | 8.8 | NVD | May 05, 2026 |
| CVE-2026-42433 | OpenClaw before 2026 | MEDIUM | 6.5 | NVD | May 05, 2026 |
| CVE-2023-54349 | AmazCart CMS 3 | MEDIUM | 6.1 | NVD | May 05, 2026 |
| CVE-2023-54348 | ERPGo SaaS 3 | HIGH | 8.8 | NVD | May 05, 2026 |
| CVE-2023-54347 | Openemr — OpenEMR 7 | HIGH | 7.5 | NVD | May 05, 2026 |
| CVE-2023-54346 | WordPress Plugin Backup Migration 1 | HIGH | 7.5 | NVD | May 05, 2026 |
| CVE-2023-54345 | Erpnext — Frappe Framework ERPNext 13 | HIGH | 8.8 | NVD | May 05, 2026 |
| CVE-2023-54344 | Eclipse Equinox OSGi 3 | CRITICAL | 9.8 | NVD | May 05, 2026 |
| CVE-2023-54342 | Eclipse Equinox OSGi versions 3 | CRITICAL | 9.8 | NVD | May 05, 2026 |
| CVE-2026-7832 | IObit Advanced SystemCare Service ASC.exe symlink | HIGH | 7.0 | CVE.ORG | May 05, 2026 |
| CVE-2026-43573 | OpenClaw < 2026.4.10 - SSRF Policy Bypass in Existing-Session Browser Interaction Routes | HIGH | 7.7 | CVE.ORG | May 05, 2026 |
| CVE-2026-43571 | OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup | HIGH | 8.8 | CVE.ORG | May 05, 2026 |
| CVE-2026-43569 | OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth | HIGH | 8.8 | CVE.ORG | May 05, 2026 |
| CVE-2026-43566 | OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events | CRITICAL | 9.1 | CVE.ORG | May 05, 2026 |
| CVE-2026-43534 | OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events | CRITICAL | 9.1 | CVE.ORG | May 05, 2026 |
| CVE-2026-43533 | OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot Media Tags | HIGH | 8.6 | CVE.ORG | May 05, 2026 |
| CVE-2026-6322 | fast-uri normalize() decoded percent-encoded authority delimiters inside the hos | HIGH | 7.5 | NVD | May 05, 2026 |
| CVE-2025-42611 | RouterOS provides various services that rely on correct verification of client a | MEDIUM | 6.5 | NVD | May 05, 2026 |
| CVE-2026-43870 | Thrift — Origin Validation Error, Improper Limitation of a Pathname t | HIGH | 7.3 | NVD | May 05, 2026 |
| CVE-2026-3359 | The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugi | HIGH | 7.5 | NVD | May 05, 2026 |
| CVE-2026-43869 | Thrift — Improper Validation of Certificate with Host Mismatch vulner | HIGH | 7.3 | NVD | May 05, 2026 |
| CVE-2026-5192 | The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin f | HIGH | 7.5 | NVD | May 05, 2026 |
| CVE-2026-40797 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | CRITICAL | 9.3 | NVD | May 05, 2026 |
| CVE-2026-3454 | The GenerateBlocks plugin for WordPress is vulnerable to Insecure Direct Object | MEDIUM | 6.5 | NVD | May 05, 2026 |
| CVE-2026-7823 | A security flaw has been discovered in Totolink A8000RU 7 | CRITICAL | 9.8 | NVD | May 05, 2026 |
| CVE-2026-7822 | A vulnerability was identified in itsourcecode Courier Management System 1 | MEDIUM | 6.3 | NVD | May 05, 2026 |
| CVE-2026-7812 | A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391 | HIGH | 7.3 | NVD | May 05, 2026 |
| CVE-2026-7811 | A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d9363 | HIGH | 7.3 | NVD | May 05, 2026 |
| CVE-2026-4362 | The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthori | MEDIUM | 6.5 | NVD | May 05, 2026 |
| CVE-2026-6696 | The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross- | MEDIUM | 6.1 | NVD | May 05, 2026 |
| CVE-2026-6255 | The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored Cross-Sit | MEDIUM | 6.4 | NVD | May 05, 2026 |
| CVE-2026-5505 | The WP-Clippy plugin for WordPress is vulnerable to Stored Cross-Site Scripting | MEDIUM | 6.4 | NVD | May 05, 2026 |
| CVE-2026-5100 | The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the | HIGH | 7.5 | NVD | May 05, 2026 |
| CVE-2026-4730 | The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your W | MEDIUM | 6.4 | NVD | May 05, 2026 |
| CVE-2026-4409 | The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unautho | MEDIUM | 6.5 | NVD | May 05, 2026 |
