Latest Vulnerabilities
CVEs and Known Exploited Vulnerabilities tracked daily
Showing 408 of 408 vulnerabilities
| Severity | CVE ID | Title | CVSS | Date |
|---|---|---|---|---|
| HIGH | CVE-2026-15694 | Tenda BE12 Pro - Remote Code Execution via SetIpBind Function | 8.8 | 2026-07-16 |
| HIGH | CVE-2026-50666 | Windows Remote Access Connection Manager - Use After Free Vulnerability | 8.8 | 2026-07-16 |
| HIGH | CVE-2026-56181 | Windows Network Address Translation (NAT) - Origin Validation Error | 8.3 | 2026-07-16 |
| CRITICAL | CVE-2026-46817 | Oracle E-Business Suite - Improper Privilege Management Vulnerability | N/A | 2026-07-16 |
| CRITICAL | CVE-2023-4346 | KNX Protocol Connection Authorization Option 1 - Overly Restrictive Access | N/A | 2026-07-16 |
| HIGH | CVE-2026-15691 | Tenda BE12 Pro fromSafeClientFilter Security Flaw | 8.8 | 2026-07-15 |
| CRITICAL | CVE-2026-56155 | Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability | N/A | 2026-07-15 |
| CRITICAL | CVE-2026-56164 | Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability | N/A | 2026-07-15 |
| CRITICAL | CVE-2026-15409 | SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability | N/A | 2026-07-15 |
| CRITICAL | CVE-2026-15410 | SonicWall SMA1000 Appliances Code Injection Vulnerability | N/A | 2026-07-15 |
| HIGH | CVE-2026-61876 | LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML mar | 8.8 | 2026-07-14 |
| HIGH | CVE-2026-15548 | A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/ | 8.8 | 2026-07-14 |
| HIGH | CVE-2026-49970 | Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded fil | 8.8 | 2026-07-14 |
| HIGH | CVE-2026-49972 | Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading | 8.8 | 2026-07-14 |
| CRITICAL | CVE-2008-4128 | Cisco IOS - Cisco IOS Cross-Site Request Forgery Vulnerability | N/A | 2026-07-14 |
| HIGH | CVE-2026-1359 | WordPress Genolve – AI image/video generation plugin unauthorized data modification | 8.8 | 2026-07-13 |
| HIGH | CVE-2026-15480 | Trendnet TEW-635BRM Web Server Remote Code Execution | 8.8 | 2026-07-13 |
| HIGH | CVE-2026-15481 | Trendnet TEW-635BRM Web Server Remote Code Execution | 8.8 | 2026-07-13 |
| HIGH | CVE-2026-15483 | TRENDnet TEW-821DAP Remote Code Execution | 8.8 | 2026-07-13 |
| HIGH | CVE-2026-15484 | TRENDnet TEW-821DAP Remote Code Execution | 8.8 | 2026-07-13 |
| HIGH | CVE-2025-30007 | HestiaCP Authenticated OS Command Injection | 8.8 | 2026-07-12 |
| HIGH | CVE-2026-13756 | WP Grid Builder Plugin Privilege Escalation | 8.8 | 2026-07-12 |
| HIGH | CVE-2026-13353 | WP Ultimate CSV Importer Remote Code Execution | 8.8 | 2026-07-12 |
| HIGH | CVE-2026-14262 | Simple JWT Login Plugin Authentication Bypass to Privilege Escalation | 8.8 | 2026-07-12 |
| HIGH | CVE-2025-6784 | Code Engine Plugin Remote Code Execution | 8.8 | 2026-07-12 |
| HIGH | CVE-2025-30007 | HestiaCP Authenticated OS Command Injection Vulnerability | 8.8 | 2026-07-11 |
| HIGH | CVE-2026-13756 | WP Grid Builder Privilege Escalation Vulnerability | 8.8 | 2026-07-11 |
| HIGH | CVE-2026-13353 | WP Ultimate CSV Importer Remote Code Execution Vulnerability | 8.8 | 2026-07-11 |
| CRITICAL | CVE-2026-56291 | Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability | N/A | 2026-07-11 |
| CRITICAL | CVE-2026-48939 | iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability | N/A | 2026-07-11 |
| HIGH | CVE-2026-59257 | SQL Injection in n8n legacy MySQL v1 node | 8.8 | 2026-07-10 |
| HIGH | CVE-2026-58143 | Cross-Site Request Forgery in Cotonti Siena | 8.8 | 2026-07-10 |
| HIGH | CVE-2026-55999 | Heap buffer overflow in xorg-server and xwayland via PCX fonts | 8.5 | 2026-07-10 |
| HIGH | CVE-2026-56001 | Heap buffer overflow in libXfont2 BitmapScaleBitmaps | 8.5 | 2026-07-10 |
| HIGH | CVE-2026-56003 | Heap buffer overflow in libXfont2 PCF file parsing | 8.5 | 2026-07-10 |
| CRITICAL | CVE-2026-9181 | ArcGIS Server Directory Traversal Vulnerability | 9.8 | 2026-07-08 |
| HIGH | CVE-2026-14158 | WordPress Widget Logic Visual Plugin Remote Code Execution | 8.8 | 2026-07-08 |
| HIGH | CVE-2026-14489 | WordPress WHMCS Bridge Plugin Arbitrary File Upload | 8.8 | 2026-07-08 |
| HIGH | CVE-2026-59707 | LocalAI Unauthenticated Server-Side Request Forgery | 8.6 | 2026-07-08 |
| HIGH | CVE-2026-54765 | Traefik Kubernetes Gateway API Provider Hostname Resolution Bypass | 8.5 | 2026-07-08 |
| HIGH | CVE-2026-8377 | Missing Authorization in Armiya GKS Access Control System | 8.2 | 2026-07-07 |
| HIGH | CVE-2026-59712 | Leantime JSON-RPC API User Credential Disclosure | 8.1 | 2026-07-07 |
| HIGH | CVE-2026-59713 | Leantime OIDC Login CSRF Vulnerability | 8.1 | 2026-07-07 |
| HIGH | CVE-2026-9165 | Red Hat Advanced Cluster Security for Kubernetes GraphQL Query Depth Vulnerability | 7.7 | 2026-07-07 |
| HIGH | CVE-2026-5730 | Idvlabs Ontime Authorization Bypass | 7.5 | 2026-07-07 |
| HIGH | CVE-2026-14721 | Vulnerability in UTT HiPER 1250GW allows remote code execution | 8.8 | 2026-07-06 |
| HIGH | CVE-2026-14637 | Security vulnerability in kirilkirkov Ecommerce-CodeIgniter-Bootstrap | 8.2 | 2026-07-06 |
| HIGH | CVE-2026-14635 | Security flaw in kirilkirkov Ecommerce-CodeIgniter-Bootstrap | 7.3 | 2026-07-06 |
| HIGH | CVE-2026-14640 | Vulnerability in CodeAstro Apartment Visitor Management System | 7.3 | 2026-07-06 |
| HIGH | CVE-2026-14641 | Vulnerability in SourceCodester Class and Exam Timetabling System | 7.3 | 2026-07-06 |
| HIGH | CVE-2026-14459 | Argument Injection in TUBITAK BILGEM Software Technologies Research Institute | 8.8 | 2026-07-05 |
| HIGH | CVE-2026-14460 | Missing Authorization and Argument Injection in TUBITAK BILGEM Software Technologies Research Institute pardus-software | 8.8 | 2026-07-05 |
| HIGH | CVE-2026-56645 | Heap-based Buffer Overflow in Microsoft Edge (Chromium-based) | 8.8 | 2026-07-05 |
| HIGH | CVE-2026-57974 | Integer Overflow or Wraparound in Microsoft Edge (Chromium-based) | 8.8 | 2026-07-05 |
| HIGH | CVE-2026-57981 | Use After Free in Microsoft Edge (Chromium-based) | 8.8 | 2026-07-05 |
| CRITICAL | CVE-2026-54998 | Incorrect authorization in Microsoft Exchange Online | 8.8 | 2026-07-04 |
| CRITICAL | CVE-2026-59093 | Weaviate RBAC role assignment bypass | 8.8 | 2026-07-04 |
| CRITICAL | CVE-2026-14459 | TUBITAK BILGEM pardus-software argument injection | 8.8 | 2026-07-04 |
| CRITICAL | CVE-2026-14460 | TUBITAK BILGEM pardus-software missing authorization leading to argument injection | 8.8 | 2026-07-04 |
| CRITICAL | CVE-2026-56645 | Heap-based buffer overflow in Microsoft Edge (Chromium-based) | 8.8 | 2026-07-04 |
| HIGH | CVE-2026-59093 | Weaviate RBAC Role Assignment Vulnerability | 8.8 | 2026-07-03 |
| HIGH | CVE-2026-54998 | Microsoft Exchange Online Privilege Escalation | 8.8 | 2026-07-03 |
| HIGH | CVE-2026-46680 | containerd Container User Directive Vulnerability | 7.8 | 2026-07-03 |
| HIGH | CVE-2026-59095 | LobeChat Server-Side Request Forgery | 7.7 | 2026-07-03 |
| HIGH | CVE-2026-59092 | JuiceFS Authentication Bypass Vulnerability | 7.7 | 2026-07-03 |
| CRITICAL | CVE-2026-58116 | LLaMA-Factory Remote Code Execution Vulnerability | 9.8 | 2026-07-02 |
| HIGH | CVE-2026-13777 | Google Chrome on iOS Insufficient Validation of Untrusted Input | 8.8 | 2026-07-02 |
| HIGH | CVE-2026-13783 | Google Chrome Use After Free in Views | 8.8 | 2026-07-02 |
| HIGH | CVE-2026-50521 | Microsoft Edge (Chromium-based) Use After Free Vulnerability | 8.3 | 2026-07-02 |
| CRITICAL | CVE-2026-45659 | Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability | N/A | 2026-07-02 |
| HIGH | CVE-2026-13562 | Edimax EW-7478APC Remote Code Execution | 8.8 | 2026-07-01 |
| HIGH | CVE-2026-55607 | Claude Code Worktree Traversal Vulnerability | 8.8 | 2026-07-01 |
| HIGH | CVE-2026-13583 | Edimax EW-7478APC Remote Code Execution via formUSBFolder | 8.8 | 2026-07-01 |
| HIGH | CVE-2026-48307 | Adobe ColdFusion Reflected Cross-Site Scripting | 8.8 | 2026-07-01 |
| HIGH | CVE-2026-10129 | IBM Langflow OSS SSRF Protection Bypass | 8.5 | 2026-07-01 |
| HIGH | CVE-2026-13518 | Tenda JD12L AddressNat Function Vulnerability | 8.8 | 2026-06-30 |
| HIGH | CVE-2026-13562 | Edimax EW-7478APC iNICSiteSurvey Function Vulnerability | 8.8 | 2026-06-30 |
| HIGH | CVE-2026-40521 | FrontAccounting Path Traversal Vulnerability | 8.8 | 2026-06-30 |
| HIGH | CVE-2026-13583 | Edimax EW-7478APC USBFolder Function Vulnerability | 8.8 | 2026-06-30 |
| CRITICAL | CVE-2026-48558 | SimpleHelp Authentication Bypass Vulnerability | N/A | 2026-06-30 |
| CRITICAL | CVE-2026-13515 | Tenda JD12L formSetPPTPServer Function Remote Code Execution | 8.8 | 2026-06-29 |
| CRITICAL | CVE-2026-13516 | Tenda JD12L fromSetWifiGusetBasic Function Remote Code Execution | 8.8 | 2026-06-29 |
| CRITICAL | CVE-2026-13517 | Tenda JD12L formWifiBasicSet Function Remote Code Execution | 8.8 | 2026-06-29 |
| CRITICAL | CVE-2026-13518 | Tenda JD12L fromAddressNat Function Remote Code Execution | 8.8 | 2026-06-29 |
