19,785 CVEs published in 2026. 0 flagged on the CISA Known Exploited Vulnerabilities catalog. Every guide includes runnable Linux, Windows PowerShell, and Bash remediation commands.
19,785 fix guides from 2026CVE-2026-27088 is a vulnerability in Darna Framework. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27093 is a wordpress tripgo theme < 1.5.6 - local file inclusion in Ovatheme Tripgo. CVSS 8.1 High. Patch commands, mitigations, an
CVE-2026-27096: CWE-502 Deserialization of Untrusted Data in ColorFolio - Freelance Designer WordPress Theme. Patch commands and verificatio
CVE-2026-27097 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-27098 is a unsafe deserialization in axiomthemes Au Pair Agency - Babysitting & Nanny Theme. This page lists the verified fix and i
CVE-2026-27115 is a path traversal in ADB-Explorer. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27124: CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') in fastmcp. Patch commands and verification.
CVE-2026-27127 is a time-of-check time-of-use (toctou) race condition in craftcms cms. This page lists the verified fix and inline mitigatio
CVE-2026-2713: CWE-427 Uncontrolled Search Path Element in Trusteer Rapport installer. Patch commands and verification.
CVE-2026-27134: an authentication bypass in strimzi-kafka-operator. Patched version and vendor advisory inside.
CVE-2026-27135 is a cwe-617: reachable assertion in nghttp2. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-27137 is a security vulnerability in Go standard library crypto/x509. This page lists the verified fix and inline mitigations.
CVE-2026-27140: Code execution vulnerability in SWIG code generation in cmd/go in cmd/go. Patch commands and verification.
CVE-2026-27141 is a null pointer dereference in golang.org/x/net golang.org/x/net/http2. This page lists the verified fix and inline mitigat
CVE-2026-27144: Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile in cmd/compile. Patch commands and ver
CVE-2026-27146 is a vulnerability in GetSimpleCMS-CE. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27148 is a improper neutralization of special elements in output used by a downstream component ('injection') in storybookjs storyb
CVE-2026-27161 is an information disclosure in GetSimpleCMS-CE. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-27168 is a path traversal in sail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27169 is a vulnerability in OpenSift. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27170 is an improper input validation in OpenSift. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-27172 - CWE-502 Deserialization of Untrusted Data in Apache Camel. Runnable patch commands, mitigation, and verification on this pa
CVE-2026-27179 is a SQL injection in MajorDoMo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27181 is a vulnerability in MajorDoMo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27182: an OS command injection in Saturn Remote Mouse Server. Patched version and vendor advisory inside.
CVE-2026-27190 is an OS command injection in deno. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27191 is a open redirect in feathersjs feathers. This page lists the verified fix and inline mitigations.
CVE-2026-27192 is a origin validation error in feathersjs feathers. This page lists the verified fix and inline mitigations.
CVE-2026-27193 is a information exposure in feathersjs feathers. This page lists the verified fix and inline mitigations.
CVE-2026-27194 is a improper neutralization of special elements in output used by a downstream component ('injection') in man-group dtale. T
CVE-2026-27196 is a cross-site scripting in statamic cms. This page lists the verified fix and inline mitigations.
CVE-2026-27198 is a privilege escalation in getformwork formwork. This page lists the verified fix and inline mitigations.
CVE-2026-27202 is a path traversal in GetSimpleCMS-CE. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-27203 is a vulnerability in ebay-mcp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27206 is a unsafe deserialization in zumba json-serializer. This page lists the verified fix and inline mitigations.
CVE-2026-27220 is a acrobat reader | use after free (cwe-416) in Adobe Acrobat Reader. CVSS 7.8 High. Patch commands, mitigations, and verif
CVE-2026-27238 is a heap buffer overflow in InDesign Desktop. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-2724: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Unlimited Elements For Element
CVE-2026-27267 is a illustrator | stack-based buffer overflow (cwe-121) in Adobe Illustrator. CVSS 7.8 High. Patch commands, mitigations, an
CVE-2026-27269 is a premiere pro | out-of-bounds read (cwe-125) in Adobe Premiere Pro. CVSS 7.8 High. Patch commands, mitigations, and verif
CVE-2026-27271 is a illustrator | heap-based buffer overflow (cwe-122) in Adobe Illustrator. CVSS 7.8 High. Patch commands, mitigations, and
CVE-2026-27272 is a illustrator | out-of-bounds write (cwe-787) in Adobe Illustrator. CVSS 7.8 High. Patch commands, mitigations, and verifi
CVE-2026-27273: Substance3D - Stager | Out-of-bounds Write (CWE-787) in Substance3D - Stager. Patch commands and verification.
CVE-2026-27274: Substance3D - Stager | Out-of-bounds Write (CWE-787) in Substance3D - Stager. Patch commands and verification.
CVE-2026-27275: Substance3D - Stager | Out-of-bounds Write (CWE-787) in Substance3D - Stager. Patch commands and verification.
CVE-2026-27276: Substance3D - Stager | Use After Free (CWE-416) in Substance3D - Stager. Patch commands and verification.
CVE-2026-27277: Substance3D - Stager | Use After Free (CWE-416) in Substance3D - Stager. Patch commands and verification.
CVE-2026-27278 is a acrobat reader | use after free (cwe-416) in Adobe Acrobat Reader. CVSS 7.8 High. Patch commands, mitigations, and verif
CVE-2026-27279: Substance3D - Stager | Out-of-bounds Write (CWE-787) in Substance3D - Stager. Patch commands and verification.