| CVE-2026-2868 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for Wor | MEDIUM | 6.4 | NVD | May 05, 2026 |
| CVE-2025-13618 | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all | CRITICAL | 9.8 | NVD | May 05, 2026 |
| CVE-2026-5722 | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass | CRITICAL | 9.8 | NVD | May 05, 2026 |
| CVE-2026-44028 | An issue was discovered in Nix before 2 | HIGH | 7.5 | NVD | May 05, 2026 |
| CVE-2026-7788 | A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028 | HIGH | 7.3 | NVD | May 05, 2026 |
| CVE-2026-7785 | A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94 | HIGH | 7.3 | NVD | May 05, 2026 |
| CVE-2026-7784 | A vulnerability has been found in RTGS2017 NagaAgent up to 5 | HIGH | 7.3 | NVD | May 05, 2026 |
| CVE-2026-7783 | A flaw has been found in CodeCanyon Perfex CRM up to 3 | MEDIUM | 6.3 | NVD | May 05, 2026 |
| CVE-2026-7782 | A vulnerability was detected in CodeCanyon Perfex CRM up to 3 | MEDIUM | 6.3 | NVD | May 04, 2026 |
| CVE-2026-42027 | Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoad | CRITICAL | 9.8 | NVD | May 04, 2026 |
| CVE-2026-40682 | XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache OpenNLP D | CRITICAL | 9.1 | NVD | May 04, 2026 |
| CVE-2026-38669 | wCMS v | MEDIUM | 6.1 | NVD | May 04, 2026 |
| CVE-2026-37461 | An out-of-bounds read in the ParseIP6Extended function (/bgp/bgp | HIGH | 7.5 | NVD | May 04, 2026 |
| CVE-2026-29514 | NetBox versions 4 | HIGH | 8.8 | NVD | May 04, 2026 |
| CVE-2026-26956 | vm2 is an open source vm/sandbox for Node | CRITICAL | 9.8 | NVD | May 04, 2026 |
| CVE-2026-26332 | Vm2 — vm2 is an open source vm/sandbox for Node | CRITICAL | 9.8 | NVD | May 04, 2026 |
| CVE-2026-25293 | Buffer overflow due to incorrect authorization in PLC FW | CRITICAL | 9.6 | NVD | May 04, 2026 |
| CVE-2026-24781 | vm2 is an open source vm/sandbox for Node | CRITICAL | 9.8 | NVD | May 04, 2026 |
| CVE-2026-24120 | vm2 is an open source vm/sandbox for Node | CRITICAL | 9.8 | NVD | May 04, 2026 |
| CVE-2026-24118 | vm2 is an open source vm/sandbox for Node | CRITICAL | 9.8 | NVD | May 04, 2026 |
| CVE-2026-24082 | Memory Corruption when copying data from a freed source while executing performa | HIGH | 7.8 | NVD | May 04, 2026 |
| CVE-2025-47408 | Memory corruption when another driver calls an IOCTL with invalid input/output b | HIGH | 7.8 | NVD | May 04, 2026 |
| CVE-2025-47407 | Memory corruption while creating a process on the digital signal processor due t | HIGH | 7.8 | NVD | May 04, 2026 |
| CVE-2025-47406 | Information Disclosure while processing IOCTL handler callbacks without verifyin | MEDIUM | 6.1 | NVD | May 04, 2026 |
| CVE-2025-47405 | Memory corruption when processing camera sensor input/output control codes with | HIGH | 7.8 | NVD | May 04, 2026 |
| CVE-2025-47404 | Memory corruption when dynamically changing the size of a previously allocated b | MEDIUM | 6.5 | NVD | May 04, 2026 |
| CVE-2025-47403 | Transient DOS when processing a malformed Fast Transition response frame with an | MEDIUM | 6.5 | NVD | May 04, 2026 |
| CVE-2025-47401 | Transient DOS when processing target power rate tables during channel configurat | MEDIUM | 6.5 | NVD | May 04, 2026 |
| CVE-2026-29169 | Http Server — A NULL pointer dereference in mod_dav_lock in Apache HTTP Se | HIGH | 7.5 | NVD | May 04, 2026 |
| CVE-2026-23918 | Http Server — Double Free and possible RCE vulnerability in Apache HTTP Se | HIGH | 8.8 | NVD | May 04, 2026 |
| CVE-2025-70072 | An issue in Assimp v | MEDIUM | 6.5 | NVD | May 04, 2026 |
| CVE-2025-70070 | An issue in Assimp v | MEDIUM | 6.5 | NVD | May 04, 2026 |
| CVE-2026-6266 | A flaw was found in the AAP gateway | HIGH | 8.3 | NVD | May 04, 2026 |
| CVE-2025-70069 | An issue in Assimp v | HIGH | 7.5 | NVD | May 04, 2026 |
| CVE-2025-70067 | Buffer Overflow vulnerability exists in Assimp versions up to 6 | CRITICAL | 9.8 | NVD | May 04, 2026 |
| CVE-2025-58074 | A privilege escalation vulnerability exists during the installation of Norton Se | HIGH | 8.8 | NVD | May 04, 2026 |
| CVE-2026-7482 | Ollama before 0 | CRITICAL | 9.1 | NVD | May 04, 2026 |
| CVE-2026-34059 | Http Server — Buffer Over-read vulnerability in Apache HTTP Server | HIGH | 7.5 | NVD | May 04, 2026 |
| CVE-2026-24072 | Http Server — An escalation of privilege bug in various modules in Apache | HIGH | 8.8 | NVD | May 04, 2026 |
| CVE-2026-3120 | Improper Control of Generation of Code ('Code Injection') vulnerability in Profe | HIGH | 7.2 | NVD | May 04, 2026 |
| CVE-2026-29199 | phpBB before 3 | HIGH | 8.1 | NVD | May 04, 2026 |
| CVE-2026-20451 | In slbc, there is a possible out of bounds write due to type confusion | MEDIUM | 6.7 | NVD | May 04, 2026 |
| CVE-2026-20450 | In Modem, there is a possible system crash due to incorrect error handling | MEDIUM | 6.5 | NVD | May 04, 2026 |
| CVE-2026-20449 | In Modem, there is a possible system crash due to a heap buffer overflow | MEDIUM | 6.5 | NVD | May 04, 2026 |
| CVE-2026-20448 | In geniezone, there is a possible escalation of privilege due to a missing permi | MEDIUM | 6.7 | NVD | May 04, 2026 |
| CVE-2026-20447 | In geniezone, there is a possible escalation of privilege due to a missing bound | MEDIUM | 6.7 | NVD | May 04, 2026 |
| CVE-2026-7735 | A vulnerability was found in osrg GoBGP up to 4 | HIGH | 7.3 | NVD | May 04, 2026 |
| CVE-2026-7733 | A flaw has been found in funadmin up to 7 | HIGH | 7.3 | NVD | May 04, 2026 |
| CVE-2026-7732 | A vulnerability was detected in code-projects BloodBank Managing System 1 | MEDIUM | 6.3 | NVD | May 04, 2026 |
| CVE-2026-7731 | A security vulnerability has been detected in code-projects BloodBank Managing S | MEDIUM | 6.3 | NVD | May 04, 2026 |
| CVE-2026-7730 | A weakness has been identified in privsim mcp-test-runner 0 | MEDIUM | 6.3 | NVD | May 04, 2026 |
| CVE-2026-7729 | A security flaw has been discovered in pixelsock directus-mcp 1 | MEDIUM | 6.3 | NVD | May 04, 2026 |
| CVE-2026-7728 | A vulnerability was identified in ryanjoachim mcp-rtfm 0 | MEDIUM | 6.3 | NVD | May 04, 2026 |
| CVE-2026-7727 | A vulnerability was determined in Shandong Hoteam Software PDM Product Data Mana | HIGH | 7.3 | NVD | May 04, 2026 |
| CVE-2026-7725 | A vulnerability was found in PrefectHQ prefect up to 3 | MEDIUM | 6.3 | NVD | May 04, 2026 |
| CVE-2026-7372 | Gv-Vms Firmware — A stack overflow vulnerability exists in the WebCam Server L | CRITICAL | 9.0 | NVD | May 04, 2026 |
| CVE-2026-7371 | Gv-Lpc2011 Firmware — Multiple reflected cross-site scripting (xss) vulnerabilitie | HIGH | 7.4 | NVD | May 04, 2026 |
| CVE-2026-7161 | Gv-Ip Device Utility — An insufficient encryption vulnerability exists in the Devic | CRITICAL | 9.3 | NVD | May 04, 2026 |
| CVE-2026-42370 | Gv-Vms Firmware — A stack overflow vulnerability exists in the WebCam Server L | CRITICAL | 9.0 | NVD | May 04, 2026 |
| CVE-2026-42369 | GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surve | CRITICAL | 10.0 | NVD | May 04, 2026 |
| CVE-2026-42368 | Gv-Lpc2011 Firmware — A privilege escalation vulnerability exists in the Web Inter | CRITICAL | 9.9 | NVD | May 04, 2026 |
| CVE-2026-42367 | Gv-Lpc2011 Firmware — A privilege escalation vulnerability exists in the Web Inter | MEDIUM | 6.5 | NVD | May 04, 2026 |
| CVE-2026-42366 | Gv-Lpc2011 Firmware — Multiple reflected cross-site scripting (xss) vulnerabilitie | HIGH | 7.4 | NVD | May 04, 2026 |
| CVE-2026-42365 | Gv-Lpc2011 Firmware — A guessable session cookie vulnerability exists in the Web I | HIGH | 8.6 | NVD | May 04, 2026 |
| CVE-2026-42364 | Gv-Lpc2011 Firmware — An os command injection vulnerability exists in the DdnsSett | CRITICAL | 9.9 | NVD | May 04, 2026 |