| CRITICAL | CVE-2026-13519 | Tenda JD12L fromNatStaticSetting Function Remote Code Execution | 8.8 | 2026-06-29 |
| CRITICAL | CVE-2026-45405 | Dokku git:from-archive and certs:add commands allow arbitrary file extraction | 9 | 2026-06-28 |
| CRITICAL | CVE-2026-45406 | Dokku openresty-vhosts plugin allows arbitrary file writes from git repository | 9 | 2026-06-28 |
| HIGH | CVE-2026-32833 | Cudy LT300 OS Command Injection | 8.8 | 2026-06-28 |
| HIGH | CVE-2026-58049 | FFmpeg RASC video decoder out-of-bounds read/write | 8.6 | 2026-06-28 |
| HIGH | CVE-2026-8095 | WordPress Frontend File Manager Plugin Authenticated Arbitrary File Deletion | 8.1 | 2026-06-28 |
| HIGH | CVE-2026-56766 | Hydra NTLM authentication stack buffer overflow | 8.8 | 2026-06-27 |
| HIGH | CVE-2026-56768 | Seahub unauthenticated share link access bypass | 8.8 | 2026-06-27 |
| HIGH | CVE-2026-56769 | Huly Platform authenticated server-side request forgery | 8.5 | 2026-06-27 |
| HIGH | CVE-2026-57235 | Nokogiri XML/HTML library out-of-bounds read | 8.2 | 2026-06-27 |
| HIGH | CVE-2026-55693 | Vim tree_count_words() function out-of-bounds write | 7.8 | 2026-06-27 |
| HIGH | CVE-2026-56232 | Capgo API Key Bypass of Access Constraints | 8.8 | 2026-06-26 |
| HIGH | CVE-2026-12244 | NSD Secondary Server Crash via Malicious AXFR | 8.8 | 2026-06-26 |
| HIGH | CVE-2026-56766 | Hydra NTLM Authentication Stack Buffer Overflow | 8.8 | 2026-06-26 |
| HIGH | CVE-2026-56768 | Seahub Share Link Authentication Bypass | 8.8 | 2026-06-26 |
| HIGH | CVE-2026-56769 | Huly Platform Authenticated Server-Side Request Forgery | 8.5 | 2026-06-26 |
| HIGH | CVE-2026-35018 | NetComm NF20MESH Routers Authenticated Remote Code Execution | 8.8 | 2026-06-24 |
| CRITICAL | CVE-2025-67038 | Lantronix EDS5000 Code Injection Vulnerability | N/A | 2026-06-24 |
| CRITICAL | CVE-2026-34910 | Ubiquiti UniFi OS Improper Input Validation Vulnerability | N/A | 2026-06-24 |
| CRITICAL | CVE-2026-34909 | Ubiquiti UniFi OS Path Traversal Vulnerability | N/A | 2026-06-24 |
| CRITICAL | CVE-2026-34908 | Ubiquiti UniFi OS Improper Access Control Vulnerability | N/A | 2026-06-24 |
| HIGH | CVE-2026-56340 | vLLM Missing Sparse Tensor Validation in Multimodal Embeddings Processing | 8.8 | 2026-06-22 |
| HIGH | CVE-2026-56396 | phpMyFAQ Missing Authorization in Admin Endpoints | 8.8 | 2026-06-22 |
| HIGH | CVE-2026-12806 | Edimax BR-6478AC V2 formWlSiteSurvey Function Vulnerability | 8.8 | 2026-06-22 |
| HIGH | CVE-2025-71348 | picklescan Malicious Pickle File Detection Bypass (torch.utils._config_module.load_config) | 8.1 | 2026-06-22 |
| HIGH | CVE-2025-71357 | picklescan Malicious Pickle File Detection Bypass (idlelib.pyshell.ModifiedInterpreter.runcommand) | 8.1 | 2026-06-22 |
| HIGH | CVE-2017-20252 | Joomla NextGen Editor SQL Injection Vulnerability | 8.2 | 2026-06-21 |
| HIGH | CVE-2017-20253 | Joomla! Component My Projects SQL Injection Vulnerability | 8.2 | 2026-06-21 |
| HIGH | CVE-2017-20254 | Joomla! Component User Bench SQL Injection Vulnerability | 8.2 | 2026-06-21 |
| HIGH | CVE-2017-20255 | Joomla! Component JB Visa SQL Injection Vulnerability | 8.2 | 2026-06-21 |
| HIGH | CVE-2017-20256 | Joomla Survey Force Deluxe SQL Injection Vulnerability | 8.2 | 2026-06-21 |
| CRITICAL | CVE-2026-20253 | Splunk Enterprise Missing Authentication for Critical Function Vulnerability | N/A | 2026-06-19 |
| HIGH | CVE-2016-20075 | WordPress Ultimate Product Catalog - Arbitrary File Upload Vulnerability | 8.8 | 2026-06-16 |
| HIGH | CVE-2026-12186 | GL.iNet GL-MT3000 - Remote Code Execution via replace_country function | 8.8 | 2026-06-16 |
| HIGH | CVE-2026-12187 | GL.iNet GL-MT3000 - Unspecified Vulnerability in /u file | 8.8 | 2026-06-16 |
| CRITICAL | CVE-2026-54420 | LiteSpeed cPanel Plugin - UNIX Symbolic Link (Symlink) Following Vulnerability | N/A | 2026-06-16 |
| CRITICAL | CVE-2026-20262 | Cisco Catalyst SD-WAN Manager - Directory or Path Traversal Vulnerability | N/A | 2026-06-16 |
| HIGH | CVE-2026-12174 | D-Link DCS-935L snprintf Buffer Overflow | 8.8 | 2026-06-15 |
| HIGH | CVE-2026-12186 | GL.iNet GL-MT3000 replace_country Weakness | 8.8 | 2026-06-15 |
| HIGH | CVE-2026-12187 | GL.iNet GL-MT3000 Unknown Function Vulnerability | 8.8 | 2026-06-15 |
| HIGH | CVE-2026-12192 | GALAYOU Y4 Web Server Buffer Overflow | 8.8 | 2026-06-15 |
| HIGH | CVE-2026-12218 | Yealink SIP-T46U StartReportInformation Vulnerability | 8 | 2026-06-15 |
| CRITICAL | CVE-2026-53821 | OpenClaw WebSocket Client-Declared Operator Scopes Vulnerability | 8.8 | 2026-06-14 |
| CRITICAL | CVE-2026-53822 | OpenClaw Command Injection Vulnerability | 8.8 | 2026-06-14 |
| CRITICAL | CVE-2026-53828 | OpenClaw Authorization Bypass in Native Command Handling | 8.8 | 2026-06-14 |
| CRITICAL | CVE-2026-53836 | OpenClaw PowerShell Encoded-Command Allowlist Bypass | 8.8 | 2026-06-14 |
| CRITICAL | CVE-2026-12174 | D-Link DCS-935L snprintf Buffer Overflow | 8.8 | 2026-06-14 |
| HIGH | CVE-2026-53806 | OpenClaw Shell Option Parsing Vulnerability | 8.8 | 2026-06-13 |
| HIGH | CVE-2026-53807 | OpenClaw Telegram Interactive Callbacks Authorization Bypass | 8.8 | 2026-06-13 |
| HIGH | CVE-2026-53810 | OpenClaw Marketplace Runtime Extension Code Execution Vulnerability | 8.8 | 2026-06-13 |
| HIGH | CVE-2026-53811 | OpenClaw Matrix allowFrom Privilege Escalation Vulnerability | 8.8 | 2026-06-13 |
| CRITICAL | CVE-2026-35273 | Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability | N/A | 2026-06-13 |
| HIGH | CVE-2026-49498 | Ghidra SQL Injection Vulnerability in PostgresFunctionDatabase | 8.8 | 2026-06-12 |
| HIGH | CVE-2026-52754 | Ghidra PKIAuthenticationModule Authentication Bypass | 8.8 | 2026-06-12 |
| HIGH | CVE-2026-20251 | Splunk Enterprise and Cloud Platform Vulnerability | 8.8 | 2026-06-12 |
| HIGH | CVE-2026-6893 | Dracut DHCP Remote Attacker Flaw | 8.8 | 2026-06-12 |
| CRITICAL | CVE-2026-10520 | Ivanti Sentry OS Command Injection Vulnerability | N/A | 2026-06-12 |
| HIGH | CVE-2026-46746 | Improper input sanitization in SINEC INS allows remote code execution. | 8.8 | 2026-06-11 |
| HIGH | CVE-2026-32193 | Path traversal in Microsoft Azure Kubernetes Service allows privilege escalation. | 8.8 | 2026-06-11 |
| HIGH | CVE-2026-40371 | Improper permissions in Microsoft Dynamics 365 (on-premises) allows privilege escalation. | 8.8 | 2026-06-11 |
| HIGH | CVE-2026-41031 | Stored Cross-Site Scripting in Vinna Process Monitor allows remote code execution. | 8.7 | 2026-06-11 |
| HIGH | CVE-2026-41098 | Cross-Site Scripting in Azure Stack Edge allows spoofing attacks. | 8.4 | 2026-06-11 |
| HIGH | CVE-2026-11503 | Tenda CX12L Router Remote Code Execution Vulnerability | 8.8 | 2026-06-10 |
| HIGH | CVE-2026-11504 | Tenda CX12L Router Remote Code Execution Vulnerability | 8.8 | 2026-06-10 |
| CRITICAL | CVE-2026-11645 | Google Chromium V8 Out-of-Bounds Read and Write Vulnerability | N/A | 2026-06-10 |
| CRITICAL | CVE-2026-7473 | Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability | N/A | 2026-06-10 |
| CRITICAL | CVE-2026-20245 | Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability | N/A | 2026-06-10 |
| HIGH | CVE-2026-11498 | Tenda HG7HG9 and HG10 Remote Code Execution Vulnerability | 8.8 | 2026-06-09 |
| HIGH | CVE-2026-11503 | Tenda CX12L Remote Code Execution Vulnerability | 8.8 | 2026-06-09 |
| HIGH | CVE-2026-11504 | Tenda CX12L Remote Code Execution Vulnerability | 8.8 | 2026-06-09 |
| CRITICAL | CVE-2026-42271 | BerriAI LiteLLM Command Injection Vulnerability | N/A | 2026-06-09 |
| CRITICAL | CVE-2026-50751 | Check Point Security Gateway Improper Authentication Vulnerability | N/A | 2026-06-09 |
| HIGH | CVE-2026-11413 | JingDong JD Cloud Box AX6600 set_macfilter Function Vulnerability | 8.8 | 2026-06-08 |
| HIGH | CVE-2026-11498 | Tenda HG7HG9 and HG10 asp_voip_OtherSet Function Vulnerability | 8.8 | 2026-06-08 |
| HIGH | CVE-2026-49494 | Comodo Internet Security Inspect.sys IPv6 Integer Underflow | 7.5 | 2026-06-08 |
| HIGH | CVE-2023-54350 | WordPress Augmented-Reality Plugin Remote Code Execution | 7.5 | 2026-06-08 |
| HIGH | CVE-2026-3238 | Samba WINS Server Active Directory Domain Controller Flaw | 7.5 | 2026-06-08 |
| HIGH | CVE-2026-49492 | Markdown Preview Enhanced: External File and Link Opening Vulnerability | 8.8 | 2026-06-07 |
| HIGH | CVE-2026-49493 | Markdown Preview Enhanced: Code Injection via Bitfield Fenced Code Blocks | 8.8 | 2026-06-07 |
| HIGH | CVE-2026-5411 | WP Captcha PRO (Advanced Google reCAPTCHA) Plugin: Arbitrary File Upload | 8.8 | 2026-06-07 |
| HIGH | CVE-2026-7654 | Admin Columns Plugin for WordPress: PHP Object Injection leading to RCE | 8.8 | 2026-06-07 |
| HIGH | CVE-2026-11413 | JingDong JD Cloud Box AX6600: Remote Code Execution via set_macfilter function | 8.8 | 2026-06-07 |
| HIGH | CVE-2026-5228 | Kurt Software Studio WriteUp Mobile App Improper Access Control | 8.8 | 2026-06-06 |
| HIGH | CVE-2026-10988 | Google Chrome Views Use After Free Vulnerability | 8.8 | 2026-06-06 |
| HIGH | CVE-2026-10989 | Google Chrome V8 Inappropriate Implementation Vulnerability | 8.8 | 2026-06-06 |
| HIGH | CVE-2026-10995 | Google Chrome TabStrip Heap Buffer Overflow Vulnerability | 8.8 | 2026-06-06 |
| CRITICAL | CVE-2026-28318 | SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability | N/A | 2026-06-06 |
| HIGH | CVE-2026-35083 | Remote attacker with user privileges can gain full system access as root via stack buffer overflow | 8.8 | 2026-06-05 |
| HIGH | CVE-2026-49190 | Unauthorized application installation due to insufficient permission evaluation in system opcodes | 8.8 | 2026-06-05 |
| HIGH | CVE-2026-49194 | Debugging routine allows direct interactive shell access, bypassing device login | 8.8 | 2026-06-05 |
| HIGH | CVE-2026-35082 | Remote attacker with user privileges can access arbitrary local files due to insufficient input validation | 8.8 | 2026-06-05 |
| HIGH | CVE-2026-20230 | Vulnerability in Cisco Unified Communications Manager and Session Management Edition | 8.6 | 2026-06-05 |
| HIGH | CVE-2026-30652 | Vivotek FD8136 Cameras Remote Buffer Overflow in /cgi-bin/dido/setdo.cgi | 8.8 | 2026-06-04 |
| HIGH | CVE-2026-1829 | WordPress Content Visibility for Divi Builder Plugin Remote Code Execution | 8.8 | 2026-06-04 |
| HIGH | CVE-2026-35082 | Arbitrary Local File Access via ugw-logread method with User Privileges | 8.8 | 2026-06-04 |
| HIGH | CVE-2026-35083 | Stack Buffer Overflow Leading to Root Access with User Privileges | 8.8 | 2026-06-04 |
| CRITICAL | CVE-2026-45247 | Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability | N/A | 2026-06-04 |
| HIGH | CVE-2026-10259 | H3C Magic B0 - Remote Code Execution Vulnerability | 8.8 | 2026-06-03 |
| HIGH | CVE-2026-10270 | D-Link DI-7001 MINI - Remote Code Execution Vulnerability | 8.8 | 2026-06-03 |
| HIGH | CVE-2026-7770 | IBM i Access Family - Remote Code Execution Vulnerability | 8.8 | 2026-06-03 |
| CRITICAL | CVE-2025-48595 | Android Framework - Android Framework Integer Overflow Vulnerability | N/A | 2026-06-03 |
| CRITICAL | CVE-2022-0492 | Linux Kernel - Linux Kernel Improper Authentication Vulnerability | N/A | 2026-06-03 |
| HIGH | CVE-2026-10179 | TRENDnet TEW-432BRP formSetWlanEncrypt Function Vulnerability | 8.8 | 2026-06-02 |
| HIGH | CVE-2026-10181 | TRENDnet TEW-432BRP formSysCmd Function Vulnerability | 8.8 | 2026-06-02 |
| HIGH | CVE-2026-10183 | TRENDnet TEW-432BRP formWlanSetup Function Vulnerability | 8.8 | 2026-06-02 |
| HIGH | CVE-2026-10188 | Tenda W12 cgistaKickOff Function Vulnerability | 8.8 | 2026-06-02 |
| CRITICAL | CVE-2024-21182 | Oracle WebLogic Server Unspecified Vulnerability | N/A | 2026-06-02 |
| HIGH | CVE-2026-10119 | TRENDnet TEW-432BRP 3.10B20 MAC Filter Vulnerability | 8.8 | 2026-06-01 |
| HIGH | CVE-2026-10120 | TRENDnet TEW-432BRP 3.10B20 Firewall Rule Vulnerability | 8.8 | 2026-06-01 |
| HIGH | CVE-2026-10121 | TRENDnet TEW-432BRP 3.10B20 URL Filter Vulnerability | 8.8 | 2026-06-01 |
| HIGH | CVE-2026-10122 | TRENDnet TEW-432BRP 3.10B20 Protocol Filter Vulnerability | 8.8 | 2026-06-01 |
| HIGH | CVE-2026-10123 | TRENDnet TEW-432BRP 3.10B20 Domain Filter Vulnerability | 8.8 | 2026-06-01 |
| HIGH | CVE-2026-10062 | TRENDnet TEW-432BRP formSetRoute Function Vulnerability | 8.8 | 2026-05-31 |
| HIGH | CVE-2026-10063 | TRENDnet TEW-432BRP formWPS Function Vulnerability | 8.8 | 2026-05-31 |
| HIGH | CVE-2018-25388 | HaPe PKH Arbitrary File Upload Vulnerability | 8.8 | 2026-05-31 |
| HIGH | CVE-2026-10066 | Shibby Tomato tomatoups.cgi Function Vulnerability | 8.8 | 2026-05-31 |
| HIGH | CVE-2026-10067 | Shibby Tomato multimon.cgi Stack-Based Buffer Overflow | 8.8 | 2026-05-31 |
| HIGH | CVE-2026-9227 | GutenBee – Gutenberg Blocks plugin for WordPress Arbitrary File Upload | 8.8 | 2026-05-30 |
| HIGH | CVE-2026-6226 | Frontend Admin by DynamiApps plugin for WordPress Unauthenticated Privilege Escalation | 8.8 | 2026-05-30 |
| HIGH | CVE-2026-10002 | Google Chrome PDFium Use-After-Free Vulnerability | 8.8 | 2026-05-30 |
| HIGH | CVE-2026-9887 | Google Chrome Proxy Use-After-Free Vulnerability | 8.8 | 2026-05-30 |
| CRITICAL | CVE-2026-0257 | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability | N/A | 2026-05-30 |
| HIGH | CVE-2026-5065 | IBM Controller Hard-Coded Credentials Vulnerability | 8.8 | 2026-05-29 |
| HIGH | CVE-2026-8179 | IBM Aspera High-Speed Transfer Privilege Escalation | 8.8 | 2026-05-29 |
| HIGH | CVE-2026-7802 | WordPress Frontend Admin Authorization Bypass | 8.8 | 2026-05-29 |
| HIGH | CVE-2026-9009 | WordPress Crawlomatic Plugin Remote Code Execution | 8.8 | 2026-05-29 |
| HIGH | CVE-2026-9227 | WordPress GutenBee Plugin Arbitrary File Upload | 8.8 | 2026-05-29 |
| HIGH | CVE-2026-46368 | luci-app-https-dns-proxy through 2025.12.29-5 | 8.8 | 2026-05-28 |
| HIGH | CVE-2026-44832 | Snipe-IT Privilege Escalation Vulnerability | 8.8 | 2026-05-28 |
| CRITICAL | CVE-2026-48027 | Nx Console - Nx Console Embedded Malicious Code Vulnerability | N/A | 2026-05-28 |
| CRITICAL | CVE-2026-45321 | TanStack - TanStack Unspecified Vulnerability | N/A | 2026-05-28 |
| CRITICAL | CVE-2026-8398 | Daemon Tools Lite - Daemon Tools Lite Embedded Malicious Code Vulnerability | N/A | 2026-05-28 |
| HIGH | CVE-2026-9442 | Edimax BR-6478AC formiNICSiteSurvey Function Vulnerability | 8.8 | 2026-05-27 |
| HIGH | CVE-2026-9443 | Edimax BR-6478AC formL2TPSetup Function Vulnerability | 8.8 | 2026-05-27 |
| HIGH | CVE-2026-9459 | Edimax EW-7438RPn formConnectionSetting Function Vulnerability | 8.8 | 2026-05-27 |
| HIGH | CVE-2026-9460 | Edimax EW-7438RPn formAccept Function Vulnerability | 8.8 | 2026-05-27 |
| CRITICAL | CVE-2026-48172 | LiteSpeed cPanel Plugin Privilege Escalation Vulnerability | N/A | 2026-05-27 |
| HIGH | CVE-2026-47114 | IINA User-Assisted Command Execution Vulnerability | 8.8 | 2026-05-23 |
| HIGH | CVE-2026-47101 | LiteLLM API Key Privilege Escalation | 8.8 | 2026-05-23 |
| HIGH | CVE-2026-47102 | LiteLLM User Role Modification Vulnerability | 8.8 | 2026-05-23 |
| HIGH | CVE-2026-9018 | Easy Elements for Elementor Privilege Escalation | 8.8 | 2026-05-23 |
| CRITICAL | CVE-2026-9082 | Drupal Core SQL Injection Vulnerability | N/A | 2026-05-23 |
| HIGH | CVE-2026-24425 | Twig sandbox bypass vulnerability | 8.8 | 2026-05-22 |
| HIGH | CVE-2026-47114 | IINA user-assisted command execution vulnerability | 8.8 | 2026-05-22 |
| HIGH | CVE-2026-47101 | LiteLLM API key creation with unauthorized access | 8.8 | 2026-05-22 |
| CRITICAL | CVE-2025-34291 | Langflow Langflow - Langflow Origin Validation Error Vulnerability | N/A | 2026-05-22 |
| CRITICAL | CVE-2026-34926 | Trend Micro Apex One - Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability | N/A | 2026-05-22 |
| HIGH | CVE-2026-7498 | Cross-site scripting vulnerability in Basamak Information Technology Consulting and Or | 8.8 | 2026-05-20 |
| HIGH | CVE-2026-6456 | Privilege Escalation in WordPress Account Switcher plugin | 8.8 | 2026-05-20 |
| HIGH | CVE-2026-7467 | Privilege Escalation in WordPress Read More & Accordion plugin | 8.8 | 2026-05-20 |
| HIGH | CVE-2026-7522 | Local File Inclusion in WordPress Advanced Database Cleaner – Premium plugin | 8.8 | 2026-05-20 |
| HIGH | CVE-2026-5200 | Missing Authorization in WordPress AcyMailing plugin | 8.8 | 2026-05-20 |
| HIGH | CVE-2026-45495 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 8.8 | 2026-05-19 |
| HIGH | CVE-2026-8775 | Edimax BR-6428NS formL2TPSetup Function Vulnerability | 8.8 | 2026-05-19 |
| HIGH | CVE-2026-8776 | Edimax BR-6428NS formPPTPSetup Function Vulnerability | 8.8 | 2026-05-19 |
| HIGH | CVE-2026-7498 | Basamak Information Technology Consulting and Or Cross-Site Scripting Vulnerability | 8.8 | 2026-05-19 |
| HIGH | CVE-2018-25322 | Allok Fast AVI MPEG Splitter Stack-Based Buffer Overflow | 8.4 | 2026-05-19 |
| HIGH | CVE-2020-37227 | HS Brand Logo Slider 2.1 Unrestricted File Upload | 8.8 | 2026-05-18 |
| HIGH | CVE-2021-47976 | TextPattern CMS 4.9.0-dev Remote Code Execution | 8.8 | 2026-05-18 |
| HIGH | CVE-2021-47979 | WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion | 8.8 | 2026-05-18 |
| HIGH | CVE-2026-8719 | AI Engine WordPress Plugin Privilege Escalation | 8.8 | 2026-05-18 |
| HIGH | CVE-2018-25322 | Allok Fast AVI MPEG Splitter 1.2 Stack-Based Buffer Overflow | 8.4 | 2026-05-18 |
| HIGH | CVE-2026-6228 | WordPress Frontend Admin Plugin Privilege Escalation | 8.8 | 2026-05-17 |
| HIGH | CVE-2021-47964 | Schlix CMS Remote Code Execution | 8.8 | 2026-05-17 |
| HIGH | CVE-2020-37227 | HS Brand Logo Slider Unrestricted File Upload | 8.8 | 2026-05-17 |
| HIGH | CVE-2021-47976 | TextPattern CMS Remote Code Execution | 8.8 | 2026-05-17 |
| HIGH | CVE-2021-47979 | WordPress Backup and Restore Plugin Arbitrary File Deletion | 8.8 | 2026-05-17 |
| CRITICAL | CVE-2026-42897 | Microsoft Exchange Server Cross-Site Scripting Vulnerability | N/A | 2026-05-16 |
| HIGH | CVE-2026-3425 | WordPress RTMKit Addons for Elementor Plugin Local File Inclusion | 8.8 | 2026-05-15 |
| HIGH | CVE-2026-32643 | BIG-IP and BIG-IQ Systems Privilege Escalation via Certificate Manager Role | 8.7 | 2026-05-15 |
| HIGH | CVE-2026-32673 | BIG-IP Scripted Monitors Privilege Escalation | 8.7 | 2026-05-15 |
| HIGH | CVE-2026-34176 | BIG-IP Appliance Mode Remote Command Injection | 8.7 | 2026-05-15 |
| CRITICAL | CVE-2026-20182 | Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability | N/A | 2026-05-15 |
| HIGH | CVE-2026-6001 | Authorization bypass in ABIS Technology Ltd. Co. BAPSİS allows exploitation of trusted identifiers. | 8.8 | 2026-05-14 |
| HIGH | CVE-2026-2465 | Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR- | 8.8 | 2026-05-14 |
| HIGH | CVE-2026-30810 | Server-Side Request Forgery in Pandora FMS allows Privilege Escalation via API Checker extension. | 8.8 | 2026-05-14 |
| HIGH | CVE-2026-31222 | Insecure deserialization vulnerability in snorkel library Trainer.load() method. | 8.8 | 2026-05-14 |
| HIGH | CVE-2026-31223 | Critical insecure deserialization vulnerability in snorkel library BaseLabeler.load() method. | 8.8 | 2026-05-14 |
| CRITICAL | CVE-2026-40636 | Dell ECS and ObjectScale Hard-Coded Credentials Vulnerability | 9.8 | 2026-05-13 |
| HIGH | CVE-2026-45006 | OpenClaw Improper Access Control in Gateway Tool | 8.8 | 2026-05-13 |
| HIGH | CVE-2026-7256 | Zyxel WRE6505 Command Injection Vulnerability | 8.8 | 2026-05-13 |
| HIGH | CVE-2026-6001 | ABIS Technology BAPSİS Authorization Bypass | 8.8 | 2026-05-13 |
| HIGH | CVE-2026-34963 | barebox EFI PE Loader Memory-Safety Vulnerabilities | 8.4 | 2026-05-13 |
| HIGH | CVE-2021-47935 | Sentry 8.2.0 Remote Code Execution | 8.8 | 2026-05-12 |
| HIGH | CVE-2021-47937 | e107 CMS 2.3.0 Remote Code Execution | 8.8 | 2026-05-12 |
| HIGH | CVE-2021-47938 | ImpressCMS 1.4.2 Remote Code Execution | 8.8 | 2026-05-12 |
| HIGH | CVE-2021-47939 | Evolution CMS 3.1.6 Remote Code Execution | 8.8 | 2026-05-12 |
| HIGH | CVE-2021-47943 | TextPattern CMS 4.8.7 Remote Code Execution | 8.8 | 2026-05-12 |
| HIGH | CVE-2026-8234 | EFM ipTIME A8004T 14.18.2 Vulnerability in formWifiBasicSet | 8.8 | 2026-05-11 |
| HIGH | CVE-2021-47935 | Sentry 8.2.0 Remote Code Execution Vulnerability | 8.8 | 2026-05-11 |
| HIGH | CVE-2021-47937 | e107 CMS 2.3.0 Remote Code Execution Vulnerability | 8.8 | 2026-05-11 |
| HIGH | CVE-2021-47938 | ImpressCMS 1.4.2 Remote Code Execution Vulnerability | 8.8 | 2026-05-11 |
| HIGH | CVE-2021-47939 | Evolution CMS 3.1.6 Remote Code Execution Vulnerability | 8.8 | 2026-05-11 |
| HIGH | CVE-2026-5127 | WordPress User Frontend Plugin Deserialization Vulnerability | 8.8 | 2026-05-10 |
| HIGH | CVE-2026-39816 | Apache NiFi Missing Restricted Annotation in TinkerpopClientService | 8.8 | 2026-05-10 |
| HIGH | CVE-2026-8234 | EFM ipTIME A8004T formWifiBasicSet Security Vulnerability | 8.8 | 2026-05-10 |
| HIGH | CVE-2022-50994 | DrayTek Vigor 2960 OS Command Injection | 8.1 | 2026-05-10 |
| HIGH | CVE-2026-7807 | SmarterTools SmarterMail Local File Inclusion | 8.1 | 2026-05-10 |
| CRITICAL | CVE-2026-42208 | BerriAI LiteLLM - SQL Injection Vulnerability | N/A | 2026-05-09 |
| HIGH | CVE-2026-20034 | Cisco Unity Connection Web-based Management Interface Arbitrary Code Execution | 8.8 | 2026-05-08 |
| HIGH | CVE-2026-41934 | Vvveb Authenticated Remote Code Execution in Admin Code Editor | 8.8 | 2026-05-08 |
| HIGH | CVE-2026-7927 | Google Chrome Type Confusion in Runtime Arbitrary Code Execution | 8.8 | 2026-05-08 |
| HIGH | CVE-2026-43584 | OpenClaw Insufficient Environment Variable Denylist Vulnerability | 8.8 | 2026-05-08 |
| CRITICAL | CVE-2026-6973 | Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability | N/A | 2026-05-08 |
| HIGH | CVE-2023-54345 | Frappe Framework ERPNext Sandbox Escape Vulnerability | 8.8 | 2026-05-07 |
| HIGH | CVE-2023-54348 | ERPGo SaaS CSV Injection Vulnerability | 8.8 | 2026-05-07 |
| HIGH | CVE-2026-42434 | OpenClaw Sandbox Escape Vulnerability | 8.8 | 2026-05-07 |
| HIGH | CVE-2026-42435 | OpenClaw Insufficient Shell-Wrapper Detection Vulnerability | 8.8 | 2026-05-07 |
| CRITICAL | CVE-2026-0300 | Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability | N/A | 2026-05-07 |
| HIGH | CVE-2026-2052 | Remote Code Execution in Widget Options WordPress Plugin | 8.8 | 2026-05-04 |
| HIGH | CVE-2026-7607 | Firmware Update Vulnerability in TRENDnet TEW-821DAP | 8.8 | 2026-05-04 |
| HIGH | CVE-2026-7489 | SQL Injection in Sunnet CTMS | 8.8 | 2026-05-04 |
| HIGH | CVE-2026-7674 | Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1 | 8.8 | 2026-05-04 |
| HIGH | CVE-2026-7675 | Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1 | 8.8 | 2026-05-04 |
| CRITICAL | CVE-2026-2052 | The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Executio | 8.8 | 2026-05-03 |
| CRITICAL | CVE-2026-7489 | CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, | 8.8 | 2026-05-03 |
| CRITICAL | CVE-2026-7641 | The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the | 8.8 | 2026-05-03 |
| CRITICAL | CVE-2026-7607 | A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udp | 8.8 | 2026-05-03 |
| HIGH | CVE-2026-7598 | A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. | 7.3 | 2026-05-03 |
| HIGH | CVE-2026-6389 | IBM Turbonomic prometurbo agent - Excessive Cluster-Wide Permissions | 8.8 | 2026-05-02 |
| HIGH | CVE-2026-6543 | IBM Langflow Desktop - Arbitrary Command Execution | 8.8 | 2026-05-02 |
| HIGH | CVE-2026-7551 | HKUDS OpenHarness - Remote Code Execution via /bridge Slash Command | 8.8 | 2026-05-02 |
| HIGH | CVE-2026-40912 | Traefik - High Severity Authentication Bypass | 8.2 | 2026-05-02 |
| CRITICAL | CVE-2026-31431 | Linux Kernel - Incorrect Resource Transfer Between Spheres Vulnerability | N/A | 2026-05-02 |
| HIGH | CVE-2026-34965 | Cockpit CMS - Authenticated remote code execution vulnerability | 8.8 | 2026-05-01 |
| HIGH | CVE-2026-7466 | AgentFlow - Arbitrary code execution vulnerability | 8.8 | 2026-05-01 |
| HIGH | CVE-2018-25308 | BuddyPress Xprofile Custom Fields Type - Remote code execution vulnerability | 8.8 | 2026-05-01 |
| HIGH | CVE-2026-6849 | TUBITAK BILGEM Software Technologies Research Institute Pardus - OS command injection vulnerability | 8.8 | 2026-05-01 |
| CRITICAL | CVE-2026-41940 | WebPros cPanel & WHM and WP2 (WordPress Squared) - Missing Authentication for Critical Function | N/A | 2026-05-01 |
| CRITICAL | CVE-2026-41404 | OpenClaw incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privileges | 8.8 | 2026-04-30 |
| CRITICAL | CVE-2026-42422 | OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. | 8.8 | 2026-04-30 |
| CRITICAL | CVE-2026-41378 | OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests. | 8.8 | 2026-04-30 |
| CRITICAL | CVE-2026-7288 | A vulnerability has been found in D-Link DIR-825M 1.1.12 affecting the function sub_4151FC of the file /boafrm/formVpnConfigSetup. | 8.8 | 2026-04-30 |
| CRITICAL | CVE-2026-7289 | A vulnerability was found in D-Link DIR-825M 1.1.12 affecting the function sub_414BA8 of the file /boafrm/formWanConfigSetup. | 8.8 | 2026-04-30 |
| HIGH | CVE-2026-6741 | LatePoint WordPress Plugin Privilege Escalation Vulnerability | 8.8 | 2026-04-29 |
| HIGH | CVE-2026-41463 | ProjeQtor ZipSlip Path Traversal Vulnerability | 8.8 | 2026-04-29 |
| HIGH | CVE-2026-7096 | Tenda HG3 2.0 formgponConf Function Vulnerability | 8.8 | 2026-04-29 |
| CRITICAL | CVE-2024-1708 | ConnectWise ScreenConnect Path Traversal Vulnerability | N/A | 2026-04-29 |
| CRITICAL | CVE-2026-32202 | Microsoft Windows Protection Mechanism Failure Vulnerability | N/A | 2026-04-29 |
| HIGH | CVE-2026-7068 | D-Link DIR-825 Router NMBD_process Remote Code Execution | 8.8 | 2026-04-28 |
| HIGH | CVE-2026-7029 | Tenda F456 Router addressNat Function Weakness | 8.8 | 2026-04-28 |
| HIGH | CVE-2026-7034 | Tenda FH1202 Router WrlExtraSet Function Vulnerability | 8.8 | 2026-04-28 |
| HIGH | CVE-2026-7053 | Tenda F456 Router HTTP Daemon L7Prot Flaw | 8.8 | 2026-04-28 |
| HIGH | CVE-2026-7057 | Tenda F456 Router HTTP Daemon setcfm Unknown Flaw | 8.8 | 2026-04-28 |
| HIGH | CVE-2026-6988 | Tenda HG10 Router Remote Code Execution | 8.8 | 2026-04-27 |
| HIGH | CVE-2026-7019 | Tenda F456 Router P2pListFilter Vulnerability | 8.8 | 2026-04-27 |
| HIGH | CVE-2026-7029 | Tenda F456 Router Address NAT Bypass | 8.8 | 2026-04-27 |
| HIGH | CVE-2026-7030 | Tenda F456 Router Static Route Manipulation | 8.8 | 2026-04-27 |
| HIGH | CVE-2026-7031 | Tenda F456 Router SafeMacFilter Bypass | 8.8 | 2026-04-27 |
| HIGH | CVE-2026-6988 | A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of th | 8.8 | 2026-04-26 |
| HIGH | CVE-2026-7019 | A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The ma | 8.8 | 2026-04-26 |
| HIGH | CVE-2026-6977 | A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask AP | 7.3 | 2026-04-26 |
| HIGH | CVE-2026-6980 | A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo_path of t | 7.3 | 2026-04-26 |
| HIGH | CVE-2026-6987 | A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher M | 7.3 | 2026-04-26 |
| CRITICAL | CVE-2025-29635 | D-Link DIR-823X Command Injection Vulnerability | N/A | 2026-04-25 |
| CRITICAL | CVE-2024-7399 | Samsung MagicINFO 9 Server Path Traversal Vulnerability | N/A | 2026-04-25 |
| CRITICAL | CVE-2024-57728 | SimpleHelp Path Traversal Vulnerability | N/A | 2026-04-25 |
| CRITICAL | CVE-2024-57726 | SimpleHelp Missing Authorization Vulnerability | N/A | 2026-04-25 |
| MEDIUM | N/A-0000-0000 | No Further Top Critical Vulnerabilities Identified | N/A | 2026-04-25 |
| CRITICAL | CVE-2026-6859 | InstructLab Remote Code Execution via Hardcoded Trust | 8.8 | 2026-04-24 |
| CRITICAL | CVE-2026-41349 | OpenClaw Agentic Consent Bypass Vulnerability | 8.8 | 2026-04-24 |
| CRITICAL | CVE-2026-41468 | Beghelli Sicuro24 AngularJS Sandbox Escape Vulnerability | 8.7 | 2026-04-24 |
| CRITICAL | CVE-2026-34413 | Xerte Online Toolkits Missing Authentication Vulnerability | 8.6 | 2026-04-24 |
| CRITICAL | CVE-2026-39987 | Marimo Remote Code Execution Vulnerability | N/A | 2026-04-24 |
| HIGH | CVE-2026-6859 | InstructLab - Remote Code Execution via Hardcoded Trust | 8.8 | 2026-04-23 |
| HIGH | CVE-2026-41468 | Beghelli Sicuro24 SicuroWeb - AngularJS Sandbox Escape leading to RCE | 8.7 | 2026-04-23 |
| HIGH | CVE-2026-34413 | Xerte Online Toolkits - Missing Authentication in elFinder Connector | 8.6 | 2026-04-23 |
| HIGH | CVE-2026-41455 | WeKan - Server-Side Request Forgery via Webhook Integration | 8.5 | 2026-04-23 |
| CRITICAL | CVE-2026-33825 | Microsoft Defender - Insufficient Granularity of Access Control Vulnerability | N/A | 2026-04-23 |
| HIGH | CVE-2026-6249 | Vvveb CMS Remote Code Execution via Media Upload | 8.8 | 2026-04-22 |
| HIGH | CVE-2026-5967 | ThreatSonar Anti-Ransomware Privilege Escalation | 8.8 | 2026-04-22 |
| HIGH | CVE-2026-34427 | Vvveb Admin User Profile Privilege Escalation | 8.8 | 2026-04-22 |
| HIGH | CVE-2026-41445 | KissFFT Integer Overflow in kiss_fftndr_alloc() | 8.8 | 2026-04-22 |
| HIGH | CVE-2026-34291 | Oracle HTTP Server Core Vulnerability | 8.7 | 2026-04-22 |
| CRITICAL | CVE-2026-20122 | Cisco Catalyst SD-WAN Manger - Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability | N/A | 2026-04-21 |
| CRITICAL | CVE-2026-20133 | Cisco Catalyst SD-WAN Manager - Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability | N/A | 2026-04-21 |
| CRITICAL | CVE-2025-2749 | Kentico Kentico Xperience - Kentico Xperience Path Traversal Vulnerability | N/A | 2026-04-21 |
| CRITICAL | CVE-2023-27351 | PaperCut NG/MF - PaperCut NG/MF Improper Authentication Vulnerability | N/A | 2026-04-21 |
| CRITICAL | CVE-2025-48700 | Synacor Zimbra Collaboration Suite (ZCS) - Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability | N/A | 2026-04-21 |
| CRITICAL | CVE-2026-6518 | CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and Remote Code Execution | 8.8 | 2026-04-19 |
| CRITICAL | CVE-2026-3464 | WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion | 8.8 | 2026-04-19 |
| HIGH | CVE-2026-40516 | OpenHarness: Server-Side Request Forgery (SSRF) | 8.3 | 2026-04-19 |
| HIGH | CVE-2026-40527 | radare2: Command Injection via Crafted ELF Binaries | 7.8 | 2026-04-19 |
| HIGH | CVE-2026-6507 | dnsmasq: Out-of-Bounds Write via Specially Crafted BOOTREPLY | 7.5 | 2026-04-19 |
| CRITICAL | CVE-2026-6518 | CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and RCE | 8.8 | 2026-04-18 |
| CRITICAL | CVE-2026-1620 | Livemesh Addons for Elementor plugin for WordPress: Local File Inclusion | 8.8 | 2026-04-18 |
| CRITICAL | CVE-2025-14868 | Career Section plugin for WordPress: CSRF leading to Path Traversal and Arbitrary File Deletion | 8.8 | 2026-04-18 |
| CRITICAL | CVE-2026-3464 | WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion | 8.8 | 2026-04-18 |
| HIGH | CVE-2026-6507 | dnsmasq: Remote Out-of-bounds Write via BOOTREPLY | 7.5 | 2026-04-18 |
| HIGH | CVE-2026-40502 | OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive a | 8.8 | 2026-04-17 |
| HIGH | CVE-2026-6348 | WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrar | 8.8 | 2026-04-17 |
| HIGH | CVE-2023-3634 | In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which co | 8.8 | 2026-04-17 |
| HIGH | CVE-2026-5617 | The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_re | 8.8 | 2026-04-17 |
| CRITICAL | CVE-2026-34197 | Apache ActiveMQ - Apache ActiveMQ Improper Input Validation Vulnerability | N/A | 2026-04-17 |
| HIGH | CVE-2026-25654 | Siemens SINEC NMS Authorization Bypass | 8.8 | 2026-04-15 |
| HIGH | CVE-2026-27668 | Siemens RUGGEDCOM CROSSBOW SAM-P Privilege Escalation | 8.8 | 2026-04-15 |
| HIGH | CVE-2026-40040 | Pachno Unrestricted File Upload Vulnerability | 8.8 | 2026-04-15 |
| CRITICAL | CVE-2009-0238 | Microsoft Office Remote Code Execution | N/A | 2026-04-15 |
| CRITICAL | CVE-2026-32201 | Microsoft SharePoint Server Improper Input Validation | N/A | 2026-04-15 |
| CRITICAL | CVE-2025-60710 | Microsoft Windows - Microsoft Windows Link Following Vulnerability | N/A | 2026-04-14 |
| CRITICAL | CVE-2023-36424 | Microsoft Windows - Microsoft Windows Out-of-Bounds Read Vulnerability | N/A | 2026-04-14 |
| CRITICAL | CVE-2023-21529 | Microsoft Exchange Server - Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability | N/A | 2026-04-14 |
| CRITICAL | CVE-2026-21643 | Fortinet FortiClient EMS - Fortinet SQL Injection Vulnerability | N/A | 2026-04-14 |
| CRITICAL | CVE-2026-34621 | Adobe Acrobat and Reader - Adobe Acrobat and Reader Prototype Pollution Vulnerability | N/A | 2026-04-14 |
| CRITICAL | CVE-2026-6120 | Tenda F451 Router fromDhcpListClient Vulnerability | 8.8 | 2026-04-13 |
| CRITICAL | CVE-2026-6121 | Tenda F451 Router WrlclientSet Vulnerability | 8.8 | 2026-04-13 |
| CRITICAL | CVE-2026-6122 | Tenda F451 Router L7 Protocol Form Vulnerability | 8.8 | 2026-04-13 |
| CRITICAL | CVE-2026-6123 | Tenda F451 Router Address NAT Vulnerability | 8.8 | 2026-04-13 |
| CRITICAL | CVE-2026-6124 | Tenda F451 Router Safe MAC Filter Vulnerability | 8.8 | 2026-04-13 |
| CRITICAL | CVE-2026-5144 | BuddyPress Groupblog plugin for WordPress Privilege Escalation | 8.8 | 2026-04-12 |
| CRITICAL | CVE-2026-35643 | OpenClaw Unvalidated WebView JavascriptInterface Arbitrary Instruction Injection | 8.8 | 2026-04-12 |
| CRITICAL | CVE-2026-6120 | Tenda F451 Router Remote Code Execution Vulnerability | 8.8 | 2026-04-12 |
| CRITICAL | CVE-2026-35663 | OpenClaw Privilege Escalation for Non-Admin Operators | 8.8 | 2026-04-12 |
| CRITICAL | CVE-2026-34621 | Adobe Acrobat Reader Improperly Controlled Modification of Object Prototype Attributes | 8.6 | 2026-04-12 |
| HIGH | CVE-2026-35638 | OpenClaw Control UI Unauthenticated Privilege Escalation | 8.8 | 2026-04-11 |
| HIGH | CVE-2026-39911 | Hashgraph Guardian Unsandboxed JavaScript Execution | 8.8 | 2026-04-11 |
| HIGH | CVE-2026-33785 | Juniper Junos OS MX Series Missing Authorization Privilege Escalation | 8.8 | 2026-04-11 |
| HIGH | CVE-2025-13914 | Juniper Apstra SSH Key Exchange Without Entity Authentication | 8.7 | 2026-04-11 |
| HIGH | CVE-2023-54359 | WordPress adivaha Travel Plugin Time-Based Blind SQL Injection | 8.2 | 2026-04-11 |
| CRITICAL | CVE-2026-3243 | WordPress Advanced Members for ACF Plugin Arbitrary File Deletion | 8.8 | 2026-04-10 |
| CRITICAL | CVE-2026-4326 | WordPress Vertex Addons for Elementor Plugin Missing Authorization | 8.8 | 2026-04-10 |
| CRITICAL | CVE-2026-5815 | D-Link DIR-645 Router Remote Code Execution Vulnerability | 8.8 | 2026-04-10 |
| CRITICAL | CVE-2026-5830 | Tenda AC15 Router Remote Code Execution Vulnerability | 8.8 | 2026-04-10 |
| HIGH | CVE-2026-5436 | WordPress MW WP Form Plugin Arbitrary File Move/Read | 8.1 | 2026-04-10 |
CVE-2026-15694
Tenda BE12 Pro - Remote Code Execution via SetIpBind Function
CVE-2026-50666
Windows Remote Access Connection Manager - Use After Free Vulnerability
CVE-2026-56181
Windows Network Address Translation (NAT) - Origin Validation Error
CVE-2026-46817
Oracle E-Business Suite - Improper Privilege Management Vulnerability
CVE-2023-4346
KNX Protocol Connection Authorization Option 1 - Overly Restrictive Access
CVE-2026-15691
Tenda BE12 Pro fromSafeClientFilter Security Flaw
CVE-2026-56155
Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
CVE-2026-56164
Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
CVE-2026-15409
SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
CVE-2026-15410
SonicWall SMA1000 Appliances Code Injection Vulnerability
CVE-2026-61876
LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML mar
CVE-2026-15548
A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub_407220 of the file /usr/sbin/
CVE-2026-49970
Laravel-Mediable before 7.0.0 contains a path traversal vulnerability in the File::sanitizePath() function that allows attackers to write uploaded fil
CVE-2026-49972
Laravel-Mediable before 7.0.0 contains a file upload vulnerability that allows unauthenticated attackers to achieve remote code execution by uploading
CVE-2008-4128
Cisco IOS - Cisco IOS Cross-Site Request Forgery Vulnerability
CVE-2026-1359
WordPress Genolve – AI image/video generation plugin unauthorized data modification
CVE-2026-15480
Trendnet TEW-635BRM Web Server Remote Code Execution
CVE-2026-15481
Trendnet TEW-635BRM Web Server Remote Code Execution
CVE-2026-15483
TRENDnet TEW-821DAP Remote Code Execution
CVE-2026-15484
TRENDnet TEW-821DAP Remote Code Execution
CVE-2025-30007
HestiaCP Authenticated OS Command Injection
CVE-2026-13756
WP Grid Builder Plugin Privilege Escalation
CVE-2026-13353
WP Ultimate CSV Importer Remote Code Execution
CVE-2026-14262
Simple JWT Login Plugin Authentication Bypass to Privilege Escalation
CVE-2025-6784
Code Engine Plugin Remote Code Execution
CVE-2025-30007
HestiaCP Authenticated OS Command Injection Vulnerability
CVE-2026-13756
WP Grid Builder Privilege Escalation Vulnerability
CVE-2026-13353
WP Ultimate CSV Importer Remote Code Execution Vulnerability
CVE-2026-56291
Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2026-48939
iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
CVE-2026-59257
SQL Injection in n8n legacy MySQL v1 node
CVE-2026-58143
Cross-Site Request Forgery in Cotonti Siena
CVE-2026-55999
Heap buffer overflow in xorg-server and xwayland via PCX fonts
CVE-2026-56001
Heap buffer overflow in libXfont2 BitmapScaleBitmaps
CVE-2026-56003
Heap buffer overflow in libXfont2 PCF file parsing
CVE-2026-9181
ArcGIS Server Directory Traversal Vulnerability
CVE-2026-14158
WordPress Widget Logic Visual Plugin Remote Code Execution
CVE-2026-14489
WordPress WHMCS Bridge Plugin Arbitrary File Upload
CVE-2026-59707
LocalAI Unauthenticated Server-Side Request Forgery
CVE-2026-54765
Traefik Kubernetes Gateway API Provider Hostname Resolution Bypass
CVE-2026-8377
Missing Authorization in Armiya GKS Access Control System
CVE-2026-59712
Leantime JSON-RPC API User Credential Disclosure
CVE-2026-59713
Leantime OIDC Login CSRF Vulnerability
CVE-2026-9165
Red Hat Advanced Cluster Security for Kubernetes GraphQL Query Depth Vulnerability
CVE-2026-5730
Idvlabs Ontime Authorization Bypass
CVE-2026-14721
Vulnerability in UTT HiPER 1250GW allows remote code execution
CVE-2026-14637
Security vulnerability in kirilkirkov Ecommerce-CodeIgniter-Bootstrap
CVE-2026-14635
Security flaw in kirilkirkov Ecommerce-CodeIgniter-Bootstrap
CVE-2026-14640
Vulnerability in CodeAstro Apartment Visitor Management System
CVE-2026-14641
Vulnerability in SourceCodester Class and Exam Timetabling System
CVE-2026-14459
Argument Injection in TUBITAK BILGEM Software Technologies Research Institute
CVE-2026-14460
Missing Authorization and Argument Injection in TUBITAK BILGEM Software Technologies Research Institute pardus-software
CVE-2026-56645
Heap-based Buffer Overflow in Microsoft Edge (Chromium-based)
CVE-2026-57974
Integer Overflow or Wraparound in Microsoft Edge (Chromium-based)
CVE-2026-57981
Use After Free in Microsoft Edge (Chromium-based)
CVE-2026-54998
Incorrect authorization in Microsoft Exchange Online
CVE-2026-59093
Weaviate RBAC role assignment bypass
CVE-2026-14459
TUBITAK BILGEM pardus-software argument injection
CVE-2026-14460
TUBITAK BILGEM pardus-software missing authorization leading to argument injection
CVE-2026-56645
Heap-based buffer overflow in Microsoft Edge (Chromium-based)
CVE-2026-59093
Weaviate RBAC Role Assignment Vulnerability
CVE-2026-54998
Microsoft Exchange Online Privilege Escalation
CVE-2026-46680
containerd Container User Directive Vulnerability
CVE-2026-59095
LobeChat Server-Side Request Forgery
CVE-2026-59092
JuiceFS Authentication Bypass Vulnerability
CVE-2026-58116
LLaMA-Factory Remote Code Execution Vulnerability
CVE-2026-13777
Google Chrome on iOS Insufficient Validation of Untrusted Input
CVE-2026-13783
Google Chrome Use After Free in Views
CVE-2026-50521
Microsoft Edge (Chromium-based) Use After Free Vulnerability
CVE-2026-45659
Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
CVE-2026-13562
Edimax EW-7478APC Remote Code Execution
CVE-2026-55607
Claude Code Worktree Traversal Vulnerability
CVE-2026-13583
Edimax EW-7478APC Remote Code Execution via formUSBFolder
CVE-2026-48307
Adobe ColdFusion Reflected Cross-Site Scripting
CVE-2026-10129
IBM Langflow OSS SSRF Protection Bypass
CVE-2026-13518
Tenda JD12L AddressNat Function Vulnerability
CVE-2026-13562
Edimax EW-7478APC iNICSiteSurvey Function Vulnerability
CVE-2026-40521
FrontAccounting Path Traversal Vulnerability
CVE-2026-13583
Edimax EW-7478APC USBFolder Function Vulnerability
CVE-2026-48558
SimpleHelp Authentication Bypass Vulnerability
CVE-2026-13515
Tenda JD12L formSetPPTPServer Function Remote Code Execution
CVE-2026-13516
Tenda JD12L fromSetWifiGusetBasic Function Remote Code Execution
CVE-2026-13517
Tenda JD12L formWifiBasicSet Function Remote Code Execution
CVE-2026-13518
Tenda JD12L fromAddressNat Function Remote Code Execution
CVE-2026-13519
Tenda JD12L fromNatStaticSetting Function Remote Code Execution
CVE-2026-45405
Dokku git:from-archive and certs:add commands allow arbitrary file extraction
CVE-2026-45406
Dokku openresty-vhosts plugin allows arbitrary file writes from git repository
CVE-2026-32833
Cudy LT300 OS Command Injection
CVE-2026-58049
FFmpeg RASC video decoder out-of-bounds read/write
CVE-2026-8095
WordPress Frontend File Manager Plugin Authenticated Arbitrary File Deletion
CVE-2026-56766
Hydra NTLM authentication stack buffer overflow
CVE-2026-56768
Seahub unauthenticated share link access bypass
CVE-2026-56769
Huly Platform authenticated server-side request forgery
CVE-2026-57235
Nokogiri XML/HTML library out-of-bounds read
CVE-2026-55693
Vim tree_count_words() function out-of-bounds write
CVE-2026-56232
Capgo API Key Bypass of Access Constraints
CVE-2026-12244
NSD Secondary Server Crash via Malicious AXFR
CVE-2026-56766
Hydra NTLM Authentication Stack Buffer Overflow
CVE-2026-56768
Seahub Share Link Authentication Bypass
CVE-2026-56769
Huly Platform Authenticated Server-Side Request Forgery
CVE-2026-35018
NetComm NF20MESH Routers Authenticated Remote Code Execution
CVE-2025-67038
Lantronix EDS5000 Code Injection Vulnerability
CVE-2026-34910
Ubiquiti UniFi OS Improper Input Validation Vulnerability
CVE-2026-34909
Ubiquiti UniFi OS Path Traversal Vulnerability
CVE-2026-34908
Ubiquiti UniFi OS Improper Access Control Vulnerability
CVE-2026-56340
vLLM Missing Sparse Tensor Validation in Multimodal Embeddings Processing
CVE-2026-56396
phpMyFAQ Missing Authorization in Admin Endpoints
CVE-2026-12806
Edimax BR-6478AC V2 formWlSiteSurvey Function Vulnerability
CVE-2025-71348
picklescan Malicious Pickle File Detection Bypass (torch.utils._config_module.load_config)
CVE-2025-71357
picklescan Malicious Pickle File Detection Bypass (idlelib.pyshell.ModifiedInterpreter.runcommand)
CVE-2017-20252
Joomla NextGen Editor SQL Injection Vulnerability
CVE-2017-20253
Joomla! Component My Projects SQL Injection Vulnerability
CVE-2017-20254
Joomla! Component User Bench SQL Injection Vulnerability
CVE-2017-20255
Joomla! Component JB Visa SQL Injection Vulnerability
CVE-2017-20256
Joomla Survey Force Deluxe SQL Injection Vulnerability
CVE-2026-20253
Splunk Enterprise Missing Authentication for Critical Function Vulnerability
CVE-2016-20075
WordPress Ultimate Product Catalog - Arbitrary File Upload Vulnerability
CVE-2026-12186
GL.iNet GL-MT3000 - Remote Code Execution via replace_country function
CVE-2026-12187
GL.iNet GL-MT3000 - Unspecified Vulnerability in /u file
CVE-2026-54420
LiteSpeed cPanel Plugin - UNIX Symbolic Link (Symlink) Following Vulnerability
CVE-2026-20262
Cisco Catalyst SD-WAN Manager - Directory or Path Traversal Vulnerability
CVE-2026-12174
D-Link DCS-935L snprintf Buffer Overflow
CVE-2026-12186
GL.iNet GL-MT3000 replace_country Weakness
CVE-2026-12187
GL.iNet GL-MT3000 Unknown Function Vulnerability
CVE-2026-12192
GALAYOU Y4 Web Server Buffer Overflow
CVE-2026-12218
Yealink SIP-T46U StartReportInformation Vulnerability
CVE-2026-53821
OpenClaw WebSocket Client-Declared Operator Scopes Vulnerability
CVE-2026-53822
OpenClaw Command Injection Vulnerability
CVE-2026-53828
OpenClaw Authorization Bypass in Native Command Handling
CVE-2026-53836
OpenClaw PowerShell Encoded-Command Allowlist Bypass
CVE-2026-12174
D-Link DCS-935L snprintf Buffer Overflow
CVE-2026-53806
OpenClaw Shell Option Parsing Vulnerability
CVE-2026-53807
OpenClaw Telegram Interactive Callbacks Authorization Bypass
CVE-2026-53810
OpenClaw Marketplace Runtime Extension Code Execution Vulnerability
CVE-2026-53811
OpenClaw Matrix allowFrom Privilege Escalation Vulnerability
CVE-2026-35273
Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
CVE-2026-49498
Ghidra SQL Injection Vulnerability in PostgresFunctionDatabase
CVE-2026-52754
Ghidra PKIAuthenticationModule Authentication Bypass
CVE-2026-20251
Splunk Enterprise and Cloud Platform Vulnerability
CVE-2026-6893
Dracut DHCP Remote Attacker Flaw
CVE-2026-10520
Ivanti Sentry OS Command Injection Vulnerability
CVE-2026-46746
Improper input sanitization in SINEC INS allows remote code execution.
