// LIVE THREAT FEED
Vulnerability Tracker
Real-time CVE tracking across Android, iOS, and mobile infrastructure. Updated continuously from NVD, Exploit-DB, and GitHub Advisory.
500 TOTAL TRACKED
62 CRITICAL
231 HIGH
207 MEDIUM
1 EXPLOITED ITW
LIVE
500 results
| CVE ID | Severity | CVSS | Title | Platform | Category | Published | ITW |
|---|---|---|---|---|---|---|---|
| CVE-2026-44847 | HIGH | 7.5 | MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's web | Cross-platform | Remote Code Execution | 2026-05-26 | — |
| CVE-2026-44451 | CRITICAL | 9.3 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component | Cross-platform | Remote Code Execution | 2026-05-26 | — |
| CVE-2026-44450 | CRITICAL | 9.9 | Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server | Network | Vulnerability | 2026-05-26 | — |
| CVE-2026-44209 | HIGH | 7.5 | Banks generates meaningful LLM prompts using a template language that makes sens | Cross-platform | Remote Code Execution | 2026-05-26 | — |
| CVE-2025-14361 | HIGH | 7.1 | Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates all | Cross-platform | Remote Code Execution | 2026-05-26 | — |
| CVE-2026-9541 | MEDIUM | 5.3 | A security flaw has been discovered in Squirrel up to 3.2. Impacted is the funct | Cross-platform | Buffer Overflow | 2026-05-26 | — |
| CVE-2026-9540 | MEDIUM | 5.3 | A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects s | Cross-platform | Vulnerability | 2026-05-26 | — |
| CVE-2026-7374 | CRITICAL | 9.9 | A flaw was found in KubeVirt's virt-handler component. This vulnerability allows | Cross-platform | Vulnerability | 2026-05-26 | — |
| CVE-2026-48134 | MEDIUM | 5.6 | When the DLP is active, the UserCheck Web Portal contains an input-handling issu | Network | Remote Code Execution | 2026-05-26 | — |
| CVE-2025-11482 | HIGH | 7.5 | An Allocation of Resources Without Limits or Throttling vulnerability in the OPC | Network | Remote Code Execution | 2026-05-26 | — |
| CVE-2026-8047 | HIGH | 7.5 | The affected products perform improper length checking when parsing incoming HTT | Cross-platform | Memory Corruption | 2026-05-26 | — |
| CVE-2026-8046 | HIGH | 8.1 | The affected products insufficiently verify authorization when deleting user acc | Cross-platform | Vulnerability | 2026-05-26 | — |
| CVE-2026-44469 | HIGH | 7.8 | The affected product extracts installation files to a temporary directory with i | Cross-platform | Privilege Escalation | 2026-05-26 | — |
| CVE-2026-44468 | HIGH | 7.8 | The affected product creates a directory with insecure default permissions durin | Cross-platform | Privilege Escalation | 2026-05-26 | — |
| CVE-2026-39655 | MEDIUM | 5.3 | Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiti | Cross-platform | Vulnerability | 2026-05-26 | — |
| CVE-2026-20434 | HIGH | 7.5 | In Modem, there is a possible out of bounds write due to a missing bounds check | Cross-platform | Memory Corruption | 2026-03-02 | — |
| CVE-2026-20405 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to a missing bounds check. This c | Cross-platform | Vulnerability | 2026-02-02 | — |
| CVE-2025-20794 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to improper input validation. Thi | Cross-platform | Vulnerability | 2026-01-06 | — |
| CVE-2025-48630 | HIGH | 7.4 | In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access | Cross-platform | Information Disclosure | 2026-03-02 | — |
| CVE-2025-10865 | HIGH | 7.8 | Software installed and run as a non-privileged user may conduct improper GPU sys | Cross-platform | Remote Code Execution | 2026-01-13 | — |
| CVE-2026-5437 | HIGH | 7.5 | An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM m | Cross-platform | Memory Corruption | 2026-04-09 | — |
| CVE-2026-20427 | MEDIUM | 6.7 | In display, there is a possible escalation of privilege due to a missing bounds | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-4892 | HIGH | 8.4 | A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of d | Cross-platform | Remote Code Execution | 2026-05-11 | — |
| CVE-2025-48585 | MEDIUM | 6.2 | In multiple functions of ProfilingService.java, there is a possible persistent d | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-0031 | HIGH | 8.4 | In multiple functions of mem_protect.c, there is a possible out of bounds write | Cross-platform | Memory Corruption | 2026-03-02 | — |
| CVE-2025-48641 | HIGH | 7.0 | In multiple functions of Nfc.h, there is a possible use after free due to a race | Cross-platform | Use After Free | 2026-03-02 | — |
| CVE-2026-20433 | HIGH | 8.8 | In Modem, there is a possible out of bounds write due to a missing bounds check | Cross-platform | Memory Corruption | 2026-04-07 | — |
| CVE-2025-52909 | CRITICAL | 9.8 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wear | Android | Buffer Overflow | 2026-04-07 | — |
| CVE-2026-7301 | CRITICAL | 9.8 | SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 | Network | Remote Code Execution | 2026-05-18 | — |
| CVE-2026-39803 | HIGH | 7.5 | Allocation of Resources Without Limits or Throttling vulnerability in mtrudel ba | Cross-platform | Remote Code Execution | 2026-05-13 | — |
| CVE-2026-0021 | HIGH | 8.4 | In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2025-58407 | HIGH | 7.4 | Kernel or driver software installed on a Guest VM may post improper commands to | Linux | Vulnerability | 2025-11-17 | — |
| CVE-2025-58408 | MEDIUM | 5.9 | Software installed and run as a non-privileged user may conduct improper GPU sys | Linux | Remote Code Execution | 2025-12-01 | — |
| CVE-2025-20795 | HIGH | 7.8 | In KeyInstall, there is a possible out of bounds write due to a missing bounds c | Cross-platform | Memory Corruption | 2026-01-06 | — |
| CVE-2026-0012 | MEDIUM | 6.2 | In setHideSensitive of ExpandableNotificationRow.java, there is a possible conta | Cross-platform | Information Disclosure | 2026-03-02 | — |
| CVE-2026-43948 | CRITICAL | 9.9 | wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset | Cross-platform | Remote Code Execution | 2026-05-12 | — |
| CVE-2026-20447 | MEDIUM | 6.7 | In geniezone, there is a possible escalation of privilege due to a missing bound | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2025-48609 | CRITICAL | 9.1 | In multiple functions of MmsProvider.java, there is a possible way to arbitraril | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2024-43859 | MEDIUM | 5.5 | In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix t | Linux | Vulnerability | 2024-08-17 | — |
| CVE-2026-39806 | HIGH | 7.5 | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel | Cloud | Vulnerability | 2026-05-13 | — |
| CVE-2025-64783 | HIGH | 7.8 | DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wrapar | Cross-platform | Remote Code Execution | 2025-12-09 | — |
| CVE-2025-48631 | MEDIUM | 6.5 | In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent de | Cross-platform | Remote Code Execution | 2025-12-08 | — |
| CVE-2026-0038 | HIGH | 8.4 | In multiple functions of mem_protect.c, there is a possible way to execute arbit | Cross-platform | Remote Code Execution | 2026-03-02 | — |
| CVE-2025-48567 | HIGH | 7.8 | In multiple locations, there is a possible bypass of a file path filter designed | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-4891 | MEDIUM | 5.3 | A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmas | Cross-platform | Memory Corruption | 2026-05-11 | — |
| CVE-2026-0007 | HIGH | 8.6 | In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into | Cross-platform | Remote Code Execution | 2026-03-02 | — |
| CVE-2024-31328 | HIGH | 8.8 | In broadcastIntentLockedTraced of BroadcastController.java, there is a possible | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-7304 | CRITICAL | 9.8 | SGLangs multimodal generation runtime is vulnerable to unauthenticated remote co | Cross-platform | Remote Code Execution | 2026-05-18 | — |
| CVE-2026-20448 | MEDIUM | 6.7 | In geniezone, there is a possible escalation of privilege due to a missing permi | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2025-48577 | HIGH | 7.4 | In multiple functions of KeyguardViewMediator.java, there is a possible lockscre | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-21018 | MEDIUM | 6.7 | Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local p | Cross-platform | Remote Code Execution | 2026-05-13 | — |
| CVE-2026-5172 | HIGH | 7.3 | A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker t | Cross-platform | Buffer Overflow | 2026-05-11 | — |
| CVE-2025-48568 | HIGH | 7.4 | In multiple locations, there is a possible lockscreen bypass due to a race condi | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2025-20761 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to incorrect error handling. This | Cross-platform | Vulnerability | 2026-01-06 | — |
| CVE-2026-0037 | HIGH | 8.4 | In multiple functions of ffa.c, there is a possible memory corruption due to a l | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-2287 | CRITICAL | 9.8 | CrewAI does not properly check that Docker is still running during runtime, and | Cloud | Remote Code Execution | 2026-03-30 | — |
| CVE-2025-48613 | HIGH | 7.8 | In VBMeta, there is a possible way to modify and resign VBMeta using a test key | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-20450 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to incorrect error handling. This | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-8684 | MEDIUM | 5.3 | The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization | Cross-platform | Remote Code Execution | 2026-05-22 | — |
| CVE-2026-8381 | MEDIUM | 5.4 | A broken access