| CVE-2026-7713 | A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4 | MEDIUM | 6.3 | NVD | May 04, 2026 |
| CVE-2026-7712 | A security vulnerability has been detected in MindsDB up to 26 | MEDIUM | 6.3 | NVD | May 04, 2026 |
| CVE-2026-7711 | A weakness has been identified in MindsDB up to 26 | HIGH | 7.3 | NVD | May 04, 2026 |
| CVE-2026-7710 | A security flaw has been discovered in YunaiV yudao-cloud up to 3 | HIGH | 7.3 | NVD | May 04, 2026 |
| EDB-52547 | [webapps] MindsDB 25.9.1.1 - Path Traversal | HIGH | N/A | EXPLOIT-DB | May 04, 2026 |
| EDB-52550 | [local] Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation | HIGH | N/A | EXPLOIT-DB | May 04, 2026 |
| EDB-52549 | [local] Linux nf_tables 6.19.3 - Local Privilege Escalation | HIGH | N/A | EXPLOIT-DB | May 04, 2026 |
| EDB-52548 | [hardware] Linksys E1200 2.0.04 - Authenticated Stack Buffer Overflow (RCE) | HIGH | N/A | EXPLOIT-DB | May 04, 2026 |
| EDB-52545 | [webapps] Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH) | HIGH | N/A | EXPLOIT-DB | May 04, 2026 |
| EDB-52546 | [local] Windows 11 24H2 - Local Privilege Escalation | HIGH | N/A | EXPLOIT-DB | May 04, 2026 |
| CVE-2026-7709 | A vulnerability was identified in janeczku Calibre-Web up to 0 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7705 | A flaw has been found in JD Cloud JDCOS 4 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7703 | A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25 | HIGH | 7.3 | NVD | May 03, 2026 |
| CVE-2026-7700 | A weakness has been identified in langflow-ai langflow up to 1 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7699 | A security flaw has been discovered in Dromara MaxKey up to 3 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7698 | A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7 | HIGH | 7.3 | NVD | May 03, 2026 |
| CVE-2026-7696 | A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation an | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7695 | A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operati | HIGH | 7.3 | NVD | May 03, 2026 |
| CVE-2026-7694 | A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Effi | HIGH | 7.3 | NVD | May 03, 2026 |
| CVE-2026-7692 | A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7691 | A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_2 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7690 | A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7687 | A vulnerability was determined in langflow-ai langflow up to 1 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7685 | A vulnerability was detected in Edimax BR-6208AC up to 1 | HIGH | 8.8 | NVD | May 03, 2026 |
| CVE-2026-7684 | A security vulnerability has been detected in Edimax BR-6428nC up to 1 | HIGH | 8.8 | NVD | May 03, 2026 |
| CVE-2026-7683 | A weakness has been identified in Edimax BR-6428nC up to 1 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7682 | A security flaw has been discovered in Edimax BR-6208AC 1 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-5337 | During the analysis, it was identified that authenticated attackers with Subscri | MEDIUM | 6.5 | NVD | May 03, 2026 |
| CVE-2026-7681 | A security vulnerability has been detected in jsbroks COCO Annotator up to 0 | MEDIUM | 6.5 | NVD | May 03, 2026 |
| CVE-2026-5063 | The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vuln | HIGH | 7.2 | NVD | May 03, 2026 |
| CVE-2026-7679 | A security flaw has been discovered in YunaiV yudao-cloud up to 2026 | HIGH | 7.3 | NVD | May 03, 2026 |
| CVE-2026-7678 | A vulnerability was identified in YunaiV yudao-cloud up to 2026 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7675 | A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to | HIGH | 8.8 | NVD | May 03, 2026 |