CVE-2026-32193
Path traversal in Microsoft Azure Kubernetes Service allows privilege escalation.
CVE-2026-40371
Improper permissions in Microsoft Dynamics 365 (on-premises) allows privilege escalation.
CVE-2026-41031
Stored Cross-Site Scripting in Vinna Process Monitor allows remote code execution.
CVE-2026-41098
Cross-Site Scripting in Azure Stack Edge allows spoofing attacks.
CVE-2026-11503
Tenda CX12L Router Remote Code Execution Vulnerability
CVE-2026-11504
Tenda CX12L Router Remote Code Execution Vulnerability
CVE-2026-11645
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
CVE-2026-7473
Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
CVE-2026-20245
Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
CVE-2026-11498
Tenda HG7HG9 and HG10 Remote Code Execution Vulnerability
CVE-2026-11503
Tenda CX12L Remote Code Execution Vulnerability
CVE-2026-11504
Tenda CX12L Remote Code Execution Vulnerability
CVE-2026-42271
BerriAI LiteLLM Command Injection Vulnerability
CVE-2026-50751
Check Point Security Gateway Improper Authentication Vulnerability
CVE-2026-11413
JingDong JD Cloud Box AX6600 set_macfilter Function Vulnerability
CVE-2026-11498
Tenda HG7HG9 and HG10 asp_voip_OtherSet Function Vulnerability
CVE-2026-49494
Comodo Internet Security Inspect.sys IPv6 Integer Underflow
CVE-2023-54350
WordPress Augmented-Reality Plugin Remote Code Execution
CVE-2026-3238
Samba WINS Server Active Directory Domain Controller Flaw
CVE-2026-49492
Markdown Preview Enhanced: External File and Link Opening Vulnerability
CVE-2026-49493
Markdown Preview Enhanced: Code Injection via Bitfield Fenced Code Blocks
CVE-2026-5411
WP Captcha PRO (Advanced Google reCAPTCHA) Plugin: Arbitrary File Upload
CVE-2026-7654
Admin Columns Plugin for WordPress: PHP Object Injection leading to RCE
CVE-2026-11413
JingDong JD Cloud Box AX6600: Remote Code Execution via set_macfilter function
CVE-2026-5228
Kurt Software Studio WriteUp Mobile App Improper Access Control
CVE-2026-10988
Google Chrome Views Use After Free Vulnerability
CVE-2026-10989
Google Chrome V8 Inappropriate Implementation Vulnerability
CVE-2026-10995
Google Chrome TabStrip Heap Buffer Overflow Vulnerability
CVE-2026-28318
SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability
CVE-2026-35083
Remote attacker with user privileges can gain full system access as root via stack buffer overflow
CVE-2026-49190
Unauthorized application installation due to insufficient permission evaluation in system opcodes
CVE-2026-49194
Debugging routine allows direct interactive shell access, bypassing device login
CVE-2026-35082
Remote attacker with user privileges can access arbitrary local files due to insufficient input validation
CVE-2026-20230
Vulnerability in Cisco Unified Communications Manager and Session Management Edition
CVE-2026-30652
Vivotek FD8136 Cameras Remote Buffer Overflow in /cgi-bin/dido/setdo.cgi
CVE-2026-1829
WordPress Content Visibility for Divi Builder Plugin Remote Code Execution
CVE-2026-35082
Arbitrary Local File Access via ugw-logread method with User Privileges
CVE-2026-35083
Stack Buffer Overflow Leading to Root Access with User Privileges
CVE-2026-45247
Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability
CVE-2026-10259
H3C Magic B0 - Remote Code Execution Vulnerability
CVE-2026-10270
D-Link DI-7001 MINI - Remote Code Execution Vulnerability
CVE-2026-7770
IBM i Access Family - Remote Code Execution Vulnerability
CVE-2025-48595
Android Framework - Android Framework Integer Overflow Vulnerability
CVE-2022-0492
Linux Kernel - Linux Kernel Improper Authentication Vulnerability
CVE-2026-10179
TRENDnet TEW-432BRP formSetWlanEncrypt Function Vulnerability
CVE-2026-10181
TRENDnet TEW-432BRP formSysCmd Function Vulnerability
CVE-2026-10183
TRENDnet TEW-432BRP formWlanSetup Function Vulnerability
CVE-2026-10188
Tenda W12 cgistaKickOff Function Vulnerability
CVE-2024-21182
Oracle WebLogic Server Unspecified Vulnerability
CVE-2026-10119
TRENDnet TEW-432BRP 3.10B20 MAC Filter Vulnerability
CVE-2026-10120
TRENDnet TEW-432BRP 3.10B20 Firewall Rule Vulnerability
CVE-2026-10121
TRENDnet TEW-432BRP 3.10B20 URL Filter Vulnerability
CVE-2026-10122
TRENDnet TEW-432BRP 3.10B20 Protocol Filter Vulnerability
CVE-2026-10123
TRENDnet TEW-432BRP 3.10B20 Domain Filter Vulnerability
CVE-2026-10062
TRENDnet TEW-432BRP formSetRoute Function Vulnerability
CVE-2026-10063
TRENDnet TEW-432BRP formWPS Function Vulnerability
CVE-2018-25388
HaPe PKH Arbitrary File Upload Vulnerability
CVE-2026-10066
Shibby Tomato tomatoups.cgi Function Vulnerability
CVE-2026-10067
Shibby Tomato multimon.cgi Stack-Based Buffer Overflow
CVE-2026-9227
GutenBee – Gutenberg Blocks plugin for WordPress Arbitrary File Upload
CVE-2026-6226
Frontend Admin by DynamiApps plugin for WordPress Unauthenticated Privilege Escalation
CVE-2026-10002
Google Chrome PDFium Use-After-Free Vulnerability
CVE-2026-9887
Google Chrome Proxy Use-After-Free Vulnerability
CVE-2026-0257
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
CVE-2026-5065
IBM Controller Hard-Coded Credentials Vulnerability
CVE-2026-8179
IBM Aspera High-Speed Transfer Privilege Escalation
CVE-2026-7802
WordPress Frontend Admin Authorization Bypass
CVE-2026-9009
WordPress Crawlomatic Plugin Remote Code Execution
CVE-2026-9227
WordPress GutenBee Plugin Arbitrary File Upload
CVE-2026-46368
luci-app-https-dns-proxy through 2025.12.29-5
CVE-2026-44832
Snipe-IT Privilege Escalation Vulnerability
CVE-2026-48027
Nx Console - Nx Console Embedded Malicious Code Vulnerability
CVE-2026-45321
TanStack - TanStack Unspecified Vulnerability
CVE-2026-8398
Daemon Tools Lite - Daemon Tools Lite Embedded Malicious Code Vulnerability
CVE-2026-9442
Edimax BR-6478AC formiNICSiteSurvey Function Vulnerability
CVE-2026-9443
Edimax BR-6478AC formL2TPSetup Function Vulnerability
CVE-2026-9459
Edimax EW-7438RPn formConnectionSetting Function Vulnerability
CVE-2026-9460
Edimax EW-7438RPn formAccept Function Vulnerability
CVE-2026-48172
LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
CVE-2026-47114
IINA User-Assisted Command Execution Vulnerability
CVE-2026-47101
LiteLLM API Key Privilege Escalation
CVE-2026-47102
LiteLLM User Role Modification Vulnerability
CVE-2026-9018
Easy Elements for Elementor Privilege Escalation
CVE-2026-9082
Drupal Core SQL Injection Vulnerability
CVE-2026-24425
Twig sandbox bypass vulnerability
CVE-2026-47114
IINA user-assisted command execution vulnerability
CVE-2026-47101
LiteLLM API key creation with unauthorized access
CVE-2025-34291
Langflow Langflow - Langflow Origin Validation Error Vulnerability
CVE-2026-34926
Trend Micro Apex One - Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
CVE-2026-7498
Cross-site scripting vulnerability in Basamak Information Technology Consulting and Or
CVE-2026-6456
Privilege Escalation in WordPress Account Switcher plugin
CVE-2026-7467
Privilege Escalation in WordPress Read More & Accordion plugin
CVE-2026-7522
Local File Inclusion in WordPress Advanced Database Cleaner – Premium plugin
CVE-2026-5200
Missing Authorization in WordPress AcyMailing plugin
CVE-2026-45495
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2026-8775
Edimax BR-6428NS formL2TPSetup Function Vulnerability
CVE-2026-8776
Edimax BR-6428NS formPPTPSetup Function Vulnerability
CVE-2026-7498
Basamak Information Technology Consulting and Or Cross-Site Scripting Vulnerability
CVE-2018-25322
Allok Fast AVI MPEG Splitter Stack-Based Buffer Overflow
CVE-2020-37227
HS Brand Logo Slider 2.1 Unrestricted File Upload
CVE-2021-47976
TextPattern CMS 4.9.0-dev Remote Code Execution
CVE-2021-47979
WordPress Plugin Backup and Restore 1.0.3 Arbitrary File Deletion
CVE-2026-8719
AI Engine WordPress Plugin Privilege Escalation
CVE-2018-25322
Allok Fast AVI MPEG Splitter 1.2 Stack-Based Buffer Overflow
CVE-2026-6228
WordPress Frontend Admin Plugin Privilege Escalation
CVE-2021-47964
Schlix CMS Remote Code Execution
CVE-2020-37227
HS Brand Logo Slider Unrestricted File Upload
CVE-2021-47976
TextPattern CMS Remote Code Execution
CVE-2021-47979
WordPress Backup and Restore Plugin Arbitrary File Deletion
CVE-2026-42897
Microsoft Exchange Server Cross-Site Scripting Vulnerability
CVE-2026-3425
WordPress RTMKit Addons for Elementor Plugin Local File Inclusion
CVE-2026-32643
BIG-IP and BIG-IQ Systems Privilege Escalation via Certificate Manager Role
CVE-2026-32673
BIG-IP Scripted Monitors Privilege Escalation
CVE-2026-34176
BIG-IP Appliance Mode Remote Command Injection
CVE-2026-20182
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
CVE-2026-6001
Authorization bypass in ABIS Technology Ltd. Co. BAPSİS allows exploitation of trusted identifiers.
CVE-2026-2465
Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-
CVE-2026-30810
Server-Side Request Forgery in Pandora FMS allows Privilege Escalation via API Checker extension.
CVE-2026-31222
Insecure deserialization vulnerability in snorkel library Trainer.load() method.
CVE-2026-31223
Critical insecure deserialization vulnerability in snorkel library BaseLabeler.load() method.
CVE-2026-40636
Dell ECS and ObjectScale Hard-Coded Credentials Vulnerability
CVE-2026-45006
OpenClaw Improper Access Control in Gateway Tool
CVE-2026-7256
Zyxel WRE6505 Command Injection Vulnerability
CVE-2026-6001
ABIS Technology BAPSİS Authorization Bypass
CVE-2026-34963
barebox EFI PE Loader Memory-Safety Vulnerabilities
CVE-2021-47935
Sentry 8.2.0 Remote Code Execution
CVE-2021-47937
e107 CMS 2.3.0 Remote Code Execution
CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution
CVE-2021-47939
Evolution CMS 3.1.6 Remote Code Execution
CVE-2021-47943
TextPattern CMS 4.8.7 Remote Code Execution
CVE-2026-8234
EFM ipTIME A8004T 14.18.2 Vulnerability in formWifiBasicSet
CVE-2021-47935
Sentry 8.2.0 Remote Code Execution Vulnerability
CVE-2021-47937
e107 CMS 2.3.0 Remote Code Execution Vulnerability
CVE-2021-47938
ImpressCMS 1.4.2 Remote Code Execution Vulnerability
CVE-2021-47939
Evolution CMS 3.1.6 Remote Code Execution Vulnerability
CVE-2026-5127
WordPress User Frontend Plugin Deserialization Vulnerability
CVE-2026-39816
Apache NiFi Missing Restricted Annotation in TinkerpopClientService
CVE-2026-8234
EFM ipTIME A8004T formWifiBasicSet Security Vulnerability
CVE-2022-50994
DrayTek Vigor 2960 OS Command Injection
CVE-2026-7807
SmarterTools SmarterMail Local File Inclusion
CVE-2026-42208
BerriAI LiteLLM - SQL Injection Vulnerability
CVE-2026-20034
Cisco Unity Connection Web-based Management Interface Arbitrary Code Execution
CVE-2026-41934
Vvveb Authenticated Remote Code Execution in Admin Code Editor
CVE-2026-7927
Google Chrome Type Confusion in Runtime Arbitrary Code Execution
CVE-2026-43584
OpenClaw Insufficient Environment Variable Denylist Vulnerability
CVE-2026-6973
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
CVE-2023-54345
Frappe Framework ERPNext Sandbox Escape Vulnerability
CVE-2023-54348
ERPGo SaaS CSV Injection Vulnerability
CVE-2026-42434
OpenClaw Sandbox Escape Vulnerability
CVE-2026-42435
OpenClaw Insufficient Shell-Wrapper Detection Vulnerability
CVE-2026-0300
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
CVE-2026-2052
Remote Code Execution in Widget Options WordPress Plugin
CVE-2026-7607
Firmware Update Vulnerability in TRENDnet TEW-821DAP
CVE-2026-7489
SQL Injection in Sunnet CTMS
CVE-2026-7674
Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1
CVE-2026-7675
Remote Code Execution in Shenzhen Libituo Technology LBT-T300-HW1
CVE-2026-2052
The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Executio
CVE-2026-7489
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify,
CVE-2026-7641
The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the
CVE-2026-7607
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udp
CVE-2026-7598
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c.
CVE-2026-6389
IBM Turbonomic prometurbo agent - Excessive Cluster-Wide Permissions
CVE-2026-6543
IBM Langflow Desktop - Arbitrary Command Execution
CVE-2026-7551
HKUDS OpenHarness - Remote Code Execution via /bridge Slash Command
CVE-2026-40912
Traefik - High Severity Authentication Bypass
CVE-2026-31431
Linux Kernel - Incorrect Resource Transfer Between Spheres Vulnerability
CVE-2026-34965
Cockpit CMS - Authenticated remote code execution vulnerability
CVE-2026-7466
AgentFlow - Arbitrary code execution vulnerability
CVE-2018-25308
BuddyPress Xprofile Custom Fields Type - Remote code execution vulnerability
CVE-2026-6849
TUBITAK BILGEM Software Technologies Research Institute Pardus - OS command injection vulnerability
CVE-2026-41940
WebPros cPanel & WHM and WP2 (WordPress Squared) - Missing Authentication for Critical Function
CVE-2026-41404
OpenClaw incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privileges
CVE-2026-42422
OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles.
CVE-2026-41378
OpenClaw before 2026.3.31 contains a privilege escalation vulnerability allowing paired nodes with role=node to dispatch node.event agent requests.
CVE-2026-7288
A vulnerability has been found in D-Link DIR-825M 1.1.12 affecting the function sub_4151FC of the file /boafrm/formVpnConfigSetup.
CVE-2026-7289
A vulnerability was found in D-Link DIR-825M 1.1.12 affecting the function sub_414BA8 of the file /boafrm/formWanConfigSetup.
CVE-2026-6741
LatePoint WordPress Plugin Privilege Escalation Vulnerability
CVE-2026-41463
ProjeQtor ZipSlip Path Traversal Vulnerability
CVE-2026-7096
Tenda HG3 2.0 formgponConf Function Vulnerability
CVE-2024-1708
ConnectWise ScreenConnect Path Traversal Vulnerability
CVE-2026-32202
Microsoft Windows Protection Mechanism Failure Vulnerability
CVE-2026-7068
D-Link DIR-825 Router NMBD_process Remote Code Execution
CVE-2026-7029
Tenda F456 Router addressNat Function Weakness
CVE-2026-7034
Tenda FH1202 Router WrlExtraSet Function Vulnerability
CVE-2026-7053
Tenda F456 Router HTTP Daemon L7Prot Flaw
CVE-2026-7057
Tenda F456 Router HTTP Daemon setcfm Unknown Flaw
CVE-2026-6988
Tenda HG10 Router Remote Code Execution
CVE-2026-7019
Tenda F456 Router P2pListFilter Vulnerability
CVE-2026-7029
Tenda F456 Router Address NAT Bypass
CVE-2026-7030
Tenda F456 Router Static Route Manipulation
CVE-2026-7031
Tenda F456 Router SafeMacFilter Bypass
CVE-2026-6988
A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of th
CVE-2026-7019
A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The ma
CVE-2026-6977
A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask AP
CVE-2026-6980
A vulnerability has been found in Divyanshu-hash GitPilot-MCP up to 9ed9f153ba4158a2ad230ee4871b25130da29ffd. This impacts the function repo_path of t
CVE-2026-6987
A vulnerability was detected in PicoClaw up to 0.2.4. Impacted is an unknown function of the file /api/gateway/restart of the component Web Launcher M
CVE-2025-29635
D-Link DIR-823X Command Injection Vulnerability
CVE-2024-7399
Samsung MagicINFO 9 Server Path Traversal Vulnerability
CVE-2024-57728
SimpleHelp Path Traversal Vulnerability
CVE-2024-57726
SimpleHelp Missing Authorization Vulnerability
N/A-0000-0000
No Further Top Critical Vulnerabilities Identified
CVE-2026-6859
InstructLab Remote Code Execution via Hardcoded Trust
CVE-2026-41349
OpenClaw Agentic Consent Bypass Vulnerability
CVE-2026-41468
Beghelli Sicuro24 AngularJS Sandbox Escape Vulnerability
CVE-2026-34413
Xerte Online Toolkits Missing Authentication Vulnerability
CVE-2026-39987
Marimo Remote Code Execution Vulnerability
CVE-2026-6859
InstructLab - Remote Code Execution via Hardcoded Trust
CVE-2026-41468
Beghelli Sicuro24 SicuroWeb - AngularJS Sandbox Escape leading to RCE
CVE-2026-34413
Xerte Online Toolkits - Missing Authentication in elFinder Connector
CVE-2026-41455
WeKan - Server-Side Request Forgery via Webhook Integration
CVE-2026-33825
Microsoft Defender - Insufficient Granularity of Access Control Vulnerability
CVE-2026-6249
Vvveb CMS Remote Code Execution via Media Upload
CVE-2026-5967
ThreatSonar Anti-Ransomware Privilege Escalation
CVE-2026-34427
Vvveb Admin User Profile Privilege Escalation
CVE-2026-41445
KissFFT Integer Overflow in kiss_fftndr_alloc()
CVE-2026-34291
Oracle HTTP Server Core Vulnerability
CVE-2026-20122
Cisco Catalyst SD-WAN Manger - Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
CVE-2026-20133
Cisco Catalyst SD-WAN Manager - Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
CVE-2025-2749
Kentico Kentico Xperience - Kentico Xperience Path Traversal Vulnerability
CVE-2023-27351
PaperCut NG/MF - PaperCut NG/MF Improper Authentication Vulnerability
CVE-2025-48700
Synacor Zimbra Collaboration Suite (ZCS) - Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
CVE-2026-6518
CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and Remote Code Execution
CVE-2026-3464
WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion
CVE-2026-40516
OpenHarness: Server-Side Request Forgery (SSRF)
CVE-2026-40527
radare2: Command Injection via Crafted ELF Binaries
CVE-2026-6507
dnsmasq: Out-of-Bounds Write via Specially Crafted BOOTREPLY
CVE-2026-6518
CMP – Coming Soon & Maintenance Plugin for WordPress: Arbitrary File Upload and RCE
CVE-2026-1620
Livemesh Addons for Elementor plugin for WordPress: Local File Inclusion
CVE-2025-14868
Career Section plugin for WordPress: CSRF leading to Path Traversal and Arbitrary File Deletion
CVE-2026-3464
WP Customer Area plugin for WordPress: Arbitrary File Read and Deletion
CVE-2026-6507
dnsmasq: Remote Out-of-bounds Write via BOOTREPLY
CVE-2026-40502
OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive a
CVE-2026-6348
WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrar
CVE-2023-3634
In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which co
CVE-2026-5617
The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_re
CVE-2026-34197
Apache ActiveMQ - Apache ActiveMQ Improper Input Validation Vulnerability
CVE-2026-25654
Siemens SINEC NMS Authorization Bypass
CVE-2026-27668
Siemens RUGGEDCOM CROSSBOW SAM-P Privilege Escalation
CVE-2026-40040
Pachno Unrestricted File Upload Vulnerability
CVE-2009-0238
Microsoft Office Remote Code Execution
CVE-2026-32201
Microsoft SharePoint Server Improper Input Validation
CVE-2025-60710
Microsoft Windows - Microsoft Windows Link Following Vulnerability
CVE-2023-36424
Microsoft Windows - Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2023-21529
Microsoft Exchange Server - Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2026-21643
Fortinet FortiClient EMS - Fortinet SQL Injection Vulnerability
CVE-2026-34621
Adobe Acrobat and Reader - Adobe Acrobat and Reader Prototype Pollution Vulnerability
CVE-2026-6120
Tenda F451 Router fromDhcpListClient Vulnerability
CVE-2026-6121
Tenda F451 Router WrlclientSet Vulnerability
CVE-2026-6122
Tenda F451 Router L7 Protocol Form Vulnerability
CVE-2026-6123
Tenda F451 Router Address NAT Vulnerability
CVE-2026-6124
Tenda F451 Router Safe MAC Filter Vulnerability
CVE-2026-5144
BuddyPress Groupblog plugin for WordPress Privilege Escalation
CVE-2026-35643
OpenClaw Unvalidated WebView JavascriptInterface Arbitrary Instruction Injection
CVE-2026-6120
Tenda F451 Router Remote Code Execution Vulnerability
CVE-2026-35663
OpenClaw Privilege Escalation for Non-Admin Operators
CVE-2026-34621
Adobe Acrobat Reader Improperly Controlled Modification of Object Prototype Attributes
CVE-2026-35638
OpenClaw Control UI Unauthenticated Privilege Escalation
CVE-2026-39911
Hashgraph Guardian Unsandboxed JavaScript Execution
CVE-2026-33785
Juniper Junos OS MX Series Missing Authorization Privilege Escalation
CVE-2025-13914
Juniper Apstra SSH Key Exchange Without Entity Authentication
CVE-2023-54359
WordPress adivaha Travel Plugin Time-Based Blind SQL Injection
CVE-2026-3243
WordPress Advanced Members for ACF Plugin Arbitrary File Deletion
CVE-2026-4326
WordPress Vertex Addons for Elementor Plugin Missing Authorization
CVE-2026-5815
D-Link DIR-645 Router Remote Code Execution Vulnerability
CVE-2026-5830
Tenda AC15 Router Remote Code Execution Vulnerability
CVE-2026-5436
WordPress MW WP Form Plugin Arbitrary File Move/Read