control vulnerability exists in the TeamViewer DEX Platform (On‑ | Cross-platform | Remote Code Execution | 2026-05-22 | — |
| CVE-2026-7798 | MEDIUM | 5.4 | The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, | Cross-platform | Vulnerability | 2026-05-22 | — |
| CVE-2026-43284 | HIGH | 8.8 | In the Linux kernel, the following vulnerability has been resolved:
xfrm: esp: | Linux | Vulnerability | 2026-05-08 | — |
| CVE-2026-9018 | HIGH | 8.8 | The Easy Elements for Elementor – Addons & Website Templates plugin for WordPres | Cross-platform | Privilege Escalation | 2026-05-22 | — |
| CVE-2026-34911 | HIGH | 7.7 | A malicious actor with access to the network and low privileges could exploit a | Network | Vulnerability | 2026-05-22 | — |
| CVE-2026-34910 | CRITICAL | 10.0 | A malicious actor with access to the network could exploit an Improper Input Val | Network | Vulnerability | 2026-05-22 | — |
| CVE-2026-34909 | CRITICAL | 10.0 | A malicious actor with access to the network could exploit a Path Traversal vuln | Network | Vulnerability | 2026-05-22 | — |
| CVE-2026-34908 | CRITICAL | 10.0 | A malicious actor with access to the network could exploit an Improper Access Co | Network | Vulnerability | 2026-05-22 | — |
| CVE-2026-33000 | CRITICAL | 9.1 | A malicious actor with access to the network and high privileges could exploit a | Network | Vulnerability | 2026-05-22 | — |
| CVE-2026-6960 | CRITICAL | 9.8 | The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file upload | Cross-platform | Remote Code Execution | 2026-05-21 | — |
| CVE-2026-47102 | HIGH | 8.8 | LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /us | Cross-platform | Vulnerability | 2026-05-21 | — |
| CVE-2026-47101 | HIGH | 8.8 | LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API key | Cross-platform | Privilege Escalation | 2026-05-21 | — |
| CVE-2025-71211 | CRITICAL | 9.8 | A vulnerability in the Trend Micro Apex One management console could allow a rem | Cross-platform | Remote Code Execution | 2026-05-21 | — |
| CVE-2025-71210 | CRITICAL | 9.8 | A vulnerability in the Trend Micro Apex One management console could allow a rem | Cross-platform | Remote Code Execution | 2026-05-21 | — |
| CVE-2025-13479 | HIGH | 7.5 | Authorization bypass through User-Controlled key vulnerability in PosCube Hardwa | Cross-platform | Vulnerability | 2026-05-21 | — |
| CVE-2025-13477 | HIGH | 7.1 | Exposure of private personal information to an unauthorized actor, Insufficientl | Cross-platform | Authentication Bypass | 2026-05-21 | — |
| CVE-2026-5118 | CRITICAL | 9.8 | The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation | Cross-platform | Privilege Escalation | 2026-05-21 | — |
| CVE-2026-44066 | HIGH | 7.1 | Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Net | Cross-platform | Memory Corruption | 2026-05-21 | — |
| CVE-2026-44064 | HIGH | 7.1 | An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 a | Network | Memory Corruption | 2026-05-21 | — |
| CVE-2026-44058 | HIGH | 7.2 | An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a | Cross-platform | Authentication Bypass | 2026-05-21 | — |
| CVE-2026-44056 | MEDIUM | 6.4 | A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows | Cross-platform | Buffer Overflow | 2026-05-21 | — |
| CVE-2026-44054 | MEDIUM | 6.5 | Netatalk 2.0.0 through 4.4.2 generates AFP session tokens derived from predictab | Cross-platform | Vulnerability | 2026-05-21 | — |
| CVE-2026-44050 | CRITICAL | 9.9 | A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk | Cross-platform | Remote Code Execution | 2026-05-21 | — |
| CVE-2026-44049 | HIGH | 7.5 | An out-of-bounds write due to improper null termination in convert_charset() in | Cross-platform | Remote Code Execution | 2026-05-21 | — |
| CVE-2026-44048 | HIGH | 8.8 | A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in N | Cross-platform | Remote Code Execution | 2026-05-21 | — |
| CVE-2026-6279 | CRITICAL | 9.8 | The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthe | Cross-platform | Remote Code Execution | 2026-05-21 | — |
| CVE-2026-2734 | MEDIUM | 6.5 | In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoi | Cross-platform | Remote Code Execution | 2026-05-21 | — |
| CVE-2026-26028 | MEDIUM | 6.1 | CryptPad is an end-to-end encrypted collaborative office suite. In versions prio | Cross-platform | Remote Code Execution | 2026-05-20 | — |
| CVE-2026-24218 | HIGH | 8.1 | NVIDIA DGX OS contains a vulnerability in the factory provisioning process, wher | Cross-platform | Information Disclosure | 2026-05-20 | — |
| CVE-2026-24217 | HIGH | 8.8 | NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause | Linux | Information Disclosure | 2026-05-20 | — |
| CVE-2026-24216 | HIGH | 7.8 | NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a des | Linux | Information Disclosure | 2026-05-20 | — |
| CVE-2026-24188 | HIGH | 8.2 | NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of | Cross-platform | Memory Corruption | 2026-05-20 | — |
| CVE-2026-22554 | HIGH | 7.8 | MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerabilit | Cross-platform | Buffer Overflow | 2026-05-20 | — |
| CVE-2026-5950 | MEDIUM | 5.3 | An unbounded resend loop vulnerability exists in the BIND 9 resolver state machi | Cross-platform | Remote Code Execution | 2026-05-20 | — |
| CVE-2026-45584 | HIGH | 8.1 | Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker | Windows | Buffer Overflow | 2026-05-20 | — |
| CVE-2026-45443 | MEDIUM | 5.0 | Missing Authorization vulnerability in ADD-ONS.ORG PDF for Elementor Forms + Dra | Cross-platform | Vulnerability | 2026-05-20 | — |
| CVE-2026-42383 | HIGH | 7.6 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti | Cross-platform | Remote Code Execution | 2026-05-20 | — |
| CVE-2026-3592 | MEDIUM | 5.3 | BIND resolvers are vulnerable to an amplified resource consumption/exhaustion at | Cross-platform | Remote Code Execution | 2026-05-20 | — |
| CVE-2026-29518 | HIGH | 7.0 | Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race | Cross-platform | Privilege Escalation | 2026-05-20 | — |
| CVE-2026-27405 | MEDIUM | 6.5 | Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploi | Cross-platform | Vulnerability | 2026-05-20 | — |
| CVE-2026-9064 | HIGH | 7.5 | A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in | Cross-platform | Remote Code Execution | 2026-05-20 | — |
| CVE-2026-35070 | MEDIUM | 6.4 | Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper | Cross-platform | Vulnerability | 2026-05-20 | — |
| CVE-2026-24206 | HIGH | 7.3 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could | Cross-platform | Authentication Bypass | 2026-05-20 | — |
| CVE-2026-24163 | HIGH | 7.5 | NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where a | Cross-platform | Information Disclosure | 2026-05-20 | — |
| CVE-2026-24160 | MEDIUM | 5.5 | NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could | Cross-platform | Vulnerability | 2026-05-20 | — |
| CVE-2026-24142 | MEDIUM | 6.3 | NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and u | Cross-platform | Information Disclosure | 2026-05-20 | — |
| CVE-2025-33255 | HIGH | 7.5 | NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an | Cross-platform | Information Disclosure | 2026-05-20 | — |
| CVE-2026-32882 | HIGH | 7.1 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and | Android | Vulnerability | 2026-05-19 | — |
| CVE-2026-32814 | MEDIUM | 6.5 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 a | Android | Vulnerability | 2026-05-19 | — |
| CVE-2026-32741 | HIGH | 7.1 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and | Android | Buffer Overflow | 2026-05-19 | — |
| CVE-2025-57798 | MEDIUM | 5.5 | Joplin is an open source note-taking and to-do application that organises notes | Cross-platform | Remote Code Execution | 2026-05-19 | — |
| CVE-2026-32740 | HIGH | 8.8 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and | Android | Vulnerability | 2026-05-19 | — |
| CVE-2025-40903 | MEDIUM | 5.9 | A Stored HTML Injection vulnerability was discovered in the Schedule Restore Arc | Cross-platform | Information Disclosure | 2026-05-19 | — |
| CVE-2025-40902 | MEDIUM | 5.9 | A Stored HTML Injection vulnerability was discovered in the Users functionality | Cross-platform | Information Disclosure | 2026-05-19 | — |
| CVE-2025-40901 | MEDIUM | 5.9 | A Stored HTML Injection vulnerability was discovered in the Credentials Manager | Cross-platform | Information Disclosure | 2026-05-19 | — |
| CVE-2026-8912 | HIGH | 7.5 | The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the | Cross-platform | Remote Code Execution | 2026-05-19 | — |
| CVE-2026-4883 | CRITICAL | 9.8 | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload du | Cross-platform | Remote Code Execution | 2026-05-19 | — |
| CVE-2026-47316 | MEDIUM | 5.5 | Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Op | Android | Remote Code Execution | 2026-05-19 | — |
| CVE-2026-47315 | MEDIUM | 5.5 | Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Op | Android | Remote Code Execution | 2026-05-19 | — |
| CVE-2026-47314 | HIGH | 7.8 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo | Android | Remote Code Execution | 2026-05-19 | — |
| CVE-2026-47313 | MEDIUM | 5.5 | Memory allocation with excessive size value vulnerability in Samsung Open Source | Android | Remote Code Execution | 2026-05-19 | — |
| CVE-2026-47312 | MEDIUM | 5.5 | Release of invalid pointer or reference vulnerability in Samsung Open Source Esc | Android | Remote Code Execution | 2026-05-19 | — |
| CVE-2026-27648 | HIGH | 8.8 | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex | Cross-platform | Remote Code Execution | 2026-05-19 | — |
| CVE-2026-25850 | MEDIUM | 5.5 | in OpenHarmony v6.0 and prior versions allow a local attacker cause information | Cross-platform | Vulnerability | 2026-05-19 | — |
| CVE-2026-25781 | HIGH | 8.4 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it c | Cross-platform | Vulnerability | 2026-05-19 | — |
| CVE-2026-24792 | HIGH | 8.1 | in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex | Cross-platform | Remote Code Execution | 2026-05-19 | — |
| CVE-2026-22069 | HIGH | 7.3 | A local privilege escalation vulnerability exists in O+ Connect because it fails | Cross-platform | Privilege Escalation | 2026-05-19 | — |
| CVE-2026-27891 | HIGH | 7.2 | FacturaScripts is an open source accounting and invoicing software. Versions 202 | Cross-platform | Remote Code Execution | 2026-05-18 | — |
| CVE-2026-27737 | MEDIUM | 6.5 | BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, | Cross-platform | Remote Code Execution | 2026-05-18 | — |
| CVE-2026-25244 | CRITICAL | 9.8 | WebdriverIO is a test automation framework for unit, e2e and component testing u | Cross-platform | Remote Code Execution | 2026-05-18 | — |
| CVE-2026-22810 | HIGH | 8.2 | Joplin is an open source note-taking and to-do application that organises notes | Cross-platform | Remote Code Execution | 2026-05-18 | — |
| CVE-2026-45246 | MEDIUM | 5.5 | Summarize prior to 0.15.1 contains an insecure file permission vulnerability in | Cross-platform | Vulnerability | 2026-05-18 | — |
| CVE-2025-56352 | HIGH | 7.5 | In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the br | Cross-platform | Remote Code Execution | 2026-05-18 | — |
| CVE-2026-41949 | MEDIUM | 5.9 | Dify version 1.14.1 and prior contain an authorization bypass vulnerability in t | Cloud | Remote Code Execution | 2026-05-18 | — |
| CVE-2026-41948 | HIGH | 7.7 | Dify version 1.14.1 and prior contain a path traversal vulnerability that allows | Cloud | Vulnerability | 2026-05-18 | — |
| CVE-2026-41947 | HIGH | 7.4 | Dify version 1.14.1 and prior contains an authorization bypass vulnerability tha | Cloud | Vulnerability | 2026-05-18 | — |
| CVE-2026-42009 | HIGH | 7.5 | A flaw was found in gnutls. A remote attacker could exploit an issue in the Data | Cross-platform | Vulnerability | 2026-05-18 | — |
| CVE-2026-0015 | MEDIUM | 6.2 | In multiple locations of AppOpsService.java, there is a possible persistent deni | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2025-39682 | HIGH | 7.1 | In the Linux kernel, the following vulnerability has been resolved:
tls: fix ha | Linux | Vulnerability | 2025-09-05 | — |
| CVE-2026-20973 | MEDIUM | 5.3 | Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 all | Cross-platform | Memory Corruption | 2026-01-09 | — |
| CVE-2026-8786 | MEDIUM | 6.3 | A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this | Cross-platform | Vulnerability | 2026-05-18 | — |
| CVE-2026-8785 | HIGH | 7.3 | A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Af | Cross-platform | Vulnerability | 2026-05-18 | — |
| CVE-2026-8774 | MEDIUM | 6.3 | A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is | Cross-platform | Vulnerability | 2026-05-18 | — |
| CVE-2026-8771 | HIGH | 7.3 | A security flaw has been discovered in linlinjava litemall up to 1.8.0. This imp | Cross-platform | Vulnerability | 2026-05-18 | — |
| CVE-2026-8768 | HIGH | 7.3 | A vulnerability was found in vercel ai up to 3.0.97. The affected element is the | Cross-platform | Remote Code Execution | 2026-05-17 | — |
| CVE-2026-8767 | MEDIUM | 5.0 | A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the functi | Cross-platform | Remote Code Execution | 2026-05-17 | — |
| CVE-2026-8764 | HIGH | 7.2 | A security vulnerability has been detected in H3C Magic B3 up to 100R002. This a | Cross-platform | Buffer Overflow | 2026-05-17 | — |
| CVE-2018-25324 | MEDIUM | 6.2 | Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion | Cross-platform | Remote Code Execution | 2026-05-17 | — |
| CVE-2018-25323 | HIGH | 8.4 | Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception ha | Cross-platform | Remote Code Execution | 2026-05-17 | — |
| CVE-2018-25322 | HIGH | 8.4 | Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerab | Cross-platform | Remote Code Execution | 2026-05-17 | — |
| CVE-2026-8752 | MEDIUM | 5.3 | A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability aff | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2026-8751 | HIGH | 7.3 | A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2026-8747 | MEDIUM | 6.3 | A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the functio | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2026-8743 | MEDIUM | 6.3 | A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2026-8740 | MEDIUM | 6.3 | A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is t | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2026-8739 | MEDIUM | 5.3 | A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected eleme | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2026-8738 | MEDIUM | 6.5 | A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impa | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2026-8737 | MEDIUM | 5.3 | A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affec | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2026-8735 | MEDIUM | 6.3 | A vulnerability was identified in Oinone Pamirs up to 7.2.0. This affects the fu | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2026-8734 | HIGH | 7.3 | A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this is | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2026-8733 | MEDIUM | 6.3 | A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected b | Cross-platform | Buffer Overflow | 2026-05-17 | — |
| CVE-2026-8719 | HIGH | 8.8 | The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPre | Cross-platform | Remote Code Execution | 2026-05-17 | — |
| CVE-2026-0073 | HIGH | 8.8 | In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-5442 | CRITICAL | 9.8 | A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimensio | Cross-platform | Buffer Overflow | 2026-04-09 | — |
| CVE-2026-20971 | HIGH | 7.8 | Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local atta | Cross-platform | Remote Code Execution | 2026-01-09 | — |
| CVE-2026-4893 | MEDIUM | 5.3 | An information disclosure vulnerability in dnsmasq allows remote attackers to by | Cross-platform | Remote Code Execution | 2026-05-11 | — |
| CVE-2026-8725 | HIGH | 7.3 | A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected ele | Cross-platform | Vulnerability | 2026-05-17 | — |
| CVE-2020-37234 | MEDIUM | 6.2 | Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in th | Cross-platform | Buffer Overflow | 2026-05-16 | — |
| CVE-2020-37231 | HIGH | 7.8 | Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsv | Cross-platform | Remote Code Execution | 2026-05-16 | — |
| CVE-2020-37230 | HIGH | 7.8 | Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in t | Cross-platform | Vulnerability | 2026-05-16 | — |
| CVE-2020-37228 | CRITICAL | 9.8 | iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulner | Cross-platform | Remote Code Execution | 2026-05-16 | — |
| CVE-2020-37227 | HIGH | 8.8 | HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that | Cross-platform | Remote Code Execution | 2026-05-16 | — |
| CVE-2026-45338 | HIGH | 7.7 | Open WebUI is a self-hosted artificial intelligence platform designed to operate | Cross-platform | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-0026 | HIGH | 7.8 | In removePermission of PermissionManagerServiceImpl.java, there is a possible wa | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2025-64496 | HIGH | 7.3 | Open WebUI is a self-hosted artificial intelligence platform designed to operate | Cross-platform | Remote Code Execution | 2025-11-08 | — |
| CVE-2025-53966 | HIGH | 8.4 | An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and | Android | Buffer Overflow | 2026-01-05 | — |
| CVE-2026-21020 | HIGH | 7.8 | Improper export of android application components in OmaCP prior to SMR May-2026 | Android | Vulnerability | 2026-05-13 | — |
| CVE-2026-0017 | HIGH | 7.7 | In onChange of BiometricService.java, there is a possible way to enable fingerpr | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-2291 | HIGH | 7.3 | dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, | Cross-platform | Buffer Overflow | 2026-05-11 | — |
| CVE-2025-65958 | HIGH | 8.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate | Cloud | Remote Code Execution | 2025-12-04 | — |
| CVE-2026-45665 | HIGH | 8.1 | Open WebUI is a self-hosted artificial intelligence platform designed to operate | Cross-platform | Privilege Escalation | 2026-05-15 | — |
| CVE-2026-8681 | MEDIUM | 5.3 | The Essential Chat Support plugin for WordPress is vulnerable to authorization b | Cross-platform | Remote Code Execution | 2026-05-16 | — |
| CVE-2026-45318 | MEDIUM | 5.4 | Open WebUI is a self-hosted artificial intelligence platform designed to operate | Cross-platform | Vulnerability | 2026-05-15 | — |
| CVE-2026-45672 | HIGH | 8.8 | Open WebUI is a self-hosted artificial intelligence platform designed to operate | Cross-platform | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-45402 | HIGH | 8.1 | Open WebUI is a self-hosted artificial intelligence platform designed to operate | Network | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-44562 | MEDIUM | 6.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate | Cross-platform | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-44560 | MEDIUM | 6.5 | Open WebUI is a self-hosted artificial intelligence platform designed to operate | Cross-platform | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-45036 | HIGH | 7.0 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1 | Cross-platform | Vulnerability | 2026-05-15 | — |
| CVE-2026-44717 | CRITICAL | 9.8 | MCP Calculate Server is a mathematical calculation service based on MCP protocol | Cross-platform | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-44641 | HIGH | 7.1 | Microsoft APM is an open-source, community-driven dependency manager for AI agen | Windows | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-42207 | MEDIUM | 6.1 | Magento Long Term Support (LTS) is an unofficial, community-driven project provi | Cross-platform | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-41258 | CRITICAL | 9.1 | OpenMRS is an open source electronic medical record system platform. From 2.7.0 | Cross-platform | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-41964 | HIGH | 8.4 | Permission control vulnerability in the web. Impact: Successful exploitation of | Cross-platform | Vulnerability | 2026-05-15 | — |
| CVE-2026-41961 | MEDIUM | 5.9 | Permission control vulnerability in contacts. Impact: Successful exploitation of | Cross-platform | Vulnerability | 2026-05-15 | — |
| CVE-2026-41960 | MEDIUM | 5.8 | Permission control vulnerability in calls. Impact: Successful exploitation of th | Cross-platform | Vulnerability | 2026-05-15 | — |
| CVE-2026-6228 | HIGH | 8.8 | The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege | Cross-platform | Privilege Escalation | 2026-05-15 | — |
| CVE-2026-5229 | CRITICAL | 9.8 | The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in v | Cross-platform | Authentication Bypass | 2026-05-15 | — |
| CVE-2026-20425 | MEDIUM | 6.7 | In display, there is a possible out of bounds write due to a missing bounds chec | Cross-platform | Memory Corruption | 2026-03-02 | — |
| CVE-2026-0027 | MEDIUM | 6.7 | In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due | Cross-platform | Use After Free | 2026-03-02 | — |
| CVE-2026-4094 | HIGH | 8.1 | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is | Cross-platform | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-41702 | HIGH | 7.8 | VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that o | Cross-platform | Vulnerability | 2026-05-15 | — |
| CVE-2026-2652 | HIGH | 8.6 | A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticat | Cross-platform | Remote Code Execution | 2026-05-15 | — |
| CVE-2026-44636 | HIGH | 7.4 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. F | Android | Buffer Overflow | 2026-05-14 | — |
| CVE-2026-43996 | MEDIUM | 5.5 | OpenImageIO is a toolset for reading, writing, and manipulating image files of a | Android | Vulnerability | 2026-05-14 | — |
| CVE-2026-43909 | HIGH | 8.8 | OpenImageIO is a toolset for reading, writing, and manipulating image files of a | Cross-platform | Memory Corruption | 2026-05-14 | — |
| CVE-2026-43908 | HIGH | 8.8 | OpenImageIO is a toolset for reading, writing, and manipulating image files of a | Android | Memory Corruption | 2026-05-14 | — |
| CVE-2026-43907 | HIGH | 8.3 | OpenImageIO is a toolset for reading, writing, and manipulating image files of a | Android | Remote Code Execution | 2026-05-14 | — |
| CVE-2026-6473 | HIGH | 8.8 | Integer wraparound in multiple PostgreSQL server features allows an unprivileged | Cross-platform | Remote Code Execution | 2026-05-14 | — |
| CVE-2025-15025 | HIGH | 8.8 | Authorization bypass through User-Controlled key vulnerability in Yordam Informa | Cross-platform | Vulnerability | 2026-05-14 | — |
| CVE-2026-4031 | HIGH | 7.5 | The Database Backup for WordPress plugin for WordPress is vulnerable to authoriz | Cross-platform | Remote Code Execution | 2026-05-14 | — |
| CVE-2026-4030 | HIGH | 8.1 | The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor | Cross-platform | Vulnerability | 2026-05-14 | — |
| CVE-2026-4029 | HIGH | 7.5 | The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor | Cross-platform | Vulnerability | 2026-05-14 | — |
| CVE-2026-2347 | CRITICAL | 9.8 | Authorization bypass through User-Controlled key vulnerability in Akilli Commerc | Cross-platform | Remote Code Execution | 2026-05-14 | — |
| CVE-2025-11024 | CRITICAL | 9.8 | Improper neutralization of special elements used in an SQL command ('SQL injecti | Cross-platform | Remote Code Execution | 2026-05-14 | — |
| CVE-2026-6510 | CRITICAL | 9.8 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation vi | Cross-platform | Privilege Escalation | 2026-05-14 | — |
| CVE-2026-6506 | HIGH | 8.8 | The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in | Cross-platform | Privilege Escalation | 2026-05-14 | — |
| CVE-2026-6271 | CRITICAL | 9.8 | The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload i | Cross-platform | Remote Code Execution | 2026-05-14 | — |
| CVE-2026-5193 | MEDIUM | 6.5 | The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugi | Cross-platform | Privilege Escalation | 2026-05-14 | — |
| CVE-2026-8181 | CRITICAL | 9.8 | The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Al | Cross-platform | Privilege Escalation | 2026-05-14 | — |
| CVE-2026-6417 | MEDIUM | 6.1 | The GLS Shipping for WooCommerce plugin for WordPress is vulnerable to Reflected | Cross-platform | Remote Code Execution | 2026-05-14 | — |
| CVE-2026-5243 | MEDIUM | 6.4 | The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widget | Cross-platform | Remote Code Execution | 2026-05-14 | — |
| CVE-2026-3829 | MEDIUM | 5.4 | The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Secur | Cross-platform | Remote Code Execution | 2026-05-14 | — |
| CVE-2026-42304 | HIGH | 7.5 | Twisted is an event-based framework for internet applications, supporting Python | Cross-platform | Remote Code Execution | 2026-05-13 | — |
| CVE-2026-39358 | HIGH | 7.2 | CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-B | Cross-platform | Remote Code Execution | 2026-05-13 | — |
| CVE-2026-33378 | MEDIUM | 6.5 | Using the $__timeGroup macro, one can achieve an OOM by overloading the server. | Cross-platform | Remote Code Execution | 2026-05-13 | — |
| CVE-2026-28383 | MEDIUM | 6.5 | A request to the Grafana plugin resources endpoint can cause unbounded memory al | Cross-platform | Remote Code Execution | 2026-05-13 | — |
| CVE-2026-28376 | MEDIUM | 6.5 | The Grafana Live push endpoint can be exploited to cause unbounded memory alloca | Cross-platform | Vulnerability | 2026-05-13 | — |
| CVE-2020-37168 | CRITICAL | 9.8 | Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerabili | Cross-platform | Remote Code Execution | 2026-05-13 | — |
| CVE-2026-8463 | MEDIUM | 5.3 | Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bo | Cross-platform | Memory Corruption | 2026-05-13 | — |
| CVE-2026-4609 | HIGH | 7.1 | The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is | Cross-platform | Vulnerability | 2026-05-13 | — |
| CVE-2026-4798 | HIGH | 7.5 | The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection | Cross-platform | Remote Code Execution | 2026-05-13 | — |
| CVE-2026-2515 | MEDIUM | 5.3 | The Hostinger Reach – AI-Powered Email Marketing for WordPress plugin for WordPr | Cross-platform | Vulnerability | 2026-05-13 | — |
| CVE-2026-5441 | HIGH | 7.1 | An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of | Cross-platform | Memory Corruption | 2026-04-09 | — |
| CVE-2026-20406 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to an uncaught exception. This co | Cross-platform | Vulnerability | 2026-02-02 | — |
| CVE-2025-20760 | MEDIUM | 6.5 | In Modem, there is a possible read of uninitialized heap data due to an uncaught | Cross-platform | Vulnerability | 2026-01-06 | — |
| CVE-2025-2879 | MEDIUM | 5.1 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm | Linux | Vulnerability | 2025-12-01 | — |
| CVE-2026-0029 | HIGH | 8.4 | In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logi | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-20426 | MEDIUM | 6.7 | In display, there is a possible out of bounds write due to a missing bounds chec | Cross-platform | Memory Corruption | 2026-03-02 | — |
| CVE-2026-5760 | CRITICAL | 9.8 | SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) wh | Cross-platform | Remote Code Execution | 2026-04-20 | — |
| CVE-2026-20402 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to improper input validation. Thi | Cross-platform | Vulnerability | 2026-02-02 | — |
| CVE-2025-48574 | HIGH | 8.4 | In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an | Cross-platform | Remote Code Execution | 2026-03-02 | — |
| CVE-2025-48645 | HIGH | 7.8 | In loadDescription of DeviceAdminInfo.java, there is a possible persistent packa | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-34645 | HIGH | 7.5 | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2 | Cross-platform | Remote Code Execution | 2026-05-12 | — |
| CVE-2026-23827 | HIGH | 7.5 | A heap-based buffer overflow vulnerability exists in a Network management servic | Network | Remote Code Execution | 2026-05-12 | — |
| CVE-2026-23826 | HIGH | 7.5 | A vulnerability in a network management service of AOS-8 Operating System could | Network | Vulnerability | 2026-05-12 | — |
| CVE-2026-23825 | HIGH | 7.5 | Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Opera | Network | Vulnerability | 2026-05-12 | — |
| CVE-2026-23824 | HIGH | 7.5 | Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Opera | Network | Vulnerability | 2026-05-12 | — |
| CVE-2026-40638 | MEDIUM | 6.7 | Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution w | Cross-platform | Vulnerability | 2026-05-12 | — |
| CVE-2026-40016 | MEDIUM | 5.3 | Attacker can upload a malicious Sieve script over ManageSieve service (or locall | Cross-platform | Vulnerability | 2026-05-12 | — |
| CVE-2026-35071 | HIGH | 8.2 | Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper ne | Cross-platform | Vulnerability | 2026-05-12 | — |
| CVE-2026-33603 | MEDIUM | 6.8 | Attacker can use a specially crafted base64 exchange between Dovecot and Client | Cross-platform | Vulnerability | 2026-05-12 | — |
| CVE-2026-27851 | HIGH | 7.4 | When safe filter is used with variable expansion, all following pipelines on the | Cross-platform | Vulnerability | 2026-05-12 | — |
| CVE-2026-39432 | HIGH | 8.2 | Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Inco | Cross-platform | Vulnerability | 2026-05-12 | — |
| CVE-2026-1185 | MEDIUM | 5.4 | A configuration file on the local file system had improper input validation whic | Cross-platform | Privilege Escalation | 2026-05-12 | — |
| CVE-2026-0804 | MEDIUM | 6.7 | An ACAP configuration file lacked sufficient input validation, which could allow | Cross-platform | Privilege Escalation | 2026-05-12 | — |
| CVE-2026-0802 | MEDIUM | 6.0 | An ACAP configuration file lacked sufficient input validation, which could allow | Cross-platform | Privilege Escalation | 2026-05-12 | — |
| CVE-2026-0541 | MEDIUM | 6.7 | ACAP applications can gain elevated privileges due to improper input validation | Cross-platform | Privilege Escalation | 2026-05-12 | — |
| CVE-2026-7255 | MEDIUM | 6.5 | ** UNSUPPORTED WHEN ASSIGNED ** An improper restriction of excessive authenticat | Cross-platform | Remote Code Execution | 2026-05-12 | — |
| CVE-2026-45430 | HIGH | 7.1 | The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a | Cross-platform | Remote Code Execution | 2026-05-12 | — |
| CVE-2026-34263 | CRITICAL | 9.6 | Due to improper Spring Security configuration, SAP Commerce cloud allows an unau | Cloud | Remote Code Execution | 2026-05-12 | — |
| CVE-2026-34260 | CRITICAL | 9.6 | SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerabil | Cross-platform | Vulnerability | 2026-05-12 | — |
| CVE-2026-34259 | HIGH | 8.2 | Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment | Cross-platform | Vulnerability | 2026-05-12 | — |
| CVE-2025-64784 | HIGH | 7.1 | DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow | Cross-platform | Buffer Overflow | 2025-12-09 | — |
| CVE-2026-0047 | HIGH | 8.4 | In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-20422 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to improper input validation. Thi | Cross-platform | Vulnerability | 2026-02-02 | — |
| CVE-2025-38618 | HIGH | 7.8 | In the Linux kernel, the following vulnerability has been resolved:
vsock: Do n | Linux | Use After Free | 2025-08-22 | — |
| CVE-2026-20428 | MEDIUM | 6.7 | In display, there is a possible out of bounds write due to a missing bounds chec | Cross-platform | Memory Corruption | 2026-03-02 | — |
| CVE-2026-44199 | MEDIUM | 6.5 | Wagtail is an open source content management system built on Django. Prior to 7 | Cross-platform | Remote Code Execution | 2026-05-11 | — |
| CVE-2026-44197 | MEDIUM | 6.5 | Wagtail is an open source content management system built on Django. Prior to 7 | Cross-platform | Remote Code Execution | 2026-05-11 | — |
| CVE-2026-42611 | HIGH | 8.9 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with | Cross-platform | Remote Code Execution | 2026-05-11 | — |
| CVE-2026-42607 | CRITICAL | 9.1 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user | Cross-platform | Remote Code Execution | 2026-05-11 | — |
| CVE-2026-4802 | HIGH | 8.0 | A flaw was found in Cockpit. This vulnerability allows a remote attacker to achi | Cross-platform | Vulnerability | 2026-05-11 | — |
| CVE-2025-8325 | MEDIUM | 6.3 | The software fails to enforce role-based access controls for certain Gateway API | Cross-platform | Remote Code Execution | 2026-05-11 | — |
| CVE-2025-8154 | MEDIUM | 5.3 | In Webhook API invocations, the component accepts user-supplied input for HTTP r | Cross-platform | Vulnerability | 2026-05-11 | — |
| CVE-2025-43992 | MEDIUM | 5.6 | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to | Cross-platform | Authentication Bypass | 2026-05-11 | — |
| CVE-2024-0391 | MEDIUM | 5.3 | The check user account lock states feature within the email OTP flow fails to va | Cross-platform | Remote Code Execution | 2026-05-11 | — |
| CVE-2026-43500 | HIGH | 7.8 | In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Also | Linux | Remote Code Execution | 2026-05-11 | — |
| CVE-2026-0020 | HIGH | 8.4 | In parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way t | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2025-48605 | HIGH | 8.4 | In multiple functions of KeyguardViewMediator.java, there is a possible lockscre | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-1677 | MEDIUM | 5.3 | Zephyr sockets created with `IPPROTO_TLS_1_3` can still negotiate a TLS 1.2 conn | Cross-platform | Remote Code Execution | 2026-05-11 | — |
| CVE-2026-8274 | MEDIUM | 5.3 | A security vulnerability has been detected in npitre cramfs-tools up to 2.1. Aff | Cross-platform | Vulnerability | 2026-05-11 | — |
| CVE-2026-8264 | MEDIUM | 6.3 | A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulner | Cross-platform | Vulnerability | 2026-05-11 | — |
| CVE-2026-5444 | HIGH | 7.1 | A heap buffer overflow vulnerability exists in the PAM image parsing logic. When | Android | Buffer Overflow | 2026-04-09 | — |
| CVE-2025-48642 | MEDIUM | 5.5 | In jump_to_payload of payload.rs, there is a possible information disclosure due | Cross-platform | Information Disclosure | 2026-03-02 | — |
| CVE-2026-8261 | MEDIUM | 5.9 | A vulnerability was determined in Squirrel up to 3.2. This affects the function | Cross-platform | Buffer Overflow | 2026-05-11 | — |
| CVE-2026-8260 | HIGH | 8.8 | A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element | Cross-platform | Buffer Overflow | 2026-05-11 | — |
| CVE-2026-8258 | MEDIUM | 5.3 | A flaw has been found in Squirrel up to 3.2. Impacted is the function validate_f | Cross-platform | Buffer Overflow | 2026-05-11 | — |
| CVE-2021-47935 | HIGH | 8.8 | Sentry 8.2.0 contains a remote code execution vulnerability that allows authenti | Cross-platform | Remote Code Execution | 2026-05-10 | — |
| CVE-2021-47933 | CRITICAL | 9.8 | WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that | Cross-platform | Remote Code Execution | 2026-05-10 | — |
| CVE-2021-47932 | CRITICAL | 9.8 | WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation | Cross-platform | Privilege Escalation | 2026-05-10 | — |
| CVE-2021-47931 | MEDIUM | 6.4 | Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allow | Cross-platform | Remote Code Execution | 2026-05-10 | — |
| CVE-2021-47927 | MEDIUM | 6.4 | WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting | Cross-platform | Vulnerability | 2026-05-10 | — |
| CVE-2026-8244 | MEDIUM | 5.3 | A vulnerability was identified in Industrial Application Software IAS Canias ERP | Cross-platform | Vulnerability | 2026-05-10 | — |
| CVE-2026-8241 | MEDIUM | 5.3 | A vulnerability has been found in Industrial Application Software IAS Canias ERP | Cross-platform | Vulnerability | 2026-05-10 | — |
| CVE-2026-8235 | MEDIUM | 5.5 | A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects | Linux | Vulnerability | 2026-05-10 | — |
| CVE-2026-8234 | HIGH | 8.8 | A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vu | Cross-platform | Buffer Overflow | 2026-05-10 | — |
| CVE-2026-8231 | MEDIUM | 6.3 | A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0 | Cross-platform | Vulnerability | 2026-05-10 | — |
| CVE-2026-8223 | MEDIUM | 5.3 | A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability | Cross-platform | Vulnerability | 2026-05-10 | — |
| CVE-2026-8222 | MEDIUM | 5.3 | A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function | Cross-platform | Vulnerability | 2026-05-10 | — |
| CVE-2026-8217 | MEDIUM | 6.3 | A security flaw has been discovered in Industrial Application Software IAS Cania | Cross-platform | Vulnerability | 2026-05-10 | — |
| CVE-2026-8215 | MEDIUM | 5.3 | A vulnerability was determined in Industrial Application Software IAS Canias ERP | Cross-platform | Remote Code Execution | 2026-05-10 | — |
| CVE-2026-8214 | MEDIUM | 5.3 | A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03 | Cross-platform | Vulnerability | 2026-05-10 | — |
| CVE-2026-8210 | MEDIUM | 5.3 | A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Li | Linux | Vulnerability | 2026-05-09 | — |
| CVE-2026-42605 | HIGH | 8.8 | AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to vers | Cross-platform | Remote Code Execution | 2026-05-09 | — |
| CVE-2026-42576 | MEDIUM | 6.5 | apko allows users to build and publish OCI container images built from apk packa | Cross-platform | Vulnerability | 2026-05-09 | — |
| CVE-2026-42575 | HIGH | 7.5 | apko allows users to build and publish OCI container images built from apk packa | Cross-platform | Vulnerability | 2026-05-09 | — |
| CVE-2026-42574 | HIGH | 7.5 | apko allows users to build and publish OCI container images built from apk packa | Cross-platform | Vulnerability | 2026-05-09 | — |
| CVE-2026-0013 | HIGH | 8.4 | In setupLayout of PickActivity.java, there is a possible way to start any activi | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-8190 | MEDIUM | 6.3 | A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by thi | Cross-platform | Vulnerability | 2026-05-09 | — |
| CVE-2026-8189 | MEDIUM | 6.3 | A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vul | Cross-platform | Vulnerability | 2026-05-09 | — |
| CVE-2026-8188 | MEDIUM | 6.3 | A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the | Cross-platform | Vulnerability | 2026-05-09 | — |
| CVE-2026-8198 | MEDIUM | 5.3 | The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity | Cross-platform | Authentication Bypass | 2026-05-09 | — |
| CVE-2026-5756 | HIGH | 7.5 | Unauthenticated Configuration File Modification Vulnerability in DRC Central Off | Cross-platform | Remote Code Execution | 2026-04-14 | — |
| CVE-2026-8186 | MEDIUM | 5.3 | A vulnerability was detected in Open5GS up to 2.7.7. This affects the function o | Cross-platform | Memory Corruption | 2026-05-09 | — |
| CVE-2026-8187 | MEDIUM | 5.3 | A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u | Cross-platform | Remote Code Execution | 2026-05-09 | — |
| CVE-2026-3828 | HIGH | 7.2 | Some Hikvision switch products (discontinued since December 2023) are vulnerable | Cross-platform | Vulnerability | 2026-05-09 | — |
| CVE-2026-32683 | MEDIUM | 5.3 | Some EZVIZ products utilize older versions of cloud feature modules with legacy | Cloud | Vulnerability | 2026-05-09 | — |
| CVE-2025-48602 | HIGH | 8.4 | In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.jav | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-20404 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to improper input validation. Thi | Cross-platform | Vulnerability | 2026-02-02 | — |
| CVE-2026-0025 | HIGH | 8.4 | In hasImage of Notification.java, there is a possible way to reveal information | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-0032 | HIGH | 7.8 | In multiple functions of mem_protect.c, there is a possible out-of-bounds write | Cross-platform | Memory Corruption | 2026-03-02 | — |
| CVE-2026-42296 | HIGH | 8.1 | Argo Workflows is an open source container-native workflow engine for orchestrat | Cloud | Remote Code Execution | 2026-05-09 | — |
| CVE-2026-42192 | MEDIUM | 5.4 | Plunk is an open-source email platform built on top of AWS SES. Prior to version | Cross-platform | Remote Code Execution | 2026-05-08 | — |
| CVE-2026-44400 | HIGH | 8.1 | MailEnable Enterprise Premium 10.55 and earlier contains an improper authorizati | Cross-platform | Vulnerability | 2026-05-08 | — |
| CVE-2026-7807 | HIGH | 8.1 | SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vul | Cross-platform | Vulnerability | 2026-05-08 | — |
| CVE-2026-42190 | MEDIUM | 5.3 | RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to befo | Cross-platform | Remote Code Execution | 2026-05-08 | — |
| CVE-2026-42185 | MEDIUM | 5.5 | People is an application to handle users and teams, and distribute permissions a | Cross-platform | Vulnerability | 2026-05-08 | — |
| CVE-2026-2275 | CRITICAL | 9.6 | The CrewAI CodeInterpreter tool falls back to SandboxPython when it cannot reach | Cloud | Remote Code Execution | 2026-03-30 | — |
| CVE-2026-41512 | CRITICAL | 9.9 | ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0 | Cross-platform | Remote Code Execution | 2026-05-08 | — |
| CVE-2026-41507 | CRITICAL | 9.8 | math-codegen generates code from mathematical expressions. Prior to version 0.4 | Cross-platform | Remote Code Execution | 2026-05-08 | — |
| CVE-2026-41496 | HIGH | 8.1 | PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and pr | Cross-platform | Vulnerability | 2026-05-08 | — |
| CVE-2026-25077 | MEDIUM | 6.3 | Account users are allowed by default to register templates to be downloaded dire | Cloud | Remote Code Execution | 2026-05-08 | — |
| CVE-2026-31431 | HIGH | 7.8 | In the Linux kernel, the following vulnerability has been resolved:
crypto: alg | Linux | Remote Code Execution | 2026-04-22 | YES |
| CVE-2026-0034 | HIGH | 8.4 | In setPackageOrComponentEnabled of ManagedServices.java, there is a possible not | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2026-0023 | HIGH | 7.8 | In createSessionInternal of PackageInstallerService.java, there is a possible wa | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2025-69233 | MEDIUM | 6.5 | Due to multiple time-of-check time-of-use race conditions in the resource count | Cloud | Remote Code Execution | 2026-05-08 | — |
| CVE-2022-50994 | HIGH | 8.1 | DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command inje | Cross-platform | Remote Code Execution | 2026-05-08 | — |
| CVE-2026-41500 | CRITICAL | 9.8 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft | Cross-platform | Remote Code Execution | 2026-05-08 | — |
| CVE-2026-8128 | HIGH | 7.3 | A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affecte | Cross-platform | Remote Code Execution | 2026-05-08 | — |
| CVE-2026-8127 | MEDIUM | 6.3 | A vulnerability has been found in eladmin up to 2.7. Impacted is the function ch | Cross-platform | Vulnerability | 2026-05-08 | — |
| CVE-2026-8126 | HIGH | 7.3 | A flaw has been found in SourceCodester Comment System 1.0. This issue affects s | Cross-platform | Remote Code Execution | 2026-05-08 | — |
| CVE-2026-8125 | MEDIUM | 6.3 | A vulnerability was detected in code-projects Simple Chat System 1.0. This vulne | Cross-platform | Vulnerability | 2026-05-08 | — |
| CVE-2026-8098 | HIGH | 7.3 | A security vulnerability has been detected in code-projects Feedback System 1.0 | Cross-platform | Vulnerability | 2026-05-07 | — |
| CVE-2026-8097 | MEDIUM | 6.3 | A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vuln | Cross-platform | Vulnerability | 2026-05-07 | — |
| CVE-2026-41691 | MEDIUM | 6.5 | Copilot said: i18nextify is a JavaScript library that adds
i18nextify is a JavaS | Cross-platform | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-8087 | MEDIUM | 5.3 | A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is | Cross-platform | Buffer Overflow | 2026-05-07 | — |
| CVE-2026-42239 | HIGH | 8.1 | Budibase is an open-source low-code platform. Prior to version 3.35.10, the budi | Cross-platform | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-41689 | MEDIUM | 6.0 | Wallos is an open-source, self-hostable personal subscription tracker. In versio | Cross-platform | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-41688 | HIGH | 7.7 | Wallos is an open-source, self-hostable personal subscription tracker. In versio | Cross-platform | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-41589 | CRITICAL | 9.6 | Wish is an SSH server with defaults and a collection of middlewares. From versio | Cross-platform | Vulnerability | 2026-05-07 | — |
| CVE-2025-14341 | HIGH | 8.3 | Improperly controlled modification of Dynamically-Determined object attributes, | Cross-platform | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-8093 | HIGH | 7.5 | Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidenc | Cross-platform | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-27329 | MEDIUM | 5.3 | Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooC | Cross-platform | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-25436 | MEDIUM | 5.3 | Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exp | Cross-platform | Vulnerability | 2026-05-07 | — |
| CVE-2025-66105 | MEDIUM | 5.3 | Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with S | Cross-platform | Vulnerability | 2026-05-07 | — |
| CVE-2025-1978 | HIGH | 8.3 | Remote Code Execution Vulnerability in Hitachi Storage Navigator and the mainten | Cross-platform | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-44406 | MEDIUM | 5.7 | ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSm | Cloud | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-41655 | MEDIUM | 6.5 | Admidio is an open-source user management solution. Prior to version 5.0.9, the | Cross-platform | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-41201 | CRITICAL | 9.1 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo | Cross-platform | Privilege Escalation | 2026-05-07 | — |
| CVE-2026-40004 | MEDIUM | 5.5 | There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC c | Cloud | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-6222 | MEDIUM | 5.3 | The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization | Cross-platform | Remote Code Execution | 2026-05-07 | — |
| CVE-2026-40003 | MEDIUM | 5.1 | ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory wri | Cross-platform | Vulnerability | 2026-05-07 | — |
| CVE-2026-43582 | MEDIUM | 6.3 | OpenClaw before 2026.4.10 contains a server-side request forgery vulnerability i | Network | Remote Code Execution | 2026-05-06 | — |
| CVE-2026-43581 | CRITICAL | 9.6 | OpenClaw before 2026.4.10 contains an improper network binding vulnerability in | Network | Vulnerability | 2026-05-06 | — |
| CVE-2026-43580 | HIGH | 7.7 | OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability | Cross-platform | Remote Code Execution | 2026-05-06 | — |
| CVE-2026-43578 | CRITICAL | 9.1 | OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vuln | Cross-platform | Privilege Escalation | 2026-05-06 | — |
| CVE-2026-43575 | CRITICAL | 9.8 | OpenClaw versions 2026.2.21 before 2026.4.10 contain an authentication bypass vu | Cross-platform | Authentication Bypass | 2026-05-06 | — |
| CVE-2026-20167 | HIGH | 7.7 | A vulnerability in the web-based management interface of Cisco IoT Field Network | Network | Vulnerability | 2026-05-06 | — |
| CVE-2026-20035 | HIGH | 7.2 | A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an | Network | Remote Code Execution | 2026-05-06 | — |
| CVE-2026-20034 | HIGH | 8.8 | A vulnerability in the web-based management interface of Cisco Unity Connection | Network | Remote Code Execution | 2026-05-06 | — |
| CVE-2026-6691 | HIGH | 7.8 | The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying dur | Network | Buffer Overflow | 2026-05-06 | — |