| CVE-2026-7674 | A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1 | HIGH | 8.8 | NVD | May 03, 2026 |
| CVE-2026-7672 | A security vulnerability has been detected in youlaitech youlai-boot up to 2 | MEDIUM | 6.3 | NVD | May 03, 2026 |
| CVE-2026-7670 | A flaw has been found in Jinher OA 1 | HIGH | 7.3 | NVD | May 02, 2026 |
| CVE-2026-7668 | A vulnerability was identified in MikroTik RouterOS 6 | HIGH | 7.3 | NVD | May 02, 2026 |
| CVE-2026-7642 | A vulnerability was detected in pskill9 website-downloader up to 0 | MEDIUM | 6.3 | NVD | May 02, 2026 |
| CVE-2026-7633 | A vulnerability was identified in Totolink N300RH 6 | MEDIUM | 6.5 | NVD | May 02, 2026 |
| CVE-2026-7632 | A vulnerability was determined in code-projects Online Hospital Management Syste | HIGH | 7.3 | NVD | May 02, 2026 |
| CVE-2026-7630 | A vulnerability has been found in innocommerce InnoShop up to 0 | HIGH | 7.3 | NVD | May 02, 2026 |
| CVE-2026-7629 | A flaw has been found in kleneway awesome-cursor-mpc-server up to 2 | MEDIUM | 6.3 | NVD | May 02, 2026 |
| CVE-2026-2554 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Lis | HIGH | 8.1 | NVD | May 02, 2026 |
| CVE-2026-0703 | The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulne | MEDIUM | 6.4 | NVD | May 02, 2026 |
| CVE-2026-7628 | A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0 | MEDIUM | 6.3 | NVD | May 02, 2026 |
| CVE-2026-6320 | The Salon Booking System – Free Version plugin for WordPress is vulnerable to Ar | HIGH | 7.5 | NVD | May 02, 2026 |
| CVE-2026-4100 | The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modi | HIGH | 7.1 | NVD | May 02, 2026 |
| CVE-2026-4062 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection vi | HIGH | 7.5 | NVD | May 02, 2026 |
| CVE-2026-4061 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection vi | HIGH | 7.5 | NVD | May 02, 2026 |
| CVE-2026-4060 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection vi | HIGH | 7.5 | NVD | May 02, 2026 |
| CVE-2026-7627 | A security vulnerability has been detected in 8nite metatrader-4-mcp 1 | MEDIUM | 6.3 | NVD | May 02, 2026 |
| CVE-2026-7647 | The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injecti | HIGH | 8.1 | NVD | May 02, 2026 |
| CVE-2026-7049 | The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is v | HIGH | 7.2 | NVD | May 02, 2026 |
| CVE-2026-6916 | The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates f | MEDIUM | 6.4 | NVD | May 02, 2026 |
| CVE-2026-5113 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Script | HIGH | 7.2 | NVD | May 02, 2026 |
| CVE-2026-5112 | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored C | HIGH | 7.2 | NVD | May 02, 2026 |
| CVE-2026-5111 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Script | HIGH | 7.2 | NVD | May 02, 2026 |
| CVE-2026-5110 | The Gravity Forms plugin for WordPress is vulnerable to Unauthenticated Stored C | HIGH | 7.2 | NVD | May 02, 2026 |
| CVE-2026-5109 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Script | HIGH | 7.2 | NVD | May 02, 2026 |
| CVE-2026-7641 | The Import and export users and customers plugin for WordPress is vulnerable to | HIGH | 8.8 | NVD | May 02, 2026 |
| CVE-2026-7604 | A vulnerability was identified in JeecgBoot up to 3 | MEDIUM | 6.3 | NVD | May 02, 2026 |
| CVE-2026-7603 | A vulnerability was determined in JeecgBoot up to 3 | MEDIUM | 6.3 | NVD | May 02, 2026 |
| CVE-2026-7458 | The User Verification by PickPlugins plugin for WordPress is vulnerable to authe | CRITICAL | 9.8 | NVD | May 02, 2026 |
| CVE-2026-6963 | The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access du | HIGH | 8.8 | NVD | May 02, 2026 |
| CVE-2026-4882 | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbi | CRITICAL | 9.8 | NVD | May 02, 2026 |
| CVE-2026-4658 | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugi | MEDIUM | 6.4 | NVD | May 02, 2026 |
| CVE-2025-14726 | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthor | MEDIUM | 6.5 | NVD | May 02, 2026 |
| CVE-2026-7602 | A vulnerability was found in JeecgBoot up to 3 | MEDIUM | 6.3 | NVD | May 02, 2026 |
| CVE-2026-7209 | The Simple Link Directory plugin for WordPress is vulnerable to Stored Cross-Sit | MEDIUM | 6.4 | NVD | May 02, 2026 |
| CVE-2026-6378 | The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scriptin | MEDIUM | 6.4 | NVD | May 02, 2026 |
| CVE-2026-43824 | In Argo CD 3 | HIGH | 7.7 | NVD | May 02, 2026 |
| CVE-2026-7600 | A flaw has been found in ArtMin96 yii2-mcp-server 1 | MEDIUM | 6.3 | NVD | May 02, 2026 |
| CVE-2026-7599 | A vulnerability was detected in Dayoooun hwpx-mcp 0 | MEDIUM | 6.3 | NVD | May 01, 2026 |
| CVE-2026-7598 | A security vulnerability has been detected in libssh2 up to 1 | HIGH | 7.3 | NVD | May 01, 2026 |
| CVE-2026-7597 | A vulnerability was found in mem0ai mem0 up to 1 | MEDIUM | 6.3 | NVD | May 01, 2026 |
| CVE-2026-7592 | A weakness has been identified in itsourcecode Courier Management System 1 | HIGH | 7.3 | NVD | May 01, 2026 |
| CVE-2026-7591 | A security flaw has been discovered in TimBroddin astro-mcp-server up to 1 | MEDIUM | 6.3 | NVD | May 01, 2026 |
| CVE-2026-7590 | A vulnerability was identified in eyal-gor p_69_branch_monkey_mcp up to 69bc7187 | HIGH | 7.3 | NVD | May 01, 2026 |
| CVE-2026-30363 | flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in | HIGH | 8.4 | NVD | May 01, 2026 |
| CVE-2025-52347 | An issue in the component DirectIo64 | HIGH | 7.8 | NVD | May 01, 2026 |
| CVE-2026-37457 | An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() | HIGH | 7.5 | NVD | May 01, 2026 |
| CVE-2026-26461 | A Command Injection vulnerability in the web management interface in Aver PTC320 | MEDIUM | 6.5 | NVD | May 01, 2026 |
| CVE-2025-69606 | Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel | MEDIUM | 6.1 | NVD | May 01, 2026 |
| CVE-2025-63548 | Eprosima Micro-XREC-DDS Agent — Denial of service via malformed packet | HIGH | 7.5 | NVD | May 01, 2026 |
| CVE-2025-63547 | Eprosima Micro-XREC-DDS Agent — MTU field denial of service | HIGH | 7.5 | NVD | May 01, 2026 |
| CVE-2026-42485 | AGL agl-service-can-low-level — Stack buffer overflow in UDS library | HIGH | 7.5 | NVD | May 01, 2026 |
| CVE-2026-42469 | Open Vehicle Monitoring System 3 — Buffer overflow in CAN parser | HIGH | 8.6 | NVD | May 01, 2026 |
| CVE-2026-42468 | Open Vehicle Monitoring System 3 — Buffer overflow in PCAP parser | HIGH | 8.8 | NVD | May 01, 2026 |
| CVE-2026-42467 | Open-SAE-J1939 — Denial of service via crafted CAN frame | HIGH | 7.5 | NVD | May 01, 2026 |
| CVE-2026-37541 | Open Vehicle Monitoring System 3 — Buffer overflow in GVRET frames | CRITICAL | 10.0 | NVD | May 01, 2026 |
| CVE-2026-37540 | OpenAMP — Integer overflow in ELF loader parsing | HIGH | 8.4 | NVD | May 01, 2026 |
| CVE-2026-37539 | Cannelloni — Buffer overflow in CAN frame parsing | CRITICAL | 9.8 | NVD | May 01, 2026 |
| CVE-2026-37538 | socketcand — Buffer overflow in main function | HIGH | 7.5 | NVD | May 01, 2026 |
| CVE-2026-37537 | Open-SAE-J1939 — Integer underflow out-of-bounds write | HIGH | 8.1 | NVD | May 01, 2026 |
| CVE-2026-37536 | UDS-C — Stack buffer overflow in diagnostic request | HIGH | 8.8 | NVD | May 01, 2026 |
| CVE-2026-37535 | isotp-c — Out-of-bounds read in frame handler | HIGH | 7.1 | NVD | May 01, 2026 |
| CVE-2026-37534 | Open-SAE-J1939 — Integer underflow arbitrary memory write | CRITICAL | 9.8 | NVD | May 01, 2026 |
| CVE-2026-37532 | AGL agl-service-can-low-level — Heap buffer over-read in isotp-c | HIGH | 7.1 | NVD | May 01, 2026 |
| CVE-2026-37531 | AGL app-framework-main — Zip Slip path traversal vulnerability | CRITICAL | 9.8 | NVD | May 01, 2026 |
| CVE-2026-37530 | AGL agl-service-can-low-level — Stack buffer overflow in UDS | HIGH | 7.5 | NVD | May 01, 2026 |
| CVE-2026-37526 | AGL app-framework-binder — Unauthenticated privileged command execution | HIGH | 7.8 | NVD | May 01, 2026 |
| CVE-2026-37525 | AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision | HIGH | 7.8 | NVD | May 01, 2026 |
| CVE-2026-42475 | SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php. | MEDIUM | 6.5 | NVD | May 01, 2026 |
| CVE-2026-42474 | SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php. | MEDIUM | 6.5 | NVD | May 01, 2026 |
| CVE-2026-42473 | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem | CRITICAL | 9.8 | NVD | May 01, 2026 |
| CVE-2026-42472 | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the R | CRITICAL | 9.8 | NVD | May 01, 2026 |
| CVE-2026-42471 | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data recei | HIGH | 8.1 | NVD | May 01, 2026 |
| CVE-2026-37554 | An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the Geo | HIGH | 7.5 | NVD | May 01, 2026 |
| CVE-2026-37552 | Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, | HIGH | 8.4 | NVD | May 01, 2026 |
| CVE-2026-37503 | Cross-Site Scripting (XSS) in V2Board thru 1.7.4. The custom_html field in theme configuration is rendered using Blade unescaped output in public/them | MEDIUM | 6.9 | NVD | May 01, 2026 |
| CVE-2026-23863 | An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedd | MEDIUM | 6.5 | NVD | May 01, 2026 |
| CVE-2026-22167 | Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. | HIGH | 7.8 | NVD | May 01, 2026 |
| CVE-2026-22166 | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger write UAF crash in the GPU GLES user-space sha | HIGH | 8.1 | NVD | May 01, 2026 |
| CVE-2026-22165 | A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger a write UAF crash in the GPU GLES user-space s | HIGH | 8.1 | NVD | May 01, 2026 |
| CVE-2026-31739 | In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver failed to s | HIGH | 8.8 | NVD | May 01, 2026 |
| CVE-2026-31735 | In the Linux kernel, the following vulnerability has been resolved: iommupt: Fix short gather if the unmap goes into a large mapping unmap has the o | HIGH | 8.8 | NVD | May 01, 2026 |
| CVE-2026-31712 | ksmbd — Insufficient ACE size validation in DACL | HIGH | 8.3 | NVD | May 01, 2026 |
| CVE-2026-31711 | Ksmbd — Active connection counter leak on failure | HIGH | 7.5 | NVD | May 01, 2026 |
| CVE-2026-31709 | Linux Kernel — SMB client DACL validation vulnerability | HIGH | 8.8 | NVD | May 01, 2026 |
| CVE-2026-31708 | Linux Kernel — SMB client out-of-bounds read vulnerability | HIGH | 8.1 | NVD | May 01, 2026 |
| CVE-2026-31707 | Linux Kernel — KSMBD integer overflow in response validation | HIGH | 7.1 | NVD | May 01, 2026 |
| CVE-2026-31706 | Linux Kernel — SMB DACL heap allocation validation flaw | HIGH | 8.8 | NVD | May 01, 2026 |
| CVE-2026-31705 | Linux Kernel — Out-of-bounds write in SMB2 EA handling | CRITICAL | 9.8 | NVD | May 01, 2026 |
| CVE-2026-31703 | Linux Kernel — Use after free in inode writeback | HIGH | 7.8 | NVD | May 01, 2026 |
| CVE-2026-31700 | Linux Kernel — TOCTOU race in packet mmap vnet_hdr | HIGH | 7.8 | NVD | May 01, 2026 |
| CVE-2026-31699 | Linux Kernel — CCP crypto userspace buffer overflow | HIGH | 7.1 | NVD | May 01, 2026 |
| CVE-2026-31698 | Linux Kernel — PDH cert copy after failed PSP command | HIGH | 7.1 | NVD | May 01, 2026 |
| CVE-2026-31697 | Linux Kernel — Information disclosure in crypto CCP driver | HIGH | 7.1 | NVD | May 01, 2026 |
| CVE-2026-31695 | Linux Kernel — Use-after-free in virt_wifi device unregistration | HIGH | 7.8 | NVD | May 01, 2026 |
| CVE-2026-31694 | FUSE — Oversized dirents page cache rejection | HIGH | 7.8 | NVD | May 01, 2026 |
| CVE-2026-31431 | Linux - Kernel | CRITICAL | N/A | CISA | May 01, 2026 |
| CVE-2026-41940 | WebPros - cPanel & WHM and WP2 (WordPress Squared) | CRITICAL | N/A | CISA | Apr 30, 2026 |
| EDB-52537 | [local] Windows 11 25H2 - Heap Overflow | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52536 | [webapps] JUNG Smart Visu Server 1.1.1050 - Dos | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52535 | [webapps] SumatraPDF 3.5.2 - Remote Code Execution | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52534 | [webapps] NiceGUI 3.6.1 - Path Traversal | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52533 | [webapps] Frigate NVR 0.16.3 - Remote Code Execution | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52532 | [webapps] Js2Py 0.74 - RCE | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52531 | [webapps] Camaleon CMS v2.9.0 - Path Traversal | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52530 | [webapps] Cybersecurity AI (CAI) Framework 0.5.10 - Command Injection | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52529 | [webapps] Erugo 0.2.14 - Remote Code Execution (RCE) | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52528 | [webapps] deephas 1.0.7 - Prototype Pollution | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52527 | [webapps] SUSE Manager 4.3.15 - Code Execution | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52544 | [webapps] FUXA 1.2.8 - Authentication Bypass + RCE Exploit | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52543 | [webapps] Python-Multipart 0.0.22 - Path Traversal | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52542 | [local] Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52541 | [local] Windows 11 23H2 - Denial of Service (DoS) | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52540 | [webapps] Repetier-Server 1.4.10 - Path Traversal | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52539 | [webapps] HUSTOJ Zip-Slip v26.01.24 - RCE | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52538 | [webapps] BusyBox 1.37.0 - Path Traversal | HIGH | N/A | EXPLOIT-DB | Apr 30, 2026 |
| EDB-52525 | [webapps] Craft CMS 5.6.16 - RCE | HIGH | N/A | EXPLOIT-DB | Apr 29, 2026 |
| EDB-52526 | [webapps] HAX CMS 24.x - Stored Cross-Site Scripting (XSS) | HIGH | N/A | EXPLOIT-DB | Apr 29, 2026 |
| CVE-2024-1708 | ConnectWise - ScreenConnect | CRITICAL | N/A | CISA | Apr 28, 2026 |
| CVE-2026-32202 | Microsoft - Windows | CRITICAL | N/A | CISA | Apr 28, 2026 |
| CVE-2024-7399 | Samsung - MagicINFO 9 Server | CRITICAL | N/A | CISA | Apr 24, 2026 |
| CVE-2025-29635 | D-Link - DIR-823X | CRITICAL | N/A | CISA | Apr 24, 2026 |
| CVE-2024-57726 | SimpleHelp - SimpleHelp | CRITICAL | N/A | CISA | Apr 24, 2026 |
| CVE-2024-57728 | SimpleHelp - SimpleHelp | CRITICAL | N/A | CISA | Apr 24, 2026 |
| CVE-2026-39987 | Marimo - Marimo | CRITICAL | N/A | CISA | Apr 23, 2026 |
| ANSSI- | [ANSSI AVIS] Multiples vulnérabilités dans Mattermost Server (23 avril 2026) | HIGH | N/A | ANSSI | Apr 23, 2026 |
| CVE-2026-33825 | Microsoft - Defender | CRITICAL | N/A | CISA | Apr 22, 2026 |
| CVE-2026-20122 | Cisco - Catalyst SD-WAN Manger | CRITICAL | N/A | CISA | Apr 20, 2026 |
| CVE-2025-48700 | Synacor - Zimbra Collaboration Suite (ZCS) | CRITICAL | N/A | CISA | Apr 20, 2026 |
| CVE-2023-27351 | PaperCut - NG/MF | CRITICAL | N/A | CISA | Apr 20, 2026 |
| CVE-2025-2749 | Kentico - Kentico Xperience | CRITICAL | N/A | CISA | Apr 20, 2026 |
| CVE-2025-32975 | Quest - KACE Systems Management Appliance (SMA) | CRITICAL | N/A | CISA | Apr 20, 2026 |
| CVE-2024-27199 | JetBrains - TeamCity | CRITICAL | N/A | CISA | Apr 20, 2026 |
| CVE-2026-20133 | Cisco - Catalyst SD-WAN Manager | CRITICAL | N/A | CISA | Apr 20, 2026 |
| CVE-2026-20128 | Cisco - Catalyst SD-WAN Manager | CRITICAL | N/A | CISA | Apr 20, 2026 |
| CVE-2026-34197 | Apache - ActiveMQ | CRITICAL | N/A | CISA | Apr 16, 2026 |
| CVE-2009-0238 | Microsoft - Office | CRITICAL | N/A | CISA | Apr 14, 2026 |
2054 results