1. CVE-2025-69412 - KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow ...

2. CVE-2025-69413 - In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.

3. CVE-2025-13820 - The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to lo...

4. CVE-2025-11157 - A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located ...

5. CVE-2026-0544 - A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The man...

6. CVE-2025-15404 - A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /sa...

7. CVE-2025-15405 - A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery...

8. CVE-2025-66023 - NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within t...

9. CVE-2025-14428 - The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to ...

10. CVE-2025-14627 - The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and i...

11. CVE-2025-15406 - A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authoriza...

12. CVE-2025-47411 - A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows the...

13. CVE-2025-48768 - Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesy...

14. CVE-2025-48769 - Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use...

15. CVE-2025-15407 - A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such...

16. CVE-2025-15408 - A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing ...

17. CVE-2025-66398 - Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the int...

18. CVE-2025-68272 - Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allo...

19. CVE-2026-21428 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the write_headers function does not che...

20. CVE-2026-21436 - eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by --destdir...

21. CVE-2026-21437 - eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by `...

22. CVE-2025-15409 - A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin...

23. CVE-2025-15410 - A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. ...

24. CVE-2025-55065 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

25. CVE-2025-68273 - Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prio...

26. CVE-2025-68619 - Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators ...

27. CVE-2025-68620 - Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained togethe...

28. CVE-2025-69203 - Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related f...

29. CVE-2025-15411 - A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/...

30. CVE-2025-15412 - A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /sr...

31. CVE-2025-15413 - A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing manipulat...

32. CVE-2025-15414 - A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/git_fetcher.go of the c...

33. CVE-2025-15415 - A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the ...

34. CVE-2025-15416 - A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Vari...

35. CVE-2025-15417 - A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handle...

36. CVE-2025-15418 - A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library li...

37. CVE-2025-15419 - A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/...

38. CVE-2025-15420 - A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipula...

39. CVE-2025-15421 - A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HT...

40. CVE-2025-15422 - A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Ad...

41. CVE-2025-14047 - The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress ...

42. CVE-2025-14998 - The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due t...

43. CVE-2025-15423 - A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such...

44. CVE-2025-15424 - A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component H...

45. CVE-2025-15425 - A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HT...

46. CVE-2025-15426 - A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview...

47. CVE-2025-15427 - A security flaw has been discovered in Seeyon Zhiyuan OA Web Application System up to 20251222. This impacts an unknown function of the file /carManag...

48. CVE-2025-15428 - A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation o...

49. CVE-2025-12685 - The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any cus...

50. CVE-2025-13153 - The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, w...

51. CVE-2025-13456 - The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected ...

52. CVE-2025-14072 - The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be us...

53. CVE-2025-15429 - A security vulnerability has been detected in UTT 进取 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/form...

54. CVE-2025-15430 - A vulnerability was detected in UTT 进取 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelce...

55. CVE-2025-15431 - A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing manipulation...

56. CVE-2025-15432 - A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadSho...

57. CVE-2025-15434 - A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhi...

58. CVE-2025-15435 - A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This mani...

59. CVE-2025-15436 - A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such man...

60. CVE-2025-15437 - A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing manipula...

61. CVE-2026-0546 - A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulat...

62. CVE-2026-0547 - A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-stude...

63. CVE-2026-0565 - A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.ph...

64. CVE-2024-55374 - REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

65. CVE-2025-15438 - A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file core/admin/medias.php of the com...

66. CVE-2025-44013 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account...

67. CVE-2025-45286 - A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payloa...

68. CVE-2025-47208 - An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote ...

69. CVE-2025-52426 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrat...

70. CVE-2025-52430 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrat...

71. CVE-2025-52431 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrat...

72. CVE-2025-52863 - A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they ca...

73. CVE-2025-52864 - A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they ca...

74. CVE-2025-52872 - A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they ca...

75. CVE-2025-53405 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrat...

76. CVE-2025-53414 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrat...

77. CVE-2025-53589 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrat...

78. CVE-2025-53590 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrat...

79. CVE-2025-53591 - A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker ga...

80. CVE-2025-53592 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account...

81. CVE-2025-53593 - A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator accoun...

82. CVE-2025-53596 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrat...

83. CVE-2025-54164 - An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator ac...

84. CVE-2025-54165 - An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator ac...

85. CVE-2025-54166 - An out-of-bounds read vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator ac...

86. CVE-2025-57705 - An allocation of resources without limits or throttling vulnerability has been reported to affect several QNAP operating system versions. If a remote ...

87. CVE-2025-62857 - A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass secu...

88. CVE-2025-65125 - SQL injection in gosaliajainam/online-movie-booking 5.5 in movie_details.php allows attackers to gain sensitive information.

89. CVE-2025-11837 - An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnera...

90. CVE-2025-48721 - A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator accoun...

91. CVE-2025-52871 - An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the v...

92. CVE-2025-53594 - A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit t...

93. CVE-2025-53597 - A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit...

94. CVE-2025-59380 - A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account...

95. CVE-2025-59381 - A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account...

96. CVE-2025-59384 - A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of un...

97. CVE-2025-59387 - An SQL injection vulnerability has been reported to affect MARS (Multi-Application Recovery Service). The remote attackers can then exploit the vulner...

98. CVE-2025-59389 - An SQL injection vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to execute un...

99. CVE-2025-62840 - A generation of error message containing sensitive information vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gain...

100. CVE-2025-62842 - An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access...

101. CVE-2025-62852 - A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator accoun...

102. CVE-2025-67268 - gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, whi...

103. CVE-2025-67269 - An integer underflow vulnerability exists in the nextstate() function in gpsd/packet.c of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e56...

104. CVE-2025-69284 - Plane is an an open-source project management tool. In plane.io, a guest user doesn't have a permission to access https[:]//app[.]plane[.]so/[:]slug/s...

105. CVE-2025-9110 - An exposure of sensitive system information to an unauthorized control sphere vulnerability has been reported to affect several QNAP operating system ...

106. CVE-2025-15439 - A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate....

107. CVE-2025-34171 - CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration f...

108. CVE-2025-67158 - An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive informat...

109. CVE-2025-67159 - Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.

110. CVE-2025-67160 - An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.

111. CVE-2025-69414 - Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.

112. CVE-2025-69415 - In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device...

113. CVE-2025-69416 - In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated acc...

114. CVE-2025-69417 - In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated acc...

115. CVE-2026-0566 - A security vulnerability has been detected in code-projects Content Management System 1.0. Impacted is an unknown function of the file /admin/edit_pos...

116. CVE-2026-0567 - A vulnerability was detected in code-projects Content Management System 1.0. The affected element is an unknown function of the file /pages.php. The m...

117. CVE-2026-0568 - A flaw has been found in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Frontend/ViewSongs.php. This ma...

118. CVE-2026-21429 - Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articl...

119. CVE-2026-0569 - A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Suc...

120. CVE-2026-0570 - A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing mani...

121. CVE-2026-21430 - Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF)....

122. CVE-2026-21431 - Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the Resource media library funct...

123. CVE-2026-21432 - Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, inc...

124. CVE-2026-21433 - Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF v...

125. CVE-2026-21440 - AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write ...

126. CVE-2026-21444 - libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integrat...

127. CVE-2026-0571 - A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createR...

128. CVE-2026-21445 - Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langfl...

129. CVE-2026-21446 - Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial insta...

130. CVE-2026-21447 - Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order...

131. CVE-2026-21448 - Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal custome...

132. CVE-2026-21449 - Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via first name and las...

133. CVE-2026-21450 - Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, wh...

134. CVE-2026-21451 - Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto prior to version 2.3.10 with...

135. CVE-2026-21452 - MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing ...

136. CVE-2026-21483 - listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management per...

137. CVE-2025-64119 - A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9.

138. CVE-2025-64120 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MS...

139. CVE-2025-64121 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.Th...

140. CVE-2025-64122 - Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue a...

141. CVE-2025-64123 - Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Mul...

142. CVE-2025-64124 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MS...

143. CVE-2025-64125 - A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 20...

144. CVE-2026-21484 - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab560...

145. CVE-2025-15115 - Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to acce...

146. CVE-2025-3646 - Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as...

147. CVE-2025-3652 - Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private a...

148. CVE-2025-3653 - Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulatio...

149. CVE-2025-3654 - Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device ha...

150. CVE-2025-3660 - Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access othe...

151. CVE-2026-0574 - A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file ...

152. CVE-2026-0575 - A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handg...

153. CVE-2026-0576 - A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administr...

154. CVE-2025-14830 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-...

155. CVE-2026-0577 - A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /...

156. CVE-2025-15442 - A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. This manipulat...

157. CVE-2025-15443 - A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. Such man...

158. CVE-2026-0578 - A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the fil...

159. CVE-2026-0579 - A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/e...

160. CVE-2025-15446 - A flaw has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. The impacted element is an unknown function of the file /assetsGroup...

161. CVE-2025-15447 - A vulnerability has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. This affects an unknown function of the file /assetsGroupRe...

162. CVE-2025-15448 - A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/ma...

163. CVE-2025-15449 - A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file sr...

164. CVE-2025-5591 - Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s sessio...

165. CVE-2025-15450 - A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function f...

166. CVE-2025-15451 - A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/varia...

167. CVE-2025-15452 - A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the c...

168. CVE-2025-15453 - A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go ...

169. CVE-2025-15454 - A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/Conte...

170. CVE-2025-15455 - A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File R...

171. CVE-2025-15456 - A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the com...

172. CVE-2025-15457 - A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the compo...

173. CVE-2025-15458 - A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Arti...

174. CVE-2025-14124 - The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action avail...

175. CVE-2025-15459 - A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formUser. Su...

176. CVE-2025-15460 - A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formPptpClientConfig. Performing a mani...

177. CVE-2025-9543 - The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privileg...

178. CVE-2025-15461 - A flaw has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTaskEdit. Executing a manipu...

179. CVE-2025-15462 - A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigAdvideo. The manipulation...

180. CVE-2025-15022 - Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived...

181. CVE-2025-15235 - QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to ...

182. CVE-2025-15236 - QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read fo...

183. CVE-2025-15237 - QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read fo...

184. CVE-2025-15238 - QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject a...

185. CVE-2026-0580 - A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Impor...

186. CVE-2025-15239 - QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject a...

187. CVE-2025-15240 - QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to...

188. CVE-2025-66518 - Any client who can access to Apache Kyuubi Server via Kyuubi frontend protocols can bypass server-side config kyuubi.session.local.dir.allow.list and ...

189. CVE-2026-0581 - A vulnerability was determined in Tenda AC1206 15.03.06.23. Affected by this issue is the function formBehaviorManager of the file /goform/BehaviorMan...

190. CVE-2026-0582 - A vulnerability was identified in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_activity_query.php....

191. CVE-2025-5965 - In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Specia...

192. CVE-2025-68751 - In the Linux kernel, the following vulnerability has been resolved:

s390/fpu: Fix false-positive kmsan report in fpu_vstl()

A false-positive kmsan r...

193. CVE-2025-68752 - In the Linux kernel, the following vulnerability has been resolved:

iavf: Implement settime64 with -EOPNOTSUPP

ptp_clock_settime() assumes every ptp...

194. CVE-2025-68753 - In the Linux kernel, the following vulnerability has been resolved:

ALSA: firewire-motu: add bounds check in put_user loop for DSP events

In the DSP...

195. CVE-2025-68754 - In the Linux kernel, the following vulnerability has been resolved:

rtc: amlogic-a4: fix double free caused by devm

The clock obtained via devm_clk_...

196. CVE-2025-68755 - In the Linux kernel, the following vulnerability has been resolved:

staging: most: remove broken i2c driver

The MOST I2C driver has been completely ...

197. CVE-2025-68756 - In the Linux kernel, the following vulnerability has been resolved:

block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock

blk_...

198. CVE-2025-68757 - In the Linux kernel, the following vulnerability has been resolved:

drm/vgem-fence: Fix potential deadlock on release

A timer that expires a vgem fe...

199. CVE-2025-68758 - In the Linux kernel, the following vulnerability has been resolved:

backlight: led-bl: Add devlink to supplier LEDs

LED Backlight is a consumer of o...

200. CVE-2025-68759 - In the Linux kernel, the following vulnerability has been resolved:

wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()

In rtl8180_i...

201. CVE-2025-68760 - In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show

In iommu_mmio_wri...

202. CVE-2025-68761 - In the Linux kernel, the following vulnerability has been resolved:

hfs: fix potential use after free in hfs_correct_next_unused_CNID()

This code ca...

203. CVE-2025-68762 - In the Linux kernel, the following vulnerability has been resolved:

net: netpoll: initialize work queue before error checks

Prevent a kernel warning...

204. CVE-2025-68763 - In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Correctly handle return of sg_nents_for_len

The return value ...

205. CVE-2025-68764 - In the Linux kernel, the following vulnerability has been resolved:

NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags

When a fi...

206. CVE-2025-68765 - In the Linux kernel, the following vulnerability has been resolved:

mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()

In mt7615_mcu_wtbl_st...

207. CVE-2025-68766 - In the Linux kernel, the following vulnerability has been resolved:

irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()

If irq_domain_transl...

208. CVE-2026-0583 - A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/us...

209. CVE-2026-0584 - A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/prod...

210. CVE-2026-0585 - A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /order_...

211. CVE-2025-12519 - Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not P...

212. CVE-2025-13056 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration...

213. CVE-2025-30633 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations a...

214. CVE-2025-31044 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.Th...

215. CVE-2025-31046 - Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This iss...

216. CVE-2025-31047 - Deserialization of Untrusted Data vulnerability in Themify Themify Edmin allows Object Injection.This issue affects Themify Edmin: from n/a through 2....

217. CVE-2025-31048 - Unrestricted Upload of File with Dangerous Type vulnerability in Themify Shopo allows Upload a Web Shell to a Web Server.This issue affects Shopo: fro...

218. CVE-2025-68014 - Insertion of Sensitive Information Into Sent Data vulnerability in Awethemes AweBooking allows Retrieve Embedded Sensitive Data.This issue affects Awe...

219. CVE-2025-68029 - Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce allows Retrieve Embedded Sensitive Data.Thi...

220. CVE-2025-68033 - Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts allows Retrieve Embedded Sensitive Data.This issue affe...

221. CVE-2025-68044 - Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations allows Exploiting Incorrectly Configure...

222. CVE-2025-68547 - Missing Authorization vulnerability in WPweb Follow My Blog Post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af...

223. CVE-2025-68850 - Missing Authorization vulnerability in Codepeople Sell Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af...

224. CVE-2025-68865 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global allows SQL Injection.Th...

225. CVE-2025-69087 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes FreeAgent allows PH...

226. CVE-2026-0586 - A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunne...

227. CVE-2026-0587 - A security flaw has been discovered in Xinhu Rainrock RockOA up to 2.7.1. Affected is an unknown function of the file rock_page_gong.php of the compon...

228. CVE-2026-0588 - A weakness has been identified in Xinhu Rainrock RockOA up to 2.7.1. Affected by this vulnerability is an unknown functionality of the file rockfun.ph...

229. CVE-2026-0589 - A vulnerability was found in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the component Administration Back...

230. CVE-2026-0590 - A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/ch...

231. CVE-2023-49186 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KlbTheme Machic Core allows DOM-Based XSS...

232. CVE-2023-50897 - Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media Fi...

233. CVE-2023-51513 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in INTINITUM FORM Geo Controller allows DOM-...

234. CVE-2023-52212 - Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from...

235. CVE-2024-23511 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Pa...

236. CVE-2025-12511 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio ...

237. CVE-2025-12513 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configur...

238. CVE-2025-68280 - Improper Restriction of XML External Entity Reference vulnerability in Apache SIS.

It is possible to write XML files in such a way that, when parse...

239. CVE-2026-0591 - A vulnerability was identified in code-projects Online Product Reservation System 1.0. The impacted element is an unknown function of the file /app/ch...

240. CVE-2026-0592 - A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This affects an unknown function of the file /handgunner-a...

241. CVE-2025-15026 - Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functional...

242. CVE-2025-15029 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) ...

243. CVE-2025-66376 - Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives ...

244. CVE-2026-0597 - A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/edit_pro...

245. CVE-2025-14346 - WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pai...

246. CVE-2025-65328 - Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted...

247. CVE-2025-67303 - An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due...

248. CVE-2025-67315 - Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-empl...

249. CVE-2024-30461 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tumult Inc Tumult Hype Animations allows ...

250. CVE-2024-30516 - Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constraine...

251. CVE-2024-53735 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Corourke iPhone Webclip Manager allows Stored XS...

252. CVE-2025-10933 - An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads.

253. CVE-2025-39484 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Waituk Entrada allows SQL Injection.This issue a...

254. CVE-2025-39497 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dokan Dokan Pro allows Stored XSS.This issue aff...

255. CVE-2025-39561 - Missing Authorization vulnerability in Marketing Fire, LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue af...

256. CVE-2025-46255 - Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue aff...

257. CVE-2025-52519 - An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper valid...

258. CVE-2025-53344 - Cross-Site Request Forgery (CSRF) vulnerability in ThimPress Thim Core allows Cross Site Request Forgery.This issue affects Thim Core: from n/a throug...

259. CVE-2025-57836 - An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during inst...

260. CVE-2025-59467 - A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Admi...

261. CVE-2025-67316 - An issue in realme Internet browser v.45.13.4.1 allows a remote attacker to execute arbitrary code via a crafted webpage in the built-in HeyTap/ColorO...

262. CVE-2026-21633 - A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vu...

263. CVE-2026-21634 - A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol cau...

264. CVE-2026-21635 - An Improper Access Control could allow a malicious actor in Wi-Fi range to the EV Station Lite (v1.5.2 and earlier) to use WiFi AutoLink feature on a ...

265. CVE-2025-55204 - muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution (RCE) vulnerability in. ...

266. CVE-2025-59156 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, a Remote Code E...

267. CVE-2025-59157 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.420.7, the Git Reposit...

268. CVE-2025-59158 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-bet...

269. CVE-2025-59955 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-bet...

270. CVE-2025-61781 - OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "Wor...

271. CVE-2025-65922 - PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does ...

272. CVE-2025-27807 - An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 240...

273. CVE-2025-43706 - An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2400, 1580, 9110, W920, W930, Mod...

274. CVE-2025-49495 - An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an NL80211 vendor command leads t...

275. CVE-2025-52515 - An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition i...

276. CVE-2025-52516 - An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel ...

277. CVE-2025-52517 - An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition i...

278. CVE-2025-53966 - An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buf...

279. CVE-2025-67397 - An issue in Passy v.1.6.3 allows a remote authenticated attacker to execute arbitrary commands via a crafted HTTP request using a specific payload inj...

280. CVE-2025-64419 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.445, parameters coming...

281. CVE-2025-64420 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-...

282. CVE-2025-64421 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-bet...

283. CVE-2025-67419 - A Denial of Service (DoS) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to exhaust the application server's resources via...

284. CVE-2025-67427 - A Blind Server-Side Request Forgery (SSRF) vulnerability in evershop 2.1.0 and prior allows unauthenticated attackers to force the server to initiate ...

285. CVE-2025-64422 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify vstarting with version 4.0.0-beta.434, ...

286. CVE-2025-64423 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-bet...

287. CVE-2025-64424 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-bet...

288. CVE-2025-64425 - Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-bet...

289. CVE-2026-0605 - A security vulnerability has been detected in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the f...

290. CVE-2026-0621 - Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemp...

291. CVE-2025-61916 - Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-sid...

292. CVE-2025-65110 - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and...

293. CVE-2025-66648 - vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrus...

294. CVE-2025-67732 - Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-admini...

295. CVE-2025-68428 - jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js bu...

296. CVE-2025-68436 - Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, authenticated users on a Cra...

297. CVE-2025-68437 - Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL `save_...

298. CVE-2025-68454 - Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential auth...

299. CVE-2025-68455 - Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential auth...

300. CVE-2025-68456 - Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, unauthenticated users can trigg...

301. CVE-2025-68953 - Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path t...

302. CVE-2025-69223 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS...

303. CVE-2026-0625 - Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows ...

304. CVE-2025-69224 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a reques...

305. CVE-2025-69226 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existenc...

306. CVE-2026-0606 - A vulnerability was detected in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /FrontEnd/Albums...

307. CVE-2025-69225 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII ...

308. CVE-2025-69227 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when ass...

309. CVE-2025-69228 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way ...

310. CVE-2025-69229 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result ...

311. CVE-2025-69230 - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lea...

312. CVE-2026-0607 - A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminViewSongs.php. Executin...

313. CVE-2026-21439 - badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject c...

314. CVE-2025-15444 - Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium

libsodium <= 1.0.20 or a version of libsodiu...

315. CVE-2025-68954 - Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is remov...

316. CVE-2025-69197 - Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity w...

317. CVE-2026-21507 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have an infinite loop in the Icc...

318. CVE-2025-15364 - The Download Manager plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.40. Thi...

319. CVE-2025-15385 - Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com...

320. CVE-2025-20760 - In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has c...

321. CVE-2025-20761 - In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a ro...

322. CVE-2025-20762 - In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a ro...

323. CVE-2025-20778 - In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious act...

324. CVE-2025-20779 - In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has alre...

325. CVE-2025-20780 - In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has alr...

326. CVE-2025-20781 - In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has alr...

327. CVE-2025-20782 - In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious act...

328. CVE-2025-20783 - In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious act...

329. CVE-2025-20784 - In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has...

330. CVE-2025-20785 - In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has alr...

331. CVE-2025-20786 - In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has alr...

332. CVE-2025-20787 - In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has alr...

333. CVE-2025-20793 - In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a ro...

334. CVE-2025-20794 - In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a r...

335. CVE-2025-20795 - In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious ...

336. CVE-2025-20796 - In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious a...

337. CVE-2025-20797 - In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious act...

338. CVE-2025-20798 - In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious act...

339. CVE-2025-20799 - In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has alread...

340. CVE-2025-20800 - In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious act...

341. CVE-2025-20801 - In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has al...

342. CVE-2025-20802 - In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has a...

343. CVE-2025-20803 - In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has al...

344. CVE-2025-20804 - In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already...

345. CVE-2025-20805 - In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already...

346. CVE-2025-20806 - In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already...

347. CVE-2025-20807 - In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has ...

348. CVE-2026-21673 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in...

349. CVE-2026-21674 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerabil...

350. CVE-2026-21675 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnera...

351. CVE-2025-12793 - An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from a...

352. CVE-2025-11370 - The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel ...

353. CVE-2025-11723 - The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in...

354. CVE-2025-13409 - The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and ...

355. CVE-2025-13652 - The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and includi...

356. CVE-2025-13746 - The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User's Display Name in all versions u...

357. CVE-2025-14034 - The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capabilit...

358. CVE-2025-14153 - The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all...

359. CVE-2026-0604 - The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.7 ...

360. CVE-2026-21485 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Be...

361. CVE-2026-21486 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-b...

362. CVE-2026-21487 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have an Out-of-bounds Read, Us...

363. CVE-2026-21676 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflo...

364. CVE-2026-21677 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have Undefined Behavior in its C...

365. CVE-2025-14120 - The URL Image Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1....

366. CVE-2025-14438 - The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.1.0.30 via th...

367. CVE-2025-14441 - The Popupkit plugin for WordPress is vulnerable to arbitrary subscriber data deletion due to missing authorization on the DELETE /subscribers REST A...

368. CVE-2025-14996 - The AS Password Field In Default Registration Form plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up ...

369. CVE-2025-14997 - The BuddyPress Xprofile Custom Field Types plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in t...

370. CVE-2025-15001 - The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0...

371. CVE-2025-13215 - The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1...

372. CVE-2025-4776 - The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the data-caption HTML attribute in all versions up to, and including,...

373. CVE-2026-21411 - Authentication bypass issue exists in OpenBlocks series versions prior to FW5.0.8, which may allow an attacker to bypass administrator authentication ...

374. CVE-2025-12067 - The Table Field Add-on for ACF and SCF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table Cell Content in all versions up...

375. CVE-2025-13812 - The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to unauthorized acc...

376. CVE-2025-14371 - The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to unauthorized modification of data due to a m...

377. CVE-2025-13766 - The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized modification and deletion o...

378. CVE-2025-13964 - The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

379. CVE-2025-5919 - The Appointment Booking and Scheduling Calendar Plugin – WP Timetics plugin for WordPress is vulnerable to unauthorized access and modification of dat...

380. CVE-2025-9294 - The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capabil...

381. CVE-2025-14552 - The MediaPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mpp-uploader shortcode in all versions up to, and in...

382. CVE-2025-9318 - The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ para...

383. CVE-2025-9637 - The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to unauthorized access and modification of data due t...

384. CVE-2026-21488 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bound...

385. CVE-2026-21489 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and In...

386. CVE-2025-14026 - Forcepoint One DLP Client, version 23.04.5642 (and possibly newer versions), includes a restricted version of Python 2.5.4 that prevents use of the ct...

387. CVE-2025-46696 - Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges...

388. CVE-2026-21493 - iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Type Confusi...

389. CVE-2020-36905 - FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrar...

390. CVE-2020-36906 - P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without use...

391. CVE-2020-36907 - Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusa...

392. CVE-2020-36908 - SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative ac...

393. CVE-2020-36909 - SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files us...

394. CVE-2020-36910 - Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers c...

395. CVE-2020-36912 - Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipu...

396. CVE-2020-36913 - All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier du...

397. CVE-2020-36914 - QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authen...

398. CVE-2020-36915 - Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web...

399. CVE-2020-36916 - TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. At...

400. CVE-2020-36917 - iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authenticat...

401. CVE-2020-36918 - iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions wit...

402. CVE-2020-36920 - iDS6 DSSPro Digital Signage System 6.2 contains an improper access control vulnerability that allows authenticated users to elevate privileges through...

403. CVE-2020-36921 - RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive we...

404. CVE-2020-36922 - Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system de...

405. CVE-2020-36923 - Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. A...

406. CVE-2020-36924 - Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through...

407. CVE-2020-36925 - Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass au...

408. CVE-2025-14979 - AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects E...

409. CVE-2025-59379 - DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL databas...

410. CVE-2025-60262 - An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability a...

411. CVE-2025-65212 - An issue was discovered in NJHYST HY511 POE core before 2.1 and plugins before 0.1. The vulnerability stems from the device's insufficient cookie veri...

412. CVE-2026-0640 - A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation ...

413. CVE-2024-30547 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-...

414. CVE-2024-31088 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPShop.Ru AdsPlace'r – Ad Manager, Insert...

415. CVE-2025-36589 - Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged a...

416. CVE-2025-39477 - Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff...

417. CVE-2025-47553 - Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery:...

418. CVE-2025-60534 - Blue Access Cobalt v02.000.195 suffers from an authentication bypass vulnerability, which allows an attacker to selectively proxy requests in order to...

419. CVE-2025-63082 - Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in img tags.

420. CVE-2025-63083 - Lack of output escaping leads to a XSS vector in the pagebreak plugin.

421. CVE-2025-69083 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Frappé allows P...

422. CVE-2025-69084 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3 themes Photo Gallery allows Reflected XSS.Th...

423. CVE-2025-69085 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins JobBank allows Reflected XSS.This issu...

424. CVE-2025-69086 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Jwsthemes Issabella allows PH...

425. CVE-2025-69327 - Missing Authorization vulnerability in magepeopleteam Car Rental Manager car-rental-manager allows Exploiting Incorrectly Configured Access Control Se...

426. CVE-2025-69331 - Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Le...

427. CVE-2025-69334 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for...

428. CVE-2025-69335 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Team Showcase team-showcase allows S...

429. CVE-2025-69336 - Missing Authorization vulnerability in bdthemes Ultimate Store Kit Elementor Addons ultimate-store-kit allows Exploiting Incorrectly Configured Access...

430. CVE-2025-69341 - Missing Authorization vulnerability in BuddhaThemes WeDesignTech Ultimate Booking Addon wedesigntech-ultimate-booking-addon allows Exploiting Incorrec...

431. CVE-2025-69342 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in VanKarWai Calafate calafate a...

432. CVE-2025-69345 - Missing Authorization vulnerability in BoldGrid Post and Page Builder by BoldGrid post-and-page-builder allows Exploiting Incorrectly Configured Acces...

433. CVE-2025-69346 - Missing Authorization vulnerability in WPCenter AffiliateX affiliatex allows Exploiting Incorrectly Configured Access Control Security Levels.This iss...

434. CVE-2025-69348 - Missing Authorization vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Exploiting Incorrectly C...

435. CVE-2025-69349 - Missing Authorization vulnerability in Fahad Mahmood RSS Feed Widget rss-feed-widget allows Exploiting Incorrectly Configured Access Control Security ...

436. CVE-2025-69350 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion accordions-wp allows Store...

437. CVE-2025-69351 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows...

438. CVE-2025-69352 - Missing Authorization vulnerability in StellarWP The Events Calendar the-events-calendar allows Exploiting Incorrectly Configured Access Control Secur...

439. CVE-2025-69353 - Missing Authorization vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Exploiting Incorrectly Configured Acce...

440. CVE-2025-69354 - Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Con...

441. CVE-2025-69355 - Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security...

442. CVE-2025-69356 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elem...

443. CVE-2025-69357 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor...

444. CVE-2025-69359 - Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This i...

445. CVE-2025-69360 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery)...

446. CVE-2025-69361 - Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Lev...

447. CVE-2025-69362 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH UiChemy uichemy allows Stored XSS.This ...

448. CVE-2025-69363 - Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Confi...

449. CVE-2025-69364 - Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe...

450. CVE-2025-14942 - wolfSSH’s key exchange state machine can be manipulated to leak the client’s password in the clear, trick the client to send a bogus signature, or tri...

451. CVE-2025-15382 - A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue vi...

452. CVE-2025-32304 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP ...

453. CVE-2026-0641 - A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cste...

454. CVE-2026-21490 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

455. CVE-2026-21491 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

456. CVE-2026-21494 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

457. CVE-2025-7048 - On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly....

458. CVE-2025-13744 - An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controll...

459. CVE-2025-29004 - Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing P...

460. CVE-2025-30631 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Tea...

461. CVE-2025-30996 - Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Sidepane WordPress Theme, Themify Themify Newsy, Themify Themify Folo...

462. CVE-2026-21492 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

463. CVE-2025-14596 - Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro

Installer (SFX)

on Windows allows Search Order Hijacking.This issue aff...

464. CVE-2025-14599 - Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard

Installer (SFX)

on Windows, Altera Quartus Prime Lite 

Installer (...

465. CVE-2025-14605 - Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issu...

466. CVE-2025-14612 - Insecure Temporary File vulnerability in Altera Quartus Prime Pro 

Installer (SFX)

on Windows allows : Use of Predictable File Names.This issue aff...

467. CVE-2025-15471 - A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation ...

468. CVE-2025-31051 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in EngoTheme Plant - Gardening & Houseplants WordPress Theme ...

469. CVE-2025-31642 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This ...

470. CVE-2024-14020 - A weakness has been identified in carboneio carbone up to fbcd349077ad0e8748be73eab2a82ea92b6f8a7e. This impacts an unknown function of the file lib/i...

471. CVE-2025-0980 - Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid vali...

472. CVE-2025-11235 - Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1.0 b...

473. CVE-2025-11877 - The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_l...

474. CVE-2025-12030 - The ACF to REST API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.4. This is due to...

475. CVE-2025-12449 - The aBlocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data and disclosure of sensitive informati...

476. CVE-2025-12540 - The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including...

477. CVE-2025-12648 - The WP-Members Membership Plugin for WordPress is vulnerable to unauthorized file access in versions up to, and including, 3.5.4.4. This is due to sto...

478. CVE-2025-12958 - The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check on t...

479. CVE-2025-13369 - The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_sp...

480. CVE-2025-13371 - The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the p...

481. CVE-2025-13418 - The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, a...

482. CVE-2025-13419 - The Guest posting / Frontend Posting / Front Editor – WP Front User Submit plugin for WordPress is vulnerable to unauthorized modification of data due...

483. CVE-2025-13493 - The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due...

484. CVE-2025-13496 - The Moosend Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the moosend_lan...

485. CVE-2025-13497 - The Recras WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'recrasname' shortcode attribute in all versions up to,...

486. CVE-2025-13519 - The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missin...

487. CVE-2025-13520 - The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to m...

488. CVE-2025-13521 - The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to miss...

489. CVE-2025-13527 - The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce ...

490. CVE-2025-13529 - The Unify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'init' action in all versio...

491. CVE-2025-13531 - The Stylish Order Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'product_name' parameter in all versions up t...

492. CVE-2025-13657 - The HelpDesk contact form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to...

493. CVE-2025-13667 - The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and i...

494. CVE-2025-13694 - The AA Block Country plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.0.1. This is due to the plugin trus...

495. CVE-2025-13722 - The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Missing Authorization...

496. CVE-2025-13801 - The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes ...

497. CVE-2025-13841 - The Smart App Banners plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' and 'verticalalign' parameters of the 'app-stor...

498. CVE-2025-13847 - The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 d...

499. CVE-2025-13848 - The STM Gallery 1.9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'composicion' parameter in all versions up to, and inclu...

500. CVE-2025-13849 - The Cool YT Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'videoid' parameter in all versions up to, and including,...

501. CVE-2025-13887 - The AI BotKit – AI Chatbot & Live Support for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in th...

502. CVE-2025-13974 - The Email Customizer for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email template content in all versions up t...

503. CVE-2025-13990 - The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due t...

504. CVE-2025-14028 - The Contact Us Simple Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, ...

505. CVE-2025-14053 - The Wish To Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 0.5.2 ...

506. CVE-2025-14057 - The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 17...

507. CVE-2025-14059 - The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in all versions up to, and including, 1.6.1. This is due to ...

508. CVE-2025-14070 - The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX ...

509. CVE-2025-14077 - The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or in...

510. CVE-2025-14109 - The AH Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'column' shortcode attribute in all versions up to, and in...

511. CVE-2025-14110 - The WP Js List Pages Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions ...

512. CVE-2025-14112 - The Snillrik Restaurant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'menu_style' shortcode attribute in all versions up ...

513. CVE-2025-14113 - The Viitor Button Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link' shortcode attribute in all versions up t...

514. CVE-2025-14114 - The 1180px Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' shortcode attribute in all versions up to, and...

515. CVE-2025-14118 - The Starred Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the PHP_SELF variable in all versions up to, and including...

516. CVE-2025-14121 - The EDD Download Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'edd_download_info_link' shortcode in all versions up ...

517. CVE-2025-14122 - The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliding_faq' shortcode in all versions up to, and includ...

518. CVE-2025-14127 - The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in all versions up...

519. CVE-2025-14128 - The Stumble! for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in all version...

520. CVE-2025-14130 - The Post Like Dislike plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in all versions up ...

521. CVE-2025-14131 - The WP Widget Changer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] variable in all versions up ...

522. CVE-2025-14144 - The Mstoic Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'start' parameter of the ms_youtube_embeds shortcode i...

523. CVE-2025-14145 - The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter ...

524. CVE-2025-14147 - The Easy GitHub Gist Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the gist shortcode in all ...

525. CVE-2025-14352 - The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.ph...

526. CVE-2025-14370 - The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing aut...

527. CVE-2025-14453 - The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style_css' shortcode attribute in all versions up to, ...

528. CVE-2025-14460 - The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized order status modification in all versions up to, and i...

529. CVE-2025-14465 - The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to m...

530. CVE-2025-14468 - The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. Th...

531. CVE-2025-14614 - Insecure Temporary File vulnerability in Altera Quartus Prime Standard 

Installer (SFX)

on Windows, Altera Quartus Prime Lite 

Installer (SFX)

o...

532. CVE-2025-14625 - Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard on Windows (Nios II Command Shell modules), Altera Quartus Prime Lite ...

533. CVE-2025-14626 - The QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin...

534. CVE-2025-14631 - A NULL Pointer Dereference vulnerability in TP-Link Archer BE400 V1(802.11 modules) allows 

an adjacent attacker to cause a denial-of-service (DoS) b...

535. CVE-2025-14719 - The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using ...

536. CVE-2025-14792 - The Key Figures plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the kf_field_figure_default_color_render function in all version...

537. CVE-2025-14796 - The My Album Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image titles in all versions up to, and including, 1.0.4. T...

538. CVE-2025-14802 - The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to unauthorized file deletion in versions up to, and including, 4.3.2.2 via the /wp-...

539. CVE-2025-14804 - The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated ...

540. CVE-2025-14835 - The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and ...

541. CVE-2025-14842 - The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited upload of files with a dangerous type in all ver...

542. CVE-2025-14845 - The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 2.1.5. Thi...

543. CVE-2025-14867 - The Flashcard plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.9 via the 'source' attribute of the 'flashc...

544. CVE-2025-14875 - The HBLPAY Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cusdata’ parameter in all ver...

545. CVE-2025-14887 - The twinklesmtp – Email Service Provider For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's sender settings ...

546. CVE-2025-14888 - The Simple User Meta Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user meta value field in all versions up to, and...

547. CVE-2025-14891 - The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions...

548. CVE-2025-14901 - The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWo...

549. CVE-2025-14904 - The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to ...

550. CVE-2025-14999 - The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or ...

551. CVE-2025-15000 - The Page Keys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘page_key’ parameter in all versions up to, and including, 1.3...

552. CVE-2025-15018 - The Optional Email plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in all versions up to, and including, 1.3.11. This ...

553. CVE-2025-15058 - The Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'table_currency' parameter in all versions up t...

554. CVE-2025-15158 - The WP Enable WebP plugin for WordPress is vulnerable to arbitrary file uploads due to improper file type validation in the 'wpse_file_and_ext_webp' f...

555. CVE-2025-15472 - A flaw has been found in TRENDnet TEW-811DRU 1.0.2.0. This affects the function setDeviceURL  of the file uapply.cgi of the component httpd . This man...

556. CVE-2025-15474 - AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Lo...

557. CVE-2025-31643 - Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0.

558. CVE-2025-31962 - Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolonge...

559. CVE-2025-31963 - Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to pe...

560. CVE-2025-31964 - Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service ava...

561. CVE-2025-32300 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Ref...

562. CVE-2025-47330 - Transient DOS while parsing video packets received from the video firmware.

563. CVE-2025-47331 - Information disclosure while processing a firmware event.

564. CVE-2025-47332 - Memory corruption while processing a config call from userspace.

565. CVE-2025-47333 - Memory corruption while handling buffer mapping operations in the cryptographic driver.

566. CVE-2025-47334 - Memory corruption while processing shared command buffer packet between camera userspace and kernel.

567. CVE-2025-47335 - Memory corruption while parsing clock configuration data for a specific hardware type.

568. CVE-2025-47336 - Memory corruption while performing sensor register read operations.

569. CVE-2025-47337 - Memory corruption while accessing a synchronization object during concurrent operations.

570. CVE-2025-47339 - Memory corruption while deinitializing a HDCP session.

571. CVE-2025-47343 - Memory corruption while processing a video session to set video parameters.

572. CVE-2025-47344 - Memory corruption while handling sensor utility operations.

573. CVE-2025-47345 - Cryptographic issue may occur while encrypting license data.

574. CVE-2025-47346 - Memory corruption while processing a secure logging command in the trusted application.

575. CVE-2025-47348 - Memory corruption while processing identity credential operations in the trusted application.

576. CVE-2025-47356 - Memory Corruption when multiple threads concurrently access and modify shared resources.

577. CVE-2025-47369 - Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID.

578. CVE-2025-47380 - Memory corruption while preprocessing IOCTLs in sensors.

579. CVE-2025-47388 - Memory corruption while passing pages to DSP with an unaligned starting address.

580. CVE-2025-47393 - Memory corruption when accessing resources in kernel driver.

581. CVE-2025-47394 - Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.

582. CVE-2025-47395 - Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.

583. CVE-2025-47396 - Memory corruption occurs when a secure application is launched on a device with insufficient memory.

584. CVE-2025-68637 - The Uniffle HTTP client is configured to trust all SSL certificates and

disables hostname verification by default. This insecure configuration expose...

585. CVE-2025-69080 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JanStudio Gecko allows PHP Lo...

586. CVE-2025-69081 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-i...

587. CVE-2025-69082 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issu...

588. CVE-2025-69333 - Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects...

589. CVE-2025-69344 - Missing Authorization vulnerability in ThemeHunk Oneline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec...

590. CVE-2025-9611 - Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perfo...

591. CVE-2026-0628 - Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a maliciou...

592. CVE-2026-0642 - A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/compl...

593. CVE-2026-0643 - A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg...

594. CVE-2026-0649 - A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import....

595. CVE-2026-0650 - OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of pa...

596. CVE-2026-0656 - The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 vi...

597. CVE-2026-20893 - Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploit...

598. CVE-2025-32303 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.Thi...

599. CVE-2025-46256 - Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Clea...

600. CVE-2025-46434 - Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control S...

601. CVE-2025-46494 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.T...

602. CVE-2025-47552 - Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery:...

603. CVE-2025-15479 - Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition...

604. CVE-2025-6225 - Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login...

605. CVE-2025-49335 - Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n...

606. CVE-2026-22540 - The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board m...

607. CVE-2025-62327 - In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for perfor...

608. CVE-2025-66838 - In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files ...

609. CVE-2026-22541 - The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since t...

610. CVE-2026-22542 - An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the ...

611. CVE-2025-12543 - A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to pro...

612. CVE-2025-4675 - Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue a...

613. CVE-2025-4676 - Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue a...

614. CVE-2025-61489 - A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying...

615. CVE-2025-65805 - OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of...

616. CVE-2025-66686 - A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject...

617. CVE-2025-66786 - OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON...

618. CVE-2025-66837 - A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware

619. CVE-2025-67364 - fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerab...

620. CVE-2025-67366 - @sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critica...

621. CVE-2026-0618 - Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13.

622. CVE-2026-20026 - Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacke...

623. CVE-2026-20027 - Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to ...

624. CVE-2026-20029 - A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow ...

625. CVE-2026-22535 - An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communicat...

626. CVE-2026-22536 - The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictio...

627. CVE-2026-22537 - The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentia...

628. CVE-2026-22543 - The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher,...

629. CVE-2026-22544 - An attacker with a network connection could detect credentials in clear text.

630. CVE-2025-4677 - Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Ca...

631. CVE-2025-58441 - Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerabili...

632. CVE-2025-61492 - A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via ...

633. CVE-2025-61782 - OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerab...

634. CVE-2025-66560 - Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerabil...

635. CVE-2026-0668 - Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential...

636. CVE-2026-0669 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows ...

637. CVE-2026-21495 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

638. CVE-2026-21496 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

639. CVE-2026-21497 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

640. CVE-2026-21498 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

641. CVE-2026-21499 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

642. CVE-2026-21500 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

643. CVE-2026-21501 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

644. CVE-2026-21502 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

645. CVE-2026-21503 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

646. CVE-2026-21504 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

647. CVE-2026-21505 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

648. CVE-2026-21506 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

649. CVE-2026-21678 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

650. CVE-2026-21679 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to ...

651. CVE-2026-21680 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

652. CVE-2026-22539 - As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the cha...

653. CVE-2026-0670 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - Proofrea...

654. CVE-2026-21854 - The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoi...

655. CVE-2026-21855 - The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting (XSS) vulnerability in th...

656. CVE-2026-21856 - The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL inj...

657. CVE-2025-61939 - An unused function in MicroServer can start a reverse SSH connection to a vendor registered domain, without mutual authentication. An attacker on the ...

658. CVE-2025-64305 - MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can ut...

659. CVE-2025-66620 - An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to...

660. CVE-2025-68705 - RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerabil...

661. CVE-2025-69220 - LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file con...

662. CVE-2025-69221 - LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An au...

663. CVE-2025-69255 - RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes ...

664. CVE-2026-21681 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

665. CVE-2026-21682 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

666. CVE-2026-22184 - zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied a...

667. CVE-2026-22185 - OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the ...

668. CVE-2026-22186 - Bio-Formats versions up to and including 8.3.0 contain an XML External Entity (XXE) vulnerability in the Leica Microsystems metadata parsing component...

669. CVE-2026-22187 - Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during ima...

670. CVE-2026-22188 - Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub...

671. CVE-2026-22189 - Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call...

672. CVE-2026-22190 - Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line opt...

673. CVE-2025-12776 - The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a...

674. CVE-2025-13151 - Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1...

675. CVE-2025-69222 - LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing...

676. CVE-2025-69263 - pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hash...

677. CVE-2025-69264 - pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing th...

678. CVE-2026-21441 - urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the co...

679. CVE-2026-21683 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

680. CVE-2026-21684 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

681. CVE-2026-21685 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

682. CVE-2026-21686 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

683. CVE-2026-21687 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

684. CVE-2026-21688 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

685. CVE-2026-21689 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

686. CVE-2026-21690 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

687. CVE-2026-21691 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

688. CVE-2026-21692 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

689. CVE-2026-21693 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

690. CVE-2026-22046 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

691. CVE-2026-22047 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

692. CVE-2023-7333 - A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Hand...

693. CVE-2025-62224 - User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a n...

694. CVE-2025-69262 - pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npm...

695. CVE-2026-21697 - axios4go is a Go HTTP client library. Prior to version 0.6.4, a race condition vulnerability exists in the shared HTTP client configuration. The globa...

696. CVE-2026-21851 - MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.1, a Path Traversal (Zip Slip) vulne...

697. CVE-2026-21857 - REDAXO is a PHP-based content management system. Prior to version 5.20.2, authenticated users with backup permissions can read arbitrary files within ...

698. CVE-2017-20212 - FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read...

699. CVE-2017-20213 - FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live c...

700. CVE-2017-20214 - FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. A...

701. CVE-2017-20215 - FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute sh...

702. CVE-2017-20216 - FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFl...

703. CVE-2019-25231 - devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to pote...

704. CVE-2019-25259 - Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative...

705. CVE-2019-25268 - NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application...

706. CVE-2019-25270 - SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attack...

707. CVE-2019-25277 - FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers...

708. CVE-2019-25278 - FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication creden...

709. CVE-2019-25279 - FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in ...

710. CVE-2019-25280 - Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET par...

711. CVE-2019-25282 - V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET paramete...

712. CVE-2019-25284 - V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various scri...

713. CVE-2019-25289 - SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter wit...

714. CVE-2019-25290 - Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host'...

715. CVE-2019-25291 - INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal...

716. CVE-2025-15346 - A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to no...

717. CVE-2026-21694 - Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other us...

718. CVE-2026-21695 - Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authentica...

719. CVE-2026-21858 - n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlyi...

720. CVE-2026-21859 - Mailpit is an email testing tool and API for developers. Versions 1.28.0 and below have a Server-Side Request Forgery (SSRF) vulnerability in the /pro...

721. CVE-2026-21869 - llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input i...

722. CVE-2026-21875 - ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add...

723. CVE-2026-21868 - Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the use...

724. CVE-2026-21877 - n8n is an open source workflow automation platform. In versions 0.121.2 and below, an authenticated attacker may be able to execute malicious code usi...

725. CVE-2026-22035 - Greenshot is an open source Windows screenshot utility. Versions 1.3.310 and below arvulnerable to OS Command Injection through unsanitized filename p...

726. CVE-2019-25295 - The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. Thi...

727. CVE-2026-21879 - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows...

728. CVE-2026-21880 - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP auth...

729. CVE-2026-21881 - Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass whe...

730. CVE-2026-21883 - Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist (e.g., dashb...

731. CVE-2019-25296 - The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload...

732. CVE-2025-12640 - The Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitr...

733. CVE-2025-14275 - The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficien...

734. CVE-2026-0707 - A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication sc...

735. CVE-2026-21427 - The installers for multiple products provided by PIONEER CORPORATION contain an issue with the DLL search path, which may lead to insecurely loading D...

736. CVE-2026-0697 - A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/...

737. CVE-2026-0698 - A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/ed...

738. CVE-2025-13679 - The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability che...

739. CVE-2026-0699 - A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_ac...

740. CVE-2026-0700 - A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/che...

741. CVE-2026-0701 - A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of...

742. CVE-2025-12549 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Rozy - Flower Shop ...

743. CVE-2025-12550 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes OchaHouse ochahouse...

744. CVE-2025-12551 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins ListingHub listinghub allows Reflected...

745. CVE-2025-13034 - When using CURLOPT_PINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certifi...

746. CVE-2025-13504 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Real Estate Pro real-estate-pro allows...

747. CVE-2025-14017 - When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally an...

748. CVE-2025-14358 - Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issu...

749. CVE-2025-14359 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in brandexponents Oshine oshin a...

750. CVE-2025-14360 - Missing Authorization vulnerability in Kaira Blockons blockons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bloc...

751. CVE-2025-14429 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove AeroLand aeroland a...

752. CVE-2025-14430 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Brook - Agency Busi...

753. CVE-2025-14431 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in THEMELOGI Navian navian allow...

754. CVE-2025-14524 - When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, L...

755. CVE-2025-14819 - When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPT_NO_PARTIALCHAIN option, libcurl could accidentally r...

756. CVE-2025-14984 - The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2....

757. CVE-2025-15079 - When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *...

758. CVE-2025-15224 - When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate usin...

759. CVE-2025-22509 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in TMRW-studio Atlas atlas allow...

760. CVE-2025-22707 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Moody tm-moody allo...

761. CVE-2025-22708 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Mitech mitech allow...

762. CVE-2025-22712 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Typify typify al...

763. CVE-2025-22713 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vanquish WooCommerce Orders & Customers Exporter...

764. CVE-2025-22715 - Missing Authorization vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Expl...

765. CVE-2025-22725 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in loopus WP Virtual Assistant VirtualAssistant all...

766. CVE-2025-22726 - Server-Side Request Forgery (SSRF) vulnerability in _nK nK Themes Helper nk-themes-helper allows Server Side Request Forgery.This issue affects nK The...

767. CVE-2025-22728 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AmentoTech Workreap (theme's plugin) workreap al...

768. CVE-2025-23504 - Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This i...

769. CVE-2025-23993 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RiceTheme Felan Framework felan-framework allows...

770. CVE-2025-27002 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup CountDown With Image or Video Backg...

771. CVE-2025-27004 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Famous - Responsive Image And Video...

772. CVE-2025-67910 - Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.T...

773. CVE-2025-67911 - Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newslett...

774. CVE-2025-67913 - Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Accessing Functionality Not Properly Constrained by...

775. CVE-2025-67914 - Path Traversal: '.../...//' vulnerability in beeteam368 VidMov vidmov allows Path Traversal.This issue affects VidMov: from n/a through <= 2.3.8.

776. CVE-2025-67915 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Arraytics Timetics timetics allows Authentication Abuse.This issue affects T...

777. CVE-2025-67916 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Jobify jobify allows Reflected XSS.Th...

778. CVE-2025-67917 - Missing Authorization vulnerability in shinetheme Traveler traveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue...

779. CVE-2025-67918 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WofficeIO Woffice woffice allows Reflected XSS.T...

780. CVE-2025-67919 - Authorization Bypass Through User-Controlled Key vulnerability in WofficeIO Woffice Core woffice-core allows Exploiting Incorrectly Configured Access ...

781. CVE-2025-67920 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Neo Ocular neoo...

782. CVE-2025-67921 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.T...

783. CVE-2025-67922 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allo...

784. CVE-2025-67924 - Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affec...

785. CVE-2025-67925 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Corpkit corpkit al...

786. CVE-2025-67926 - Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security ...

787. CVE-2025-67927 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spencer Haws Link Whisper Free link-whisper allo...

788. CVE-2025-67928 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themesuite Automotive Listings automotive allows...

789. CVE-2025-67930 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vernon Systems Limited eHive Search ehive-search...

790. CVE-2025-67931 - Insertion of Sensitive Information Into Sent Data vulnerability in AITpro BulletProof Security bulletproof-security allows Retrieve Embedded Sensitive...

791. CVE-2025-67932 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in purethemes Listeo Core listeo-core allows Reflec...

792. CVE-2025-67933 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in taskbuilder Taskbuilder taskbuilder allows Refle...

793. CVE-2025-67934 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wellspring well...

794. CVE-2025-67935 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Optimize optimi...

795. CVE-2025-67936 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly curly all...

796. CVE-2025-67937 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Hendon hendon a...

797. CVE-2025-68867 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anibalwainstein Effect Maker effect-maker allows...

798. CVE-2025-68873 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chloédigital PRIMER by chloédigital primer-by-ch...

799. CVE-2025-68874 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Visitor Stats Widget visitor-stats-widg...

800. CVE-2025-68875 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jcaruso001 Flaming Password Reset flaming-passwo...

801. CVE-2025-68887 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CMSJunkie - WordPress Business Directory Plugins...

802. CVE-2025-68889 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pinpoll Pinpoll pinpoll allows Reflected XSS.Thi...

803. CVE-2025-68890 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hands01 e-shops e-shops-cart2 allows DOM-Based X...

804. CVE-2025-68891 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Sutana WP App Bar wp-app-bar allows Reflect...

805. CVE-2025-68892 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gopiplus@hotmail.com Scroll rss excerpt scroll-r...

806. CVE-2025-69169 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allow...

807. CVE-2026-0674 - Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress forms-for-campaign-monitor allows Exploiting Incorrectly Config...

808. CVE-2026-0675 - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webaware NextGEN Download Gallery nextgen-download-gallery...

809. CVE-2026-0676 - Missing Authorization vulnerability in G5Theme Zorka zorka allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ...

810. CVE-2026-21871 - NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings...

811. CVE-2026-21872 - NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.sub_pages, comb...

812. CVE-2026-21873 - NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.sub_pages a...

813. CVE-2026-21874 - NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly openin...

814. CVE-2026-21894 - n8n is an open source workflow automation platform. In versions from 0.150.0 to before 2.2.2, an authentication bypass vulnerability in the Stripe Tri...

815. CVE-2026-22242 - CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows a...

816. CVE-2025-66001 - NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and int...

817. CVE-2025-62877 - Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password  if they are using the 1.5.x or 1.6.x inte...

818. CVE-2025-69258 - A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key...

819. CVE-2025-69259 - A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition ...

820. CVE-2025-69260 - A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affect...

821. CVE-2026-0719 - A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-b...

822. CVE-2025-14025 - A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specif...

823. CVE-2025-8306 - Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is ...

824. CVE-2025-8307 - Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users ar...

825. CVE-2026-21876 - The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 a...

826. CVE-2026-21885 - Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint (GET /proxy/{encodedDigest}/{encodedURL}) can be ...

827. CVE-2026-21891 - ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application ...

828. CVE-2026-21892 - Parsl is a Python parallel scripting library. A SQL Injection vulnerability exists in the parsl-visualize component of versions prior to 2026.01.05. T...

829. CVE-2026-21895 - The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the constructi...

830. CVE-2025-4596 - Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipula...

831. CVE-2025-66002 - An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts...

832. CVE-2025-66003 - An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can a...

833. CVE-2025-67603 - A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? b...

834. CVE-2026-22028 - Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary J...

835. CVE-2026-22032 - Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in th...

836. CVE-2026-22034 - Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deploymen...

837. CVE-2026-22041 - Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0....

838. CVE-2026-22042 - RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he ImportIam admin API validates permissions using `Ex...

839. CVE-2026-22043 - RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed deny_only short-circuit in ...

840. CVE-2026-22241 - The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulne...

841. CVE-2025-63611 - Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-compla...

842. CVE-2025-67089 - A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_packag...

843. CVE-2025-67090 - The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4...

844. CVE-2025-67091 - An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper scrip...

845. CVE-2025-67858 - A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspeci...

846. CVE-2025-68151 - CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical ...

847. CVE-2026-22244 - OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI...

848. CVE-2026-22245 - Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided d...

849. CVE-2026-22246 - Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-us...

850. CVE-2026-22255 - iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col...

851. CVE-2025-50334 - An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component

852. CVE-2025-55125 - This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file.

853. CVE-2025-56424 - An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a craft...

854. CVE-2025-56425 - An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183...

855. CVE-2025-59468 - This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password paramete...

856. CVE-2025-59469 - This vulnerability allows a Backup or Tape Operator to write files as root.

857. CVE-2025-59470 - This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order param...

858. CVE-2025-61246 - indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter.

859. CVE-2025-61546 - There is an issue on the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 that enab...

860. CVE-2025-61547 - Cross-Site Request Forgery (CSRF) is present on all functions in edu Business Solutions Print Shop Pro WebDesk version 18.34. The application does not...

861. CVE-2025-61548 - SQL Injection is present on the hfInventoryDistFormID parameter in the /PSP/appNET/Store/CartV12.aspx/GetUnitPrice endpoint in edu Business Solutions ...

862. CVE-2025-61549 - Cross-Site Scripting (XSS) is present on the LoginID parameter on the /PSP/app/web/reg/reg_display.asp endpoint in edu Business Solutions Print Shop P...

863. CVE-2025-61550 - Cross-Site Scripting (XSS) is present on the ctl00_Content01_fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in e...

864. CVE-2026-0671 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWi...

865. CVE-2026-21638 - A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execu...

866. CVE-2026-21639 - A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execu...

867. CVE-2026-22486 - Missing Authorization vulnerability in Hakob Re Gallery & Responsive Photo Gallery Plugin allows Exploiting Incorrectly Configured Access Control Secu...

868. CVE-2026-22487 - Missing Authorization vulnerability in baqend Speed Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spe...

869. CVE-2026-22488 - Missing Authorization vulnerability in IdeaBox Creations Dashboard Welcome for Beaver Builder allows Exploiting Incorrectly Configured Access Control ...

870. CVE-2026-22489 - Authorization Bypass Through User-Controlled Key vulnerability in Wptexture Image Slider Slideshow allows Exploiting Incorrectly Configured Access Con...

871. CVE-2026-22490 - Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access...

872. CVE-2026-22492 - Missing Authorization vulnerability in Nawawi Jamili Docket Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a...

873. CVE-2026-22517 - Missing Authorization vulnerability in Passionate Brains GA4WP: Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control...

874. CVE-2026-22518 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pencilwp X Addons for Elementor allows DOM-Based...

875. CVE-2026-22519 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BuddyDev MediaPress allows Stored XSS.This issue...

876. CVE-2026-22521 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework al...

877. CVE-2026-22522 - Missing Authorization vulnerability in Munir Kamal Block Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff...

878. CVE-2025-67825 - An issue was discovered in Nitro PDF Pro for Windows before 14.42.0.34. In certain cases, it displays signer information from a non-verified PDF field...

879. CVE-2025-68158 - Authlib is a Python library which builds OAuth and OpenID Connect servers. In version 1.6.5 and prior, cache-backed state/request-token storage is not...

880. CVE-2026-21896 - Kirby is an open-source content management system. From versions 5.0.0 to 5.2.1, Kirby is missing permission checks in the content changes API. This v...

881. CVE-2026-22230 - OPEXUS eCASE Audit allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that have b...

882. CVE-2026-22231 - OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Document Check Out functionality. The JavaScript is exe...

883. CVE-2026-22232 - OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The Java...

884. CVE-2026-22233 - OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed w...

885. CVE-2026-22234 - OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predicta...

886. CVE-2026-22235 - OPEXUS eComplaint before version 9.0.45.0 allows an attacker to visit the the 'DocumentOpen.aspx' endpoint, iterate through predictable values of 'cha...

887. CVE-2026-22587 - Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page th...

888. CVE-2025-65518 - Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php ...

889. CVE-2025-65731 - An issue was discovered in D-Link Router DIR-605L (Hardware version F1; Firmware version: V6.02CN02) allowing an attacker with physical access to the ...

890. CVE-2025-67325 - Unrestricted file upload in the hotel review feature in QloApps versions 1.7.0 and earlier allows remote unauthenticated attackers to achieve remote c...

891. CVE-2026-21860 - Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safe_join function allows path segments with Windows devi...

892. CVE-2026-22253 - Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the LFS lock deletion endpoint allo...

893. CVE-2026-22256 - Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generate an file view of a folder which include a render of the...

894. CVE-2026-22257 - Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates a file view of a folder without sanitizing the files ...

895. CVE-2025-66913 - JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker...

896. CVE-2025-66916 - The snailjob component in RuoYi-Vue-Plus versions 5.5.1 and earlier, interface /snail-job/workflow/check-node-expression can execute QLExpress express...

897. CVE-2025-68715 - An issue was discovered in Panda Wireless PWRU0 devices with firmware 2.2.9 that exposes multiple HTTP endpoints (/goform/setWan, /goform/setLan, /gof...

898. CVE-2026-0747 - Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on...

899. CVE-2025-14505 - The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979...

900. CVE-2025-15464 - Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls.

901. CVE-2025-68716 - KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 enable the SSH service enabled by default on the LAN interface. The root account is configured with n...

902. CVE-2025-68717 - KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 allow authentication bypass during session validation. If any user is logged in, endpoints such as /c...

903. CVE-2025-68718 - KAYSUS KS-WR1200 routers with firmware 107 expose SSH and TELNET services on the LAN interface with hardcoded root credentials (root:12345678). The ad...

904. CVE-2025-68719 - KAYSUS KS-WR3600 routers with firmware 1.0.5.9.1 mishandle configuration management. Once any user is logged in and maintains an active session, an at...

905. CVE-2026-0728 - A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the...

906. CVE-2026-22588 - Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Dir...

907. CVE-2025-14436 - The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’ parameter in all versions up ...

908. CVE-2026-0729 - A vulnerability was detected in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /intern/admin/add_a...

909. CVE-2026-0730 - A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADD_STAFF/UPDATE_STAFF of the file /staffl...