| CVE-2026-40562 | HIGH | 7.5 | Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Imprope | Cross-platform | Vulnerability | 2026-05-06 | — |
| CVE-2026-3059 | CRITICAL | 9.8 | SGLang's multimodal generation module is vulnerable to unauthenticated remote co | Cross-platform | Remote Code Execution | 2026-03-12 | — |
| CVE-2026-6420 | MEDIUM | 6.3 | A flaw was found in Keylime. An attacker with root access on an enrolled monitor | Cross-platform | Vulnerability | 2026-05-06 | — |
| CVE-2025-31970 | MEDIUM | 5.3 | HCL DFXAnalytics is affected by an Insecure Security Header configuration vulner | Cross-platform | Vulnerability | 2026-05-06 | — |
| CVE-2026-40001 | MEDIUM | 5.2 | There is a local privilege escalation vulnerability in the ZTE PROCESS Guard ser | Cloud | Remote Code Execution | 2026-05-06 | — |
| CVE-2026-35255 | MEDIUM | 6.6 | Vulnerability in the Oracle Cloud Native Environment Command Line Interface prod | Cloud | Remote Code Execution | 2026-05-06 | — |
| CVE-2026-0008 | HIGH | 8.4 | In multiple locations, there is a possible privilege escalation due to a confus | Cross-platform | Privilege Escalation | 2026-03-02 | — |
| CVE-2026-7841 | HIGH | 8.8 | A remote code execution vulnerability
exists in Notification Settings on GeoVisi | Cross-platform | Remote Code Execution | 2026-05-06 | — |
| CVE-2026-7332 | HIGH | 7.2 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for W | Cross-platform | Vulnerability | 2026-05-06 | — |
| CVE-2026-35254 | MEDIUM | 6.1 | Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The | Network | Remote Code Execution | 2026-05-06 | — |
| CVE-2026-3208 | MEDIUM | 5.3 | The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to | Cross-platform | Remote Code Execution | 2026-05-06 | — |
| CVE-2026-20449 | MEDIUM | 6.5 | In Modem, there is a possible system crash due to a heap buffer overflow. This c | Cross-platform | Buffer Overflow | 2026-05-04 | — |
| CVE-2026-41950 | MEDIUM | 6.5 | Dify before version 1.14.0 contains an authorization bypass vulnerability that a | Cross-platform | Vulnerability | 2026-05-05 | — |
| CVE-2026-7857 | HIGH | 7.2 | A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability | Cross-platform | Buffer Overflow | 2026-05-05 | — |
| CVE-2026-7856 | HIGH | 7.2 | A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part | Cross-platform | Buffer Overflow | 2026-05-05 | — |
| CVE-2026-44331 | HIGH | 8.1 | In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqlta | Cross-platform | Vulnerability | 2026-05-05 | — |
| CVE-2026-42433 | MEDIUM | 6.5 | OpenClaw before 2026.4.10 contains an authorization bypass vulnerability allowin | Cross-platform | Vulnerability | 2026-05-05 | — |
| CVE-2023-54347 | HIGH | 7.5 | OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows a | Cross-platform | Remote Code Execution | 2026-05-05 | — |
| CVE-2023-54345 | HIGH | 8.8 | Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in Restr | Cross-platform | Remote Code Execution | 2026-05-05 | — |
| CVE-2023-54344 | CRITICAL | 9.8 | Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerab | Cross-platform | Remote Code Execution | 2026-05-05 | — |
| CVE-2023-54342 | CRITICAL | 9.8 | Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution v | Cross-platform | Remote Code Execution | 2026-05-05 | — |
| CVE-2026-5159 | MEDIUM | 6.4 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cros | Cross-platform | Vulnerability | 2026-05-05 | — |
| CVE-2026-35228 | HIGH | 8.7 | Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source | Network | Remote Code Execution | 2026-05-05 | — |
| CVE-2025-13618 | CRITICAL | 9.8 | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all | Cross-platform | Privilege Escalation | 2026-05-05 | — |
| CVE-2026-5722 | CRITICAL | 9.8 | The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass | Cross-platform | Authentication Bypass | 2026-05-05 | — |
| CVE-2026-44028 | HIGH | 7.5 | An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded re | Cross-platform | Remote Code Execution | 2026-05-05 | — |
| CVE-2026-7783 | MEDIUM | 6.3 | A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability a | Cross-platform | Vulnerability | 2026-05-05 | — |
| CVE-2026-7782 | MEDIUM | 6.3 | A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7791 | HIGH | 7.8 | Improper privilege management in the log rotation mechanism of the Skylight Work | Windows | Privilege Escalation | 2026-05-04 | — |
| CVE-2026-42223 | MEDIUM | 6.5 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3 | Cloud | Remote Code Execution | 2026-05-04 | — |
| CVE-2026-6321 | HIGH | 7.5 | fast-uri decoded percent-encoded path separators and dot segments before applyin | Cross-platform | Remote Code Execution | 2026-05-04 | — |
| CVE-2026-23918 | HIGH | 8.8 | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 | Cross-platform | Remote Code Execution | 2026-05-04 | — |
| CVE-2026-34032 | MEDIUM | 5.3 | Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Serve | Cross-platform | Memory Corruption | 2026-05-04 | — |
| CVE-2026-33857 | MEDIUM | 5.3 | Out-of-bounds Read vulnerability in mod_proxy_ajp of
Apache HTTP Server.
This | Cross-platform | Memory Corruption | 2026-05-04 | — |
| CVE-2025-58074 | HIGH | 8.8 | A privilege escalation vulnerability exists during the installation of Norton Se | Windows | Privilege Escalation | 2026-05-04 | — |
| CVE-2026-7482 | CRITICAL | 9.1 | Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGU | Cross-platform | Memory Corruption | 2026-05-04 | — |
| CVE-2026-7743 | MEDIUM | 6.3 | A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted e | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7742 | MEDIUM | 6.3 | A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7741 | MEDIUM | 6.3 | A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an u | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7738 | MEDIUM | 6.3 | A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affe | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7737 | MEDIUM | 5.3 | A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue | Cross-platform | Memory Corruption | 2026-05-04 | — |
| CVE-2026-7722 | MEDIUM | 5.3 | A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7721 | MEDIUM | 6.3 | A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B2019022 | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7720 | MEDIUM | 6.3 | A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impac | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7719 | CRITICAL | 9.8 | A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The | Cross-platform | Buffer Overflow | 2026-05-04 | — |
| CVE-2026-7718 | MEDIUM | 6.3 | A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7712 | MEDIUM | 6.3 | A security vulnerability has been detected in MindsDB up to 26.01. Affected is t | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7711 | HIGH | 7.3 | A weakness has been identified in MindsDB up to 26.01. This impacts the function | Cross-platform | Vulnerability | 2026-05-04 | — |
| CVE-2026-7710 | HIGH | 7.3 | A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affe | Cloud | Vulnerability | 2026-05-04 | — |
| CVE-2026-7709 | MEDIUM | 6.3 | A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacte | Cross-platform | Vulnerability | 2026-05-03 | — |
| CVE-2026-7705 | MEDIUM | 6.3 | A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects | Cloud | Vulnerability | 2026-05-03 | — |
| CVE-2026-7699 | MEDIUM | 6.3 | A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by | Cross-platform | Vulnerability | 2026-05-03 | — |
| CVE-2026-7698 | HIGH | 7.3 | A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7 | Cross-platform | Vulnerability | 2026-05-03 | — |
| CVE-2026-7696 | MEDIUM | 6.3 | A vulnerability was found in Acrel Electrical EEMS Enterprise Power Operation an | Cloud | Vulnerability | 2026-05-03 | — |
| CVE-2026-7695 | HIGH | 7.3 | A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operati | Cloud | Vulnerability | 2026-05-03 | — |
| CVE-2026-7694 | HIGH | 7.3 | A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Effi | Cross-platform | Vulnerability | 2026-05-03 | — |
| CVE-2026-7687 | MEDIUM | 6.3 | A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by | Cross-platform | Vulnerability | 2026-05-03 | — |
| CVE-2026-7686 | MEDIUM | 5.3 | A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected | Cross-platform | Vulnerability | 2026-05-03 | — |
| CVE-2026-7685 | HIGH | 8.8 | A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unkn | Cross-platform | Buffer Overflow | 2026-05-03 | — |
| CVE-2026-7684 | HIGH | 8.8 | A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This | Cross-platform | Buffer Overflow | 2026-05-03 | — |
| CVE-2026-7683 | MEDIUM | 6.3 | A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an u | Cross-platform | Vulnerability | 2026-05-03 | — |
| CVE-2026-7682 | MEDIUM | 6.3 | A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted eleme | Cross-platform | Vulnerability | 2026-05-03 | — |
| CVE-2026-7681 | MEDIUM | 6.5 | A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11 | Cross-platform | Vulnerability | 2026-05-03 | — |
| CVE-2026-7679 | HIGH | 7.3 | A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This im | Cloud | Vulnerability | 2026-05-03 | — |
| CVE-2026-7678 | MEDIUM | 6.3 | A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects | Cloud | Vulnerability | 2026-05-03 | — |
| CVE-2026-7675 | HIGH | 8.8 | A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to | Cross-platform | Buffer Overflow | 2026-05-03 | — |
| CVE-2026-7674 | HIGH | 8.8 | A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. T | Network | Buffer Overflow | 2026-05-03 | — |
| CVE-2026-7672 | MEDIUM | 6.3 | A security vulnerability has been detected in youlaitech youlai-boot up to 2.21 | Cross-platform | Vulnerability | 2026-05-03 | — |
| CVE-2026-7670 | HIGH | 7.3 | A flaw has been found in Jinher OA 1.0. The affected element is an unknown funct | Cross-platform | Vulnerability | 2026-05-02 | — |
| CVE-2026-7669 | MEDIUM | 5.6 | A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the | Cross-platform | Vulnerability | 2026-05-02 | — |
| CVE-2026-7668 | HIGH | 7.3 | A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability a | Network | Memory Corruption | 2026-05-02 | — |
| CVE-2026-2554 | HIGH | 8.1 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Lis | Cross-platform | Remote Code Execution | 2026-05-02 | — |
| CVE-2026-0703 | MEDIUM | 6.4 | The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulne | Cross-platform | Remote Code Execution | 2026-05-02 | — |
| CVE-2026-7628 | MEDIUM | 6.3 | A vulnerability was detected in crazyrabbitLTC mcp-code-review-server up to 0.1 | Cross-platform | Vulnerability | 2026-05-02 | — |
| CVE-2026-4100 | HIGH | 7.1 | The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modi | Cross-platform | Vulnerability | 2026-05-02 | — |
| CVE-2026-4061 | HIGH | 7.5 | The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection vi | Cross-platform | Vulnerability | 2026-05-02 | — |
| CVE-2026-7649 | HIGH | 7.5 | The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profi | Cross-platform | Vulnerability | 2026-05-02 | — |
| CVE-2026-7607 | HIGH | 8.8 | A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impac | Cross-platform | Buffer Overflow | 2026-05-02 | — |
| CVE-2026-2052 | HIGH | 8.8 | The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Clas | Cross-platform | Remote Code Execution | 2026-05-02 | — |
| CVE-2026-7605 | MEDIUM | 6.3 | A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability | Cross-platform | Vulnerability | 2026-05-02 | — |
| CVE-2026-7049 | HIGH | 7.2 | The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is v | Android | Vulnerability | 2026-05-02 | — |
| CVE-2026-6963 | HIGH | 8.8 | The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access du | Cross-platform | Privilege Escalation | 2026-05-02 | — |
| CVE-2026-4882 | CRITICAL | 9.8 | The User Registration Advanced Fields plugin for WordPress is vulnerable to arbi | Cross-platform | Remote Code Execution | 2026-05-02 | — |
| CVE-2026-7638 | MEDIUM | 5.3 | The App Builder – Create Native Android & iOS Apps On The Flight plugin for Word | Android | Vulnerability | 2026-05-02 | — |
| CVE-2026-7602 | MEDIUM | 6.3 | A vulnerability was found in JeecgBoot up to 3.9.1. Affected by this vulnerabili | Cross-platform | Vulnerability | 2026-05-02 | — |
| CVE-2026-7600 | MEDIUM | 6.3 | A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the functi | Cross-platform | Vulnerability | 2026-05-02 | — |
| CVE-2026-7597 | MEDIUM | 6.3 | A vulnerability was found in mem0ai mem0 up to 1.0.11. This affects the function | Cross-platform | Vulnerability | 2026-05-01 | — |
| CVE-2026-7595 | MEDIUM | 6.3 | A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affec | Cross-platform | Vulnerability | 2026-05-01 | — |
| CVE-2026-7594 | HIGH | 7.3 | A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is th | Cross-platform | Vulnerability | 2026-05-01 | — |
| CVE-2026-7593 | HIGH | 7.3 | A security vulnerability has been detected in Sunwood-ai-labs command-executor-m | Cross-platform | Vulnerability | 2026-05-01 | — |
| CVE-2026-7592 | HIGH | 7.3 | A weakness has been identified in itsourcecode Courier Management System 1.0. Th | Cross-platform | Remote Code Execution | 2026-05-01 | — |
| CVE-2026-7582 | MEDIUM | 5.3 | A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2 | Cross-platform | Memory Corruption | 2026-05-01 | — |
| CVE-2026-42484 | CRITICAL | 9.8 | A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashca | Cross-platform | Remote Code Execution | 2026-05-01 | — |
| CVE-2026-42483 | CRITICAL | 9.8 | A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allow | Cross-platform | Remote Code Execution | 2026-05-01 | — |
| CVE-2026-42482 | CRITICAL | 9.8 | A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() | Cross-platform | Remote Code Execution | 2026-05-01 | — |
| CVE-2026-7580 | MEDIUM | 5.3 | A vulnerability was detected in Exiftool up to 13.53. Impacted is the function P | Cross-platform | Remote Code Execution | 2026-05-01 | — |
| CVE-2026-7579 | HIGH | 7.3 | A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. | Cross-platform | Vulnerability | 2026-05-01 | — |
| CVE-2026-7567 | CRITICAL | 9.8 | The Temporary Login plugin for WordPress is vulnerable to Authentication Bypass | Cross-platform | Authentication Bypass | 2026-05-01 | — |
| CVE-2026-7584 | HIGH | 7.8 | The LabOne Q serialization framework uses a class-loading mechanism (import_cls) | Cross-platform | Remote Code Execution | 2026-05-01 | — |
| CVE-2026-7555 | HIGH | 7.3 | A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Th | Cross-platform | Remote Code Execution | 2026-05-01 | — |
| CVE-2026-7554 | MEDIUM | 5.6 | A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this iss | Cross-platform | Vulnerability | 2026-05-01 | — |
| CVE-2026-7546 | CRITICAL | 9.8 | A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279_B2021 | Cross-platform | Buffer Overflow | 2026-05-01 | — |
| CVE-2026-7545 | HIGH | 7.3 | A weakness has been identified in SourceCodester Advanced School Management Syst | Cross-platform | Remote Code Execution | 2026-05-01 | — |
| CVE-2026-7538 | CRITICAL | 9.8 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This iss | Cross-platform | Vulnerability | 2026-05-01 | — |
| CVE-2026-7536 | MEDIUM | 5.3 | A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affect | Cross-platform | Vulnerability | 2026-05-01 | — |
| CVE-2026-7519 | HIGH | 7.3 | A vulnerability has been found in Fujian Apex LiveBOS up to 2.0. Impacted is an | Cross-platform | Vulnerability | 2026-05-01 | — |
| CVE-2026-40685 | MEDIUM | 6.5 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write | Cross-platform | Memory Corruption | 2026-04-30 | — |
| CVE-2026-2311 | MEDIUM | 6.4 | IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by | Cross-platform | Privilege Escalation | 2026-04-30 | — |
| CVE-2025-36122 | MEDIUM | 6.5 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Win | Windows | Remote Code Execution | 2026-04-30 | — |
| CVE-2026-7435 | HIGH | 7.2 | SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag wh | Cross-platform | Authentication Bypass | 2026-04-30 | — |
| CVE-2026-28532 | MEDIUM | 6.5 | FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF | Network | Memory Corruption | 2026-04-30 | — |
| CVE-2026-36959 | HIGH | 7.5 | U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout p | Network | Remote Code Execution | 2026-04-30 | — |
| CVE-2026-36958 | HIGH | 7.5 | A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless rou | Network | Remote Code Execution | 2026-04-30 | — |
| CVE-2026-36957 | HIGH | 7.5 | Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial | Linux | Remote Code Execution | 2026-04-30 | — |
| CVE-2026-7163 | MEDIUM | 6.1 | A vulnerability in the assisted-service REST API, an optional Assisted Installer | Cross-platform | Vulnerability | 2026-04-30 | — |
| CVE-2026-2892 | HIGH | 7.5 | The Otter Blocks plugin for WordPress is vulnerable to Purchase Verification Byp | Cross-platform | Remote Code Execution | 2026-04-30 | — |
| CVE-2026-0049 | MEDIUM | 6.2 | In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent de | Cross-platform | Remote Code Execution | 2026-04-06 | — |
| CVE-2025-48636 | HIGH | 8.4 | In openFile of BugreportContentProvider.java, there is a possible way to read an | Cross-platform | Vulnerability | 2026-03-02 | — |
| CVE-2025-48650 | HIGH | 8.4 | In multiple locations, there is a possible information disclosure due to SQL inj | Cross-platform | Information Disclosure | 2026-03-02 | — |
| CVE-2026-6498 | MEDIUM | 5.3 | The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a pa | Cross-platform | Vulnerability | 2026-04-30 | — |
| CVE-2026-42799 | HIGH | 7.4 | Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow | Cross-platform | Memory Corruption | 2026-04-30 | — |
| CVE-2025-39946 | CRITICAL | 9.8 | In the Linux kernel, the following vulnerability has been resolved:
tls: make s | Linux | Vulnerability | 2025-10-04 | — |
| CVE-2026-7470 | HIGH | 8.8 | A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected | Cross-platform | Buffer Overflow | 2026-04-30 | — |
| CVE-2026-7469 | MEDIUM | 6.3 | A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Th | Cross-platform | Vulnerability | 2026-04-30 | — |
| CVE-2026-7468 | HIGH | 7.3 | A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0 | Cross-platform | Vulnerability | 2026-04-30 | — |
| CVE-2026-7447 | MEDIUM | 6.3 | A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Th | Cross-platform | Remote Code Execution | 2026-04-30 | — |
| CVE-2018-25304 | HIGH | 8.4 | Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerabili | Cross-platform | Remote Code Execution | 2026-04-29 | — |
| CVE-2018-25303 | HIGH | 8.4 | Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulner | Cross-platform | Remote Code Execution | 2026-04-29 | — |
| CVE-2018-25302 | HIGH | 7.8 | Allok AVI to DVD SVCD VCD Converter 4.0.1217 contains a structured exception han | Cross-platform | Remote Code Execution | 2026-04-29 | — |
| CVE-2018-25301 | HIGH | 8.4 | Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) lo | Cross-platform | Remote Code Execution | 2026-04-29 | — |
No vulnerabilities match your filters. Reset filters