CVE-2026-27280 is a dng sdk | out-of-bounds write (cwe-787) in Adobe DNG SDK. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-27282 is an improper input validation in ColdFusion. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27283 is an use-after-free in InDesign Desktop. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27284 is an out-of-bounds read in InDesign Desktop. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-27287 is an out-of-bounds read in InCopy. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27289 is an out-of-bounds read in Photoshop Desktop. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27290 is an untrusted search path in Adobe Framemaker. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-27291 is an out-of-bounds write in InDesign Desktop. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27292 is an use-after-free in Adobe Framemaker. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27293 is a heap buffer overflow in Adobe Framemaker. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27294 is an out-of-bounds read in Adobe Framemaker. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-27295 is an out-of-bounds write in Adobe Framemaker. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27296 is an integer underflow (wrap or wraparound) (cwe-191) in Adobe Framemaker. This page lists verified fix commands and short-t
CVE-2026-27297 is an integer underflow (wrap or wraparound) (cwe-191) in Adobe Framemaker. This page lists verified fix commands and short-t
CVE-2026-27298 is an access of resource using incompatible type in Adobe Framemaker. This page lists verified fix commands and short-term mi
CVE-2026-27305 is a path traversal in ColdFusion. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27306 is an improper input validation in ColdFusion. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27309 is an use-after-free in Substance3D - Stager. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-27310 is a heap buffer overflow in Bridge. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27311 is a heap buffer overflow in Bridge. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27312 is a heap buffer overflow in Bridge. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27313 is a heap buffer overflow in Bridge. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27314: Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass in Apache Cassandra. Patch commands and verific
CVE-2026-27326 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes A
CVE-2026-27332 is a cross-site scripting in skygroup Agrofood. This page lists the verified fix and inline mitigations.
CVE-2026-27334 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in dan_fisher Al
CVE-2026-27335 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-27336 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-27337 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-27338 is a unsafe deserialization in AivahThemes Car Zone. This page lists the verified fix and inline mitigations.
CVE-2026-27339 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-27340 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-27341 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-27342 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-27343 is a vulnerability in Airtifact. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27348 is a cross-site scripting in ThemeGoods Photography. This page lists the verified fix and inline mitigations.
CVE-2026-27352 is a cross-site scripting in ThemeGoods Starto. This page lists the verified fix and inline mitigations.
CVE-2026-27353 is a cross-site scripting in ThemeGoods Grand News. This page lists the verified fix and inline mitigations.
CVE-2026-27358 is a cross-site scripting in ThemeGoods Architecturer. This page lists the verified fix and inline mitigations.
CVE-2026-27359 is a cross-site scripting in fox-themes Awa Plugins. This page lists the verified fix and inline mitigations.
CVE-2026-27361 is a missing authorization in WebCodingPlace Responsive Posts Carousel Pro. This page lists the verified fix and inline mitig
CVE-2026-27363 is a cross-site scripting in kamleshyadav WP Bakery Autoresponder Addon. This page lists the verified fix and inline mitigati
CVE-2026-27367 is a cross-site scripting in ThemeGoods Musico. This page lists the verified fix and inline mitigations.
CVE-2026-27369 is a unsafe deserialization in BoldThemes Celeste. This page lists the verified fix and inline mitigations.
CVE-2026-2737: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Flowmon. Patch commands and verificat
CVE-2026-27370 is a insertion of sensitive information into sent data in Premio Chaty. This page lists the verified fix and inline mitigatio
CVE-2026-27373 is a SQL injection in Essekia Tablesome. This page lists the verified fix and inline mitigations.
CVE-2026-27374 is a missing authorization in vanquish WooCommerce Order Details. This page lists the verified fix and inline mitigations.
CVE-2026-27375 is a cross-site scripting in JanStudio Gecko. This page lists the verified fix and inline mitigations.
CVE-2026-27376 is a cross-site scripting in JanStudio Claue - Clean, Minimal Elementor WooCommerce Theme. This page lists the verified fix a
CVE-2026-27379 is a unsafe deserialization in NextScripts NextScripts. This page lists the verified fix and inline mitigations.
CVE-2026-27381 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in thembay Aora.
CVE-2026-27382 is a cross-site scripting in RadiusTheme Metro. This page lists the verified fix and inline mitigations.
CVE-2026-27383 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in RadiusTheme M
CVE-2026-27385 is a cross-site scripting in designthemes DesignThemes Portfolio. This page lists the verified fix and inline mitigations.
CVE-2026-27386 is a missing authorization in designthemes DesignThemes Directory Addon. This page lists the verified fix and inline mitigati
CVE-2026-27388 is a missing authorization in designthemes DesignThemes Booking Manager. This page lists the verified fix and inline mitigati
CVE-2026-27390 is a authentication bypass using an alternate path or channel in designthemes WeDesignTech Ultimate Booking Addon. This page
CVE-2026-27396 is a missing authorization in e-plugins Directory Pro. This page lists the verified fix and inline mitigations.
CVE-2026-2740: an OS command injection in ManageEngine ADSelfService Plus. Patched version and vendor advisory inside.
CVE-2026-27406 is a insertion of sensitive information into sent data in Joe Dolson My Tickets. This page lists the verified fix and inline
CVE-2026-27428 is a SQL injection in Eagle-Themes Eagle Booking. This page lists the verified fix and inline mitigations.
CVE-2026-27443 is a improper input validation in SEPPmail Secure Email Gateway. This page lists the verified fix and inline mitigations.
CVE-2026-27444 is a cwe-436 interpretation conflict in SEPPmail Secure Email Gateway. This page lists the verified fix and inline mitigation
CVE-2026-27449 is a improper access control in umbraco Umbraco.Engage.Forms. This page lists the verified fix and inline mitigations.
CVE-2026-27458 is a improper neutralization of script-related html tags in a web page (basic xss) in Kovah LinkAce. This page lists the veri
CVE-2026-27459 is a pyopenssl dtls cookie callback buffer overflow in Pyca pyopenssl. CVSS 7.2 High. Patch commands, mitigations, and verifi
CVE-2026-27464 is a improper neutralization of special elements used in a template engine in metabase metabase. This page lists the verified
CVE-2026-27466 is a exposure of resource to wrong sphere in bigbluebutton bigbluebutton. This page lists the verified fix and inline mitigat
CVE-2026-27470 is a SQL injection in ZoneMinder zoneminder. This page lists the verified fix and inline mitigations.
CVE-2026-27479 is a SSRF in ellite Wallos. This page lists the verified fix and inline mitigations.
CVE-2026-2748 is a improper certificate validation in SEPPmail Secure Email Gateway. This page lists the verified fix and inline mitigations
CVE-2026-27483 is a path traversal in mindsdb mindsdb. This page lists the verified fix and inline mitigations.
