CVE-2026-33670

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the /api/file/readDir interface was used to traverse and retrieve the file names of all documents under a notebook. Version 3.6.2 patches the issue...

CVE-2026-33545

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

CVE-2026-34055

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in library/pnotes.inc.php perform updates and deletes using WHERE id = ? without verifying that the note belongs to a patient the...

CVE-2026-1001

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...

CVE-2026-33347

league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like...

CVE-2026-33419

MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable...

CVE-2026-33314

pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, a Host Header Spoofing vulnerability in the @localcheck decorator allows unauthenticated external attackers to bypass local-only restrictions. This grants access to the Click'N'Load API endpoints,...

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

CVE-2026-4718

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

CVE-2026-4711

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

CVE-2026-4673

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2026-4368

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway SSL VPN, ICA Proxy, CVPN, RDP Proxy or AAA virtual server leading to User Session Mixup...

CVE-2026-33041

WWBN AVideo is an open source video platform. In versions 25.0 and below, /objects/encryptPass.json.php exposes the application's password hashing algorithm to any unauthenticated user. An attacker can submit arbitrary passwords and receive their hashed equivalents, enabling offline password...

CVE-2026-32025

OpenClaw versions prior to 2026.2.25 contain an authentication hardening gap in browser-origin WebSocket clients that allows attackers to bypass origin checks and auth throttling on loopback deployments. An attacker can trick a user into opening a malicious webpage and perform password brute-forc...

CVE-2026-31883

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a sizet underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header...

CVE-2026-29774

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a client-side heap buffer overflow occurs in the FreeRDP client's AVC420/AVC444 YUV-to-RGB conversion path due to missing horizontal bounds validation of H.264 metablock regionRects coordinates. In yuv.c, the clamp...

CVE-2026-3920

Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-31958

Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the maxbodysize setting default 100MB. Since parsing occurs synchronously on the main thread, this creates the possibility ...

CVE-2026-3783

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the hostname that the first request is redirected to has information in the used .netrc file, with eithe...

CVE-2026-30929

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This vulnerability is fix...

CVE-2026-27137

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

CVE-2026-3598

Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Config string generation, web console export modules allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program routin...

CVE-2026-3538

Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-20079

A vulnerability in the web interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due ...

CVE-2026-23231

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftablesaddchain nftablesaddchain publishes the chain to table-chains via listaddtailrcu in nftchainadd before registering hooks. If nftablesregisterhook then fails, the error path calls...

CVE-2026-2256

A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input...

CVE-2026-28419

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding...

CVE-2026-27966

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.8.0, the CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python an...

CVE-2026-25955

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reuses a cached XImage whose data pointer references a freed RDPGFX surface buffer, because gdiDeleteSurface frees surface-data without invalidating the appWindow-image that...

CVE-2026-2768

Sandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2759

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2024-56373

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

CVE-2026-26983

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a...

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

CVE-2026-27197

Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on t...

CVE-2026-24946

Missing Authorization vulnerability in tychesoftwares Print Invoice & Delivery Notes for WooCommerce woocommerce-delivery-notes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through = 5.8.0...

CVE-2016-8338

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental...

CVE-2025-13965

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason: This candidate is a reservation duplicate of CVE-2025-12500. Notes: All CVE users should reference CVE-2025-12500 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

CVE-2013-0064

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none...

CVE-2012-5236

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

CVE-2019-25376

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogAC...

CVE-2026-23193

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...

CVE-2026-1512

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Info Box widget in all versions up to, and including, 6.5.9 due to insufficient input sanitization and output escaping on user supplied...

CVE-2026-1844

The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pyslandingpage' parameter in all versions up to, and including, 12.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-26333

Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs including EndeavorServer.rem and RemoteFileReceiver.rem and permits the use of SOAP and binary formatters with TypeFilterLevel set to Full. An...

CVE-2026-23111

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate nftmapcatchallactivate has an inverted element activity check compared to its non-catchall counterpart nftmapelemactivate and compared to what is logically...

CVE-2023-31313

An unintended proxy or intermediary in the AMD power management firmware PMFW could allow a privileged attacker to send malformed messages to the system management unit SMU potentially resulting in arbitrary code execution...

CVE-2026-21722

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

CVE-2026-1837

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...