CVE-2026-3370

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

EUVD-2026-10488

HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL...

EUVD-2025-208497

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8,...

EUVD-2026-10448

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...

EUVD-2026-10813

Craft Commerce is Vulnerable to SQL Injection in Commerce Purchasables Table Sorting...

Cross-site Request Forgery (CSRF)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create-token process. An attacker can gain unauthorized access to previewed or unpublished content by tricking a logged-in user with active preview...

CVE-2026-30969

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server did not enforce strong authentication between agents and the server within an active session. This could allow an attacker who...

CVE-2026-30960

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT Just-In-Time compilation engine, which is fully exposed via the CFFI Foreign Functi...

CVE-2026-30933

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info. This vulnerability is fixed in 1.3.1-beta and...

CVE-2025-68482

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8,...

CVE-2025-68482

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8,...

EUVD-2026-10720

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack overflow in CIccBasicStructFactory::CreateStruct causing uncontrolled recursion/stack exhaustion and crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30984

The CVE-2026-30984 entry pertains to iccDEV libraries: a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence() prior to version 2.3.1.5, leading to application crashes. Impact is limited to confidentiality/ integrity: Low confidentiality impact, no integrity impact, but High availability...

CVE-2026-30979 iccDEV has a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp triggered with local user interaction causing memory corruption/crash. This vulnerability is fixed in 2.3.1.5...

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

CVE-2026-30974

The copyparty advisory GHSA-M6HV-X64C-27MM describes a vulnerability where the nohtml volflag failed to block JavaScript in SVG files. Although not a vulnerability by itself, this allowed a user with write access to upload an SVG containing embedded JavaScript that could execute when opened, pote...

EUVD-2026-10708

Coral Server is open collaboration infrastructure that enables communication, coordination, trust and payments for The Internet of Agents. Prior to 1.1.0, Coral Server allowed the creation of agent sessions through the /api/v1/sessions endpoint without strong authentication. This endpoint perform...

CVE-2026-30960

The CVE entry CVE-2026-30960 has a connected advisory GHSA-9C4H-PWMF-M6FJ describing an Arbitrary Code Execution in RSSN via the JIT compilation engine exposed through the CFFI interface. The vulnerability stems from improper input validation and external control of code generation, enabling an a...

EUVD-2026-10704

rssn is a scientific computing library for Rust, combining a high-performance symbolic computation engine with numerical methods support and physics simulations functionalities. The vulnerability exists in the JIT Just-In-Time compilation engine, which is fully exposed via the CFFI Foreign Functi...

CVE-2026-26108 Microsoft Excel Remote Code Execution Vulnerability

...