CVE-2026-27487 is a OS command injection in openclaw openclaw. This page lists the verified fix and inline mitigations.
CVE-2026-27489 is a onnx: path traversal via symlink in onnx. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-27494 is a exposure of sensitive system information to an unauthorized control sphere in n8n-io n8n. This page lists the verified f
CVE-2026-27496 is a vulnerability in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27509 is a missing authentication in UnitreeRobotics Unitree Go2. This page lists the verified fix and inline mitigations.
CVE-2026-2751 is a SQL injection in Centreon Centreon Web on Central Server. This page lists the verified fix and inline mitigations.
CVE-2026-27514 is a insertion of sensitive information into sent data in Shenzhen Tenda Technology Co., Ltd. Tenda F3. This page lists the v
CVE-2026-27516 is a cwe-201 insertion of sensitive information into sent data in Binardat Ltd. 10G08-0800GSM Network Switch. This page lists
CVE-2026-27519 is a cwe-321 use of hard-coded cryptographic key in Binardat Ltd. 10G08-0800GSM Network Switch. This page lists the verified
CVE-2026-27520 is a cwe-312 cleartext storage of sensitive information in Binardat Ltd. 10G08-0800GSM Network Switch. This page lists the ve
CVE-2026-27522: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in OpenClaw. Patch commands and verifi
CVE-2026-2753 is a cwe-36 absolute path traversal in Navtor NavBox. This page lists the verified fix and inline mitigations.
CVE-2026-2754 is a missing authentication in Navtor NavBox. This page lists the verified fix and inline mitigations.
CVE-2026-27541 is a incorrect privilege assignment in Josh Kohlbach Wholesale Suite. This page lists the verified fix and inline mitigations
CVE-2026-27566: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) in OpenClaw. Patch comma
CVE-2026-27578 is a improper neutralization of script-related html tags in a web page (basic xss) in n8n-io n8n. This page lists the verifie
CVE-2026-27579 is a origin validation error in karnop realtime-collaboration-platform. This page lists the verified fix and inline mitigatio
CVE-2026-27586 is a improper handling of exceptional conditions in caddyserver caddy. This page lists the verified fix and inline mitigation
CVE-2026-27587 is a improper handling of case sensitivity in caddyserver caddy. This page lists the verified fix and inline mitigations.
CVE-2026-27588 is a improper handling of case sensitivity in caddyserver caddy. This page lists the verified fix and inline mitigations.
CVE-2026-27590 is a improper input validation in caddyserver caddy. This page lists the verified fix and inline mitigations.
CVE-2026-27598 is a path traversal in dagu-org dagu. This page lists the verified fix and inline mitigations.
CVE-2026-27601 is a resource exhaustion in jashkenas emphasizes. This page lists the verified fix and inline mitigations.
CVE-2026-27602 is an OS command injection in modoboa. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27603 is a missing authentication in chartbrew chartbrew. This page lists the verified fix and inline mitigations.
CVE-2026-27606 is a path traversal in rollup rollup. This page lists the verified fix and inline mitigations.
CVE-2026-27607 is a improper input validation in rustfs rustfs. This page lists the verified fix and inline mitigations.
CVE-2026-27609 is a CSRF in parse-community parse-dashboard. This page lists the verified fix and inline mitigations.
CVE-2026-27610 is a improper validation of unsafe equivalence in input in parse-community parse-dashboard. This page lists the verified fix
CVE-2026-27611 is a information exposure in gtsteffaniak filebrowser. This page lists the verified fix and inline mitigations.
CVE-2026-27615 is a path traversal: 'uncsharename' (windows unc share) in Alex4SSB ADB-Explorer. This page lists the verified fix and inline
CVE-2026-27616 is a cross-site scripting in go-vikunja vikunja. This page lists the verified fix and inline mitigations.
CVE-2026-27622 is a out-of-bounds write in AcademySoftwareFoundation openexr. This page lists the verified fix and inline mitigations.
CVE-2026-27623 is a improper input validation in valkey-io valkey. This page lists the verified fix and inline mitigations.
CVE-2026-27624 is a improper access control in coturn coturn. This page lists the verified fix and inline mitigations.
CVE-2026-27625 is a path traversal in Stirling-PDF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27627 is a cross-site scripting in karakeep-app karakeep. This page lists the verified fix and inline mitigations.
CVE-2026-27630 is a denial of service via resource consumption in maximmasiutin TinyWeb. This page lists the verified fix and inline mitigat
CVE-2026-27633 is a denial of service via resource consumption in maximmasiutin TinyWeb. This page lists the verified fix and inline mitigat
CVE-2026-27634: Piwigo: Pre-auth SQL injection via date filter parameters in ws_std_image_sql_filter in Piwigo. Patch commands and verificat
CVE-2026-27635 is a OS command injection in manyfold3d manyfold. This page lists the verified fix and inline mitigations.
CVE-2026-27636 is a unrestricted file upload in freescout-help-desk freescout. This page lists the verified fix and inline mitigations.
CVE-2026-27639 is a cross-site scripting in dbarzin mercator. This page lists the verified fix and inline mitigations.
CVE-2026-27640 is a improper removal of sensitive information before storage or transfer in oocx tfplan2md. This page lists the verified fix
CVE-2026-27647 is a cwe-613 in Mobility46 mobility46.se. This page lists the verified fix and inline mitigations.
CVE-2026-27648 is an OS command injection in OpenHarmony. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-27649 is a vulnerability in Chargeportal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27650: an OS command injection in BUFFALO Wi-Fi router products. Patched version and vendor advisory inside.
CVE-2026-27651 is a vulnerability in NGINX Open Source. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-27652 is a cwe-613 in CloudCharge cloudcharge.se. This page lists the verified fix and inline mitigations.
CVE-2026-27654 is a path traversal in NGINX Open Source. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-27655 is a stored xss in Zohocorp ManageEngine Exchange Reporter Plus, fixed by the same patch as CVE-2026-3879.
CVE-2026-27662: an insecure default configuration in SIMATIC HMI MTP1000 Unified Comfort Pane. Patched version and vendor advisory inside.
CVE-2026-27664: an OS command injection in CPCI85 Central Processing/Communication. Patched version and vendor advisory inside.
CVE-2026-27668 is a cwe-266: incorrect privilege assignment in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P). This page lists ver
CVE-2026-2767 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27689: Denial of service (DOS) in SAP Supply Chain Management in SAP Supply Chain Management. Patch commands and verification.
CVE-2026-2769 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27692 is a out-of-bounds read in InternationalColorConsortium iccDEV. This page lists the verified fix and inline mitigations.
CVE-2026-27696 is a SSRF in dgtlmoon changedetection.io. This page lists the verified fix and inline mitigations.
CVE-2026-2770 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27700 is a insufficient verification of data authenticity in honojs hono. This page lists the verified fix and inline mitigations.
CVE-2026-27701 is a code injection in live-codes livecodes. This page lists the verified fix and inline mitigations.
CVE-2026-27703 is a riot has an out-of-bounds write in nanocoap handler in Riot-os RIOT. CVSS 7.5 High. Patch commands, mitigations, and ver
CVE-2026-27706 is a SSRF in makeplane plane. This page lists the verified fix and inline mitigations.
CVE-2026-27707 is a authentication bypass using an alternate path or channel in seerr-team seerr. This page lists the verified fix and inlin
CVE-2026-2772 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27727 is a improper neutralization of special elements in output used by a downstream component ('injection') in swaldman mchange-c
CVE-2026-27730 is a SSRF in esm-dev esm.sh. This page lists the verified fix and inline mitigations.
CVE-2026-27732 is a SSRF in WWBN AVideo. This page lists the verified fix and inline mitigations.
CVE-2026-2774 is a integer overflow in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27745 is a code injection in SPIP interface_traduction_objets. This page lists the verified fix and inline mitigations.
CVE-2026-27747 is a SQL injection in SPIP interface_traduction_objets. This page lists the verified fix and inline mitigations.
CVE-2026-27748 is a link following / symlink in Gen Digital Inc. Avira Internet Security. This page lists the verified fix and inline mitiga
CVE-2026-27749 is a unsafe deserialization in Gen Digital Inc. Avira Internet Security. This page lists the verified fix and inline mitigati
CVE-2026-27750 is a cwe-367 time-of-check time-of-use (toctou) race condition in Gen Digital Inc. Avira Internet Security. This page lists t
CVE-2026-27752 is a cwe-319 cleartext transmission of sensitive information in Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks)
CVE-2026-27757 is a cwe-620 unverified password change in Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) SODOLA SL902-SWTGW124
CVE-2026-27764 is a cwe-613 in Mobiliti e-mobi.hu. This page lists the verified fix and inline mitigations.
CVE-2026-27776 is a unsafe deserialization in NTT DATA INTRAMART Corporation intra-mart Accel Platform. This page lists the verified fix and
CVE-2026-27778 is a cwe-307 in ePower epower.ie. This page lists the verified fix and inline mitigations.
CVE-2026-27784 is a vulnerability in NGINX Open Source. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-27785 - CWE-798 in MS-Cxx63-PD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-2780 is a privilege escalation in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27800 is a path traversal in zed-industries zed. This page lists the verified fix and inline mitigations.
CVE-2026-27802 is a privilege escalation in dani-garcia vaultwarden. This page lists the verified fix and inline mitigations.
CVE-2026-27803 is a privilege escalation in dani-garcia vaultwarden. This page lists the verified fix and inline mitigations.
CVE-2026-27806: Fleet Affected by Local Privilege Escalation via Tcl Command Injection in Orbit in fleet. Patch commands and verification.
CVE-2026-2781 is a integer overflow in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27811: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in roxy-wi. Patch commands and v
CVE-2026-27812 is a improper encoding or escaping of output in Wei-Shaw sub2api. This page lists the verified fix and inline mitigations.
CVE-2026-27818 is a improper input validation in TerriaJS terriajs-server. This page lists the verified fix and inline mitigations.
CVE-2026-27819 is a path traversal in go-vikunja vikunja. This page lists the verified fix and inline mitigations.
CVE-2026-2782 is a privilege escalation in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27821 is a stack buffer overflow in gpac gpac. This page lists the verified fix and inline mitigations.
CVE-2026-27826 is a cwe-918: server-side request forgery (ssrf) in Sooperset mcp-atlassian. CVSS 8.2 High. Patch commands, mitigations, and
CVE-2026-27830 is a unsafe deserialization in swaldman c3p0. This page lists the verified fix and inline mitigations.
CVE-2026-27831 is a out-of-bounds read in bluedragonsecurity rldns. This page lists the verified fix and inline mitigations.
CVE-2026-27832 is a SQL injection in Intermesh groupoffice. This page lists the verified fix and inline mitigations.
CVE-2026-27833 is a piwigo: unauthenticated information disclosure via pwg.history.search api in Piwigo, fixed by the same patch as CVE-2026
CVE-2026-27834 is a piwigo: sql injection in pwg.users.getlist api method via filter parameter in Piwigo, fixed by the same patch as CVE-202
CVE-2026-27836 is a missing authorization in thorsten phpMyFAQ. This page lists the verified fix and inline mitigations.
CVE-2026-27841 - CWE-352 Cross-Site request forgery (CSRF) in X3050. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-2785 is a cwe-824 access of uninitialized pointer in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27850 is a security vulnerability in Linksys MR9600. This page lists the verified fix and inline mitigations.
CVE-2026-27851 is a path traversal in OX Dovecot Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27856 is an authentication bypass in OX Dovecot Pro. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-27858 is a vulnerability in OX Dovecot Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2786 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-2787 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27880 is a vulnerability in Grafana. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27885 is a piwigo: sql injection in activity.getlist in Piwigo, fixed by the same patch as CVE-2026-27634.
CVE-2026-27889 is a vulnerability in nats-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2789 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27890 is a buffer overflow in firebird. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27891 is a path traversal in facturascripts. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27893 is an authentication bypass in vllm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27894: LAM has Authenticated Local File Inclusion (LFI) in PDF export in lam. Patch commands and verification.
CVE-2026-27896 is a improper handling of case sensitivity in modelcontextprotocol go-sdk. This page lists the verified fix and inline mitiga
CVE-2026-27899 is a privilege escalation in h44z wg-portal. This page lists the verified fix and inline mitigations.
CVE-2026-2790 is a cwe-346 origin validation error in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27903 is a inefficient algorithmic complexity in isaacs minimatch. This page lists the verified fix and inline mitigations.
CVE-2026-27904 is a regex denial of service in isaacs minimatch. This page lists the verified fix and inline mitigations.
CVE-2026-27905 is a link following / symlink in bentoml BentoML. This page lists the verified fix and inline mitigations.
CVE-2026-27907 is a cwe-191: integer underflow (wrap or wraparound) in Microsoft Windows. This page lists verified fix commands and short-te
CVE-2026-27908 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-27909 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-27910 is a vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27911 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27912 is an improper authorization in Microsoft Windows Server. This page lists verified fix commands and short-term mitigations yo
CVE-2026-27913 is an improper input validation in Microsoft Windows Server. This page lists verified fix commands and short-term mitigations
CVE-2026-27914 is a cwe-284: improper access control in Microsoft Windows. This page lists verified fix commands and short-term mitigations
CVE-2026-27915 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-27916 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-27917 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-27918 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27919 is a cwe-822: untrusted pointer dereference in Microsoft Windows. This page lists verified fix commands and short-term mitiga
CVE-2026-27920 is a cwe-822: untrusted pointer dereference in Microsoft Windows. This page lists verified fix commands and short-term mitiga
CVE-2026-27921 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27922 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-27923 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-27924 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-27926 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27927 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27928 is an improper input validation in Microsoft Windows Server. This page lists verified fix commands and short-term mitigations
CVE-2026-27929 is a vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27932 is a resource exhaustion in authlib joserfc. This page lists the verified fix and inline mitigations.
CVE-2026-27934 is a cwe-201: insertion of sensitive information into sent data in discourse. CVSS 8.7 High. Patch commands, mitigations, and
CVE-2026-27938 is a OS command injection in wp-graphql wp-graphql. This page lists the verified fix and inline mitigations.
CVE-2026-27939 is a authentication bypass in statamic cms. This page lists the verified fix and inline mitigations.
CVE-2026-27940 is a cwe-122: heap-based buffer overflow in Ggml-org llama.cpp. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-27946 is a missing authorization in zitadel zitadel. This page lists the verified fix and inline mitigations.
CVE-2026-2795 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27952 is a code injection in Agenta-AI agenta-api. This page lists the verified fix and inline mitigations.
CVE-2026-27953: CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes in ormar. Patch commands and verific
CVE-2026-27959 is a improper input validation in koajs koa. This page lists the verified fix and inline mitigations.
CVE-2026-27961 is a improper neutralization of special elements used in a template engine in Agenta-AI agenta. This page lists the verified
CVE-2026-27965 is a OS command injection in vitessio vitess. This page lists the verified fix and inline mitigations.
CVE-2026-27967 is a link following / symlink in zed-industries zed. This page lists the verified fix and inline mitigations.
CVE-2026-2797 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27970 is a cross-site scripting in angular angular. This page lists the verified fix and inline mitigations.
CVE-2026-27975 is a improper access control in ajenti ajenti. This page lists the verified fix and inline mitigations.
CVE-2026-27976 is a unix symbolic link (symlink) following in zed-industries zed. This page lists the verified fix and inline mitigations.
CVE-2026-2798 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27981 is a improper restriction of excessive authentication attempts in sysadminsmedia homebox. This page lists the verified fix an
CVE-2026-27985 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Huma
CVE-2026-27986 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX OsTe
CVE-2026-27987 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX The
CVE-2026-27988 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Equa
CVE-2026-27989 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Quan
CVE-2026-2799 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27990 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX ConF
CVE-2026-27991 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Avve
CVE-2026-27992 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Meal
CVE-2026-27993 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Aldo
CVE-2026-27994 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Tedi
CVE-2026-27995 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Just
CVE-2026-27996 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Ling
CVE-2026-27997 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Maxi
CVE-2026-27998 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Vixu
CVE-2026-28006 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Yung
CVE-2026-28007 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Coin
CVE-2026-28009 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Dron
CVE-2026-2801 is a cwe-754 improper check for unusual or exceptional conditions in Mozilla Firefox. This page lists the verified fix and inl
CVE-2026-28010 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Scie
CVE-2026-28011 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Yott
CVE-2026-28012 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Grid
CVE-2026-28013 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Krat
CVE-2026-28014 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Tran
CVE-2026-28015 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Shif
CVE-2026-28016 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Luxu
CVE-2026-28017 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Gree
CVE-2026-28018 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Glob
CVE-2026-28019 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Mano
CVE-2026-28020 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Chro
CVE-2026-28021 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Craf
CVE-2026-28022 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Food
CVE-2026-28023 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Nuts
CVE-2026-28024 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes H
CVE-2026-28025 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Star
CVE-2026-28026 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Moto
CVE-2026-28027 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Kayo
CVE-2026-28028 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Mone
CVE-2026-28029 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Emoj
CVE-2026-2803 is a information exposure in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-28030 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Bonb
CVE-2026-28031 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Inve
CVE-2026-28032 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Tuni
CVE-2026-28033 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Edif
CVE-2026-28034 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Prog
CVE-2026-28035 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Prin
CVE-2026-28037 is a cross-site scripting in ashanjay EventON. This page lists the verified fix and inline mitigations.
CVE-2026-28039 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in wpDataTables
CVE-2026-28041 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-28042 is a cross-site scripting in Astoundify Listify. This page lists the verified fix and inline mitigations.
CVE-2026-28045 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX N7 |
CVE-2026-28046 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Law
CVE-2026-28047 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in magentech Vic
CVE-2026-28048 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in magentech Fla
CVE-2026-28049 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Poli
CVE-2026-28050 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Beac
CVE-2026-28051 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Yach
CVE-2026-28052 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Pete
CVE-2026-28053 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Mill
CVE-2026-28054 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Lega
CVE-2026-28055 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX M.Wi
CVE-2026-28056 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX MCKi
CVE-2026-28057 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Mand
CVE-2026-28058 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Dixo
CVE-2026-28059 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Derm
CVE-2026-28060 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX S.Ki
CVE-2026-28061 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Tige
CVE-2026-28062 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Happ
CVE-2026-28063 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Asia
CVE-2026-28064 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Edge
CVE-2026-28065 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Ejec
CVE-2026-28066 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Legr
CVE-2026-28067 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Bass
CVE-2026-28068 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Rhyt
CVE-2026-28069 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Le T
CVE-2026-28072 is a cross-site scripting in PixFort pixfort Core. This page lists the verified fix and inline mitigations.
CVE-2026-28073: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WP eMember. Patch commands an
CVE-2026-28075 is a cross-site scripting in p-themes Porto. This page lists the verified fix and inline mitigations.
CVE-2026-28076 is a missing authorization in Frenify Guff. This page lists the verified fix and inline mitigations.
CVE-2026-28077 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Vape
CVE-2026-28079 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes C
CVE-2026-28081 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Wind
CVE-2026-28084 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Bazi
CVE-2026-28085 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Maho
CVE-2026-28086 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Run
CVE-2026-28087 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Film
CVE-2026-28088 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Aqua
CVE-2026-28089 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Daiq
CVE-2026-28090 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Game
CVE-2026-28091 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Cole
CVE-2026-28092 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Soun
CVE-2026-28093 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Ozis
CVE-2026-28094 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX RexC
CVE-2026-28095 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Marc
CVE-2026-28096 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Weal
CVE-2026-28097 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Artr
CVE-2026-28098 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Save
CVE-2026-28099 is a cross-site scripting in LambertGroup UberSlider Ultra. This page lists the verified fix and inline mitigations.
CVE-2026-28100 is a cross-site scripting in LambertGroup UberSlider PerpetuumMobile. This page lists the verified fix and inline mitigations
CVE-2026-28101 is a cross-site scripting in LambertGroup UberSlider MouseInteraction. This page lists the verified fix and inline mitigation
CVE-2026-28102 is a cross-site scripting in LambertGroup UberSlider Classic. This page lists the verified fix and inline mitigations.
CVE-2026-28103 is a cross-site scripting in LambertGroup LBG Zoominoutslider. This page lists the verified fix and inline mitigations.
CVE-2026-28107 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Muzi
CVE-2026-28108 is a cross-site scripting in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails. This page lists the verified fix
CVE-2026-28109 is a cross-site scripting in LambertGroup LambertGroup - AllInOne - Content Slider. This page lists the verified fix and inli
CVE-2026-28110 is a cross-site scripting in LambertGroup LambertGroup - AllInOne - Banner with Playlist. This page lists the verified fix an
CVE-2026-28112 is a cross-site scripting in LambertGroup AllInOne - Banner Rotator. This page lists the verified fix and inline mitigations.
CVE-2026-28113 is a cross-site scripting in azzaroco Ultimate Learning Pro. This page lists the verified fix and inline mitigations.
CVE-2026-28117 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes s
CVE-2026-28118 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes W
CVE-2026-28119 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes N
CVE-2026-28120 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Dr.P
CVE-2026-28121 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-28122 is a cross-site scripting in CridioStudio ListingPro. This page lists the verified fix and inline mitigations.
CVE-2026-28123 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-28124 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-28125 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-28126 is a cross-site scripting in sizam RH Frontend Publishing Pro. This page lists the verified fix and inline mitigations.
CVE-2026-28127 is a cross-site scripting in e-plugins Lawyer Directory. This page lists the verified fix and inline mitigations.
CVE-2026-28128 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Vers
CVE-2026-28129 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes L
CVE-2026-28130 is a cross-site scripting in AndonDesign UDesign. This page lists the verified fix and inline mitigations.
CVE-2026-28133 is a unrestricted file upload in WP Chill Filr. This page lists the verified fix and inline mitigations.
CVE-2026-28134 is a code injection in Crocoblock JetEngine. This page lists the verified fix and inline mitigations.
CVE-2026-28135 is a inclusion of functionality from untrusted control sphere in WP Royal Royal Elementor Addons. This page lists the verifie
CVE-2026-28136 is a SQL injection in VeronaLabs WP SMS. This page lists the verified fix and inline mitigations.
CVE-2026-28137 is a cross-site scripting in QuanticaLabs MediCenter - Health Medical Clinic. This page lists the verified fix and inline mit
CVE-2026-28138 is a unsafe deserialization in Stylemix uListing. This page lists the verified fix and inline mitigations.
CVE-2026-2818 is a path traversal in Spring Data Geode. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-28193 is a missing authorization in JetBrains YouTrack. This page lists the verified fix and inline mitigations.
CVE-2026-28201 is a improper input validation in Open Notebook. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-28209 is a OS command injection in FreePBX security-reporting. This page lists the verified fix and inline mitigations.
CVE-2026-28210 is a SQL injection in FreePBX security-reporting. This page lists the verified fix and inline mitigations.
CVE-2026-28211 is a improper neutralization of special elements in data query logic in CyrilleB79 NVDA-Dev-Test-Toolbox. This page lists the
CVE-2026-28212 is a cwe-476: null pointer dereference in firebird. This page lists verified fix commands and short-term mitigations you can
CVE-2026-28216 is a authorization bypass through user-controlled key in hoppscotch hoppscotch. This page lists the verified fix and inline m
CVE-2026-28224 is a cwe-476: null pointer dereference in firebird. This page lists verified fix commands and short-term mitigations you can
CVE-2026-28228 is a server-side template injection in OpenOLAT. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-28253 is a cwe-789 memory allocation with excessive size value in Trane Tracer SC. CVSS 8.7 High. Patch commands, mitigations, and
CVE-2026-28255 is a cwe-798 use of hard-coded credentials in Trane Tracer SC. CVSS 8.2 High. Patch commands, mitigations, and verification.
CVE-2026-28261: CWE-532: Insertion of Sensitive Information into Log File in Elastic Cloud Storage. Patch commands and verification.
CVE-2026-28272 is a cross-site scripting in kiteworks security-advisories. This page lists the verified fix and inline mitigations.
CVE-2026-28274 is a cross-site scripting in Morelitea initiative. This page lists the verified fix and inline mitigations.
CVE-2026-28275 is a insufficient session expiration in Morelitea initiative. This page lists the verified fix and inline mitigations.
CVE-2026-28276 is a information exposure in Morelitea initiative. This page lists the verified fix and inline mitigations.
CVE-2026-28279 is a OS command injection in jmpsec osctrl. This page lists the verified fix and inline mitigations.
CVE-2026-28281 is a instantcms has multiple csrf vulnerabilities in Instantsoft icms2. CVSS 7.1 High. Patch commands, mitigations, and verif
CVE-2026-28284 is a SQL injection in FreePBX security-reporting. This page lists the verified fix and inline mitigations.
CVE-2026-28286 is a external control of file name or path in IceWhaleTech ZimaOS. This page lists the verified fix and inline mitigations.
CVE-2026-28287 is a OS command injection in FreePBX security-reporting. This page lists the verified fix and inline mitigations.
CVE-2026-28291 is an OS command injection in git-js. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-2834 is a cross-site scripting in Age Verification & Identity Verification by Token of Trust. This page lists verified fix commands
CVE-2026-28342 is a resource exhaustion in OliveTin OliveTin. This page lists the verified fix and inline mitigations.
CVE-2026-28356 is a redos in multipart 1.3.0 - `parse_options_header()` in Defnull multipart. CVSS 7.5 High. Patch commands, mitigations, an
CVE-2026-2836 is a cwe-345 insufficient verification of data authenticity in Cloudflare https://github.com/cloudflare/pingora. This page lis
CVE-2026-28364 is a cwe-126 buffer over-read in OCaml OCaml. This page lists the verified fix and inline mitigations.
CVE-2026-28367: a vulnerability in Red Hat build of Apache Camel for Spring. Patched version and vendor advisory inside.
CVE-2026-28368: a vulnerability in Red Hat build of Apache Camel for Spring. Patched version and vendor advisory inside.
CVE-2026-28369: a vulnerability in Red Hat build of Apache Camel for Spring. Patched version and vendor advisory inside.
CVE-2026-28372 is a cwe-829 inclusion of functionality from untrusted control sphere in GNU inetutils. This page lists the verified fix and
CVE-2026-28377 is a vulnerability in Tempo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28387 is a potential use-after-free in dane client code in OpenSSL, fixed by the same patch as CVE-2026-28386.
CVE-2026-28388 is a null pointer dereference when processing a delta crl in OpenSSL, fixed by the same patch as CVE-2026-28386.
CVE-2026-28389 is a possible null dereference when processing cms keyagreerecipientinfo in OpenSSL, fixed by the same patch as CVE-2026-2838
CVE-2026-28390 is a possible null dereference when processing cms keytransportrecipientinfo in OpenSSL, fixed by the same patch as CVE-2026-
CVE-2026-28392 is a incorrect authorization in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28393 is a path traversal in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28400 is a exposed dangerous method or function in docker model-runner. This page lists the verified fix and inline mitigations.
CVE-2026-28402 is a improper validation of integrity check value in nimiq core-rs-albatross. This page lists the verified fix and inline mit
CVE-2026-28403 is a origin validation error in f textream. This page lists the verified fix and inline mitigations.
CVE-2026-28405 is a cross-site scripting in MarkUsProject Markus. This page lists the verified fix and inline mitigations.
CVE-2026-28406 is a path traversal in chainguard-forks kaniko. This page lists the verified fix and inline mitigations.
CVE-2026-28414 is a absolute path traversal in gradio-app gradio. This page lists the verified fix and inline mitigations.
CVE-2026-28416 is a SSRF in gradio-app gradio. This page lists the verified fix and inline mitigations.
CVE-2026-28425 is a code injection in statamic cms. This page lists the verified fix and inline mitigations.
CVE-2026-28426 is a cross-site scripting in statamic cms. This page lists the verified fix and inline mitigations.
CVE-2026-28429 is a path traversal in Talishar Talishar. This page lists the verified fix and inline mitigations.
CVE-2026-28432 is a http signature verification can be bypassed in Misskey-dev misskey. CVSS 7.1 High. Patch commands, mitigations, and veri
CVE-2026-28435 is a denial of service via resource consumption in yhirose cpp-httplib. This page lists the verified fix and inline mitigatio
CVE-2026-28442 is a external control of file name or path in IceWhaleTech ZimaOS. This page lists the verified fix and inline mitigations.
CVE-2026-28445 is a cross-site scripting (XSS) in typebot.io. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-28447 is a path traversal in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28450 is a missing authentication in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28453 is a path traversal in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28454 is a insufficient verification of data authenticity in OpenClaw OpenClaw. This page lists the verified fix and inline mitigat
CVE-2026-28456 is a uncontrolled search path element in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28458 is a missing authentication in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28459 is a external control of file name or path in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-2846 is an OS command injection in HiPER 520. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-28461: CWE-770: Allocation of Resources Without Limits or Throttling in OpenClaw. Patch commands and verification.
CVE-2026-28462 is a path traversal in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28463 is a OS command injection in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28464 is a observable timing discrepancy in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28465 is a cwe-290 authentication bypass by spoofing in OpenClaw voice-call. This page lists the verified fix and inline mitigation
CVE-2026-28468 is a missing authentication in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28469 is a authorization bypass through user-controlled key in OpenClaw OpenClaw. This page lists the verified fix and inline mitig
CVE-2026-2847 is an OS command injection in HiPER 520. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-28473 is a incorrect authorization in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28478 is a resource exhaustion in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28479 is a broken cryptography in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28482 is a path traversal in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28485 is a missing authentication in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28490: Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle in authlib. Patch commands and verification.
CVE-2026-28492 is a information exposure in filebrowser filebrowser. This page lists the verified fix and inline mitigations.
CVE-2026-28494 is a cwe-121: stack-based buffer overflow in ImageMagick. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-28498: Authlib: Fail-Open Cryptographic Verification in OIDC Hash Binding in authlib. Patch commands and verification.
CVE-2026-28500 is a cwe-345: insufficient verification of data authenticity in onnx. CVSS 8.6 High. Patch commands, mitigations, and verific
CVE-2026-28505 is a code injection in Tautulli. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28507 is a OS command injection in idno idno. This page lists the verified fix and inline mitigations.
CVE-2026-28512: Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion in pocket-id. Patch commands and verification.
CVE-2026-28513 is a cwe-863: incorrect authorization in pocket-id. CVSS 8.5 High. Patch commands, mitigations, and verification.
CVE-2026-28518 is a path traversal in Volcengine OpenViking. This page lists the verified fix and inline mitigations.
CVE-2026-28519: arduino-TuyaOpen DnsServer Heap-Based Buffer Overflow Remote Code Execution in arduino-TuyaOpen. Patch commands and verifica
CVE-2026-28520: arduino-TuyaOpen WiFiMulti Single-Byte Buffer Overflow Remote Code Execution in arduino-TuyaOpen. Patch commands and verific
CVE-2026-28521: arduino-TuyaOpen TuyaIoT Out-of-Bounds Memory Read Information Disclosure in arduino-TuyaOpen. Patch commands and verificati
CVE-2026-28522: arduino-TuyaOpen WiFiUDP Null Pointer Dereference Denial of Service in arduino-TuyaOpen. Patch commands and verification.
CVE-2026-28525 - CWE-191 Integer Underflow (Wrap or Wraparound) in swupdate. Runnable patch commands, mitigation, and verification on this p
CVE-2026-28529 is an use-after-free in cryptodev-linux. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2853 is a stack-based buffer overflow in DWR-M960. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-2854 is a stack-based buffer overflow in DWR-M960. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-28542 is a cwe-755 improper handling of exceptional conditions in Huawei HarmonyOS. This page lists the verified fix and inline mit
CVE-2026-28548 is a privilege escalation in Huawei HarmonyOS. This page lists the verified fix and inline mitigations.
CVE-2026-2855 is a stack-based buffer overflow in DWR-M960. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-28557 is a missing authorization in gVectors Team wpForo Forum. This page lists the verified fix and inline mitigations.
CVE-2026-2856 is a stack-based buffer overflow in DWR-M960. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-28562 is a SQL injection in gVectors Team wpForo Forum. This page lists the verified fix and inline mitigations.
CVE-2026-2857 is a stack-based buffer overflow in DWR-M960. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-28673: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in xiaoheiFS. Patch comma
CVE-2026-28674: CWE-434: Unrestricted Upload of File with Dangerous Type in xiaoheiFS. Patch commands and verification.
CVE-2026-28676 is a path traversal in OpenSift OpenSift. This page lists the verified fix and inline mitigations.
CVE-2026-28677 is a SSRF in OpenSift OpenSift. This page lists the verified fix and inline mitigations.
CVE-2026-28678: dsa-hub-server: Clear-Text Storage of Sensitive Data in DSA-with-tsx. Patch commands and verification.
CVE-2026-28679 is a path traversal in xemle home-gallery. This page lists the verified fix and inline mitigations.
CVE-2026-28681 is a open redirect in irrdnet irrd. This page lists the verified fix and inline mitigations.
CVE-2026-28683 is a cross-site scripting in Forceu Gokapi. This page lists the verified fix and inline mitigations.
CVE-2026-28691: ImageMagick has an uninitialized pointer dereference in JBIG decoder in ImageMagick. Patch commands and verification.
CVE-2026-28693 is a cwe-125: out-of-bounds read in ImageMagick. CVSS 8.1 High. Patch commands, mitigations, and verification.
CVE-2026-28695 is a improper neutralization of special elements used in a template engine in craftcms cms. This page lists the verified fix
CVE-2026-28696 is a authorization bypass through user-controlled key in craftcms cms. This page lists the verified fix and inline mitigation
CVE-2026-2870 is a stack buffer overflow in Tenda A21. This page lists the verified fix and inline mitigations.
CVE-2026-28703 is a stored xss in Zohocorp ManageEngine Exchange Reporter Plus, fixed by the same patch as CVE-2026-3879.
CVE-2026-28704 is an uncontrolled search path element in Emocheck. This page lists verified fix commands and short-term mitigations you can
CVE-2026-2871 is a stack buffer overflow in Tenda A21. This page lists the verified fix and inline mitigations.
CVE-2026-28710 is a cwe-1390 in Acronis Acronis Cyber Protect 17. This page lists the verified fix and inline mitigations.
CVE-2026-28713 is a cwe-1392 in Acronis Acronis Cyber Protect Cloud Agent. This page lists the verified fix and inline mitigations.
CVE-2026-2872 is a stack buffer overflow in Tenda A21. This page lists the verified fix and inline mitigations.
CVE-2026-28721 is a cwe-610 in Acronis Acronis Cyber Protect 17. This page lists the verified fix and inline mitigations.
CVE-2026-28722 is a cwe-610 in Acronis Acronis Cyber Protect 17. This page lists the verified fix and inline mitigations.
CVE-2026-28727 is a cwe-276 in Acronis Acronis Cyber Protect 17. This page lists the verified fix and inline mitigations.
CVE-2026-2873 is a stack buffer overflow in Tenda A21. This page lists the verified fix and inline mitigations.
CVE-2026-2874 is a stack buffer overflow in Tenda A21. This page lists the verified fix and inline mitigations.
CVE-2026-28747 - CWE-639 in MS-Cxx63-PD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-28754 is a stored xss in Zohocorp ManageEngine Exchange Reporter Plus, fixed by the same patch as CVE-2026-3879.
CVE-2026-28756 is a stored xss in Zohocorp ManageEngine Exchange Reporter Plus, fixed by the same patch as CVE-2026-3879.
CVE-2026-2876 is a stack buffer overflow in Tenda A18. This page lists the verified fix and inline mitigations.
CVE-2026-28760: a vulnerability in RATOC RAID Monitoring Manager for Window. Patched version and vendor advisory inside.
CVE-2026-28761: a cross-site request forgery (CSRF) in Musetheque V4 Information Disclosure for. Patched version and vendor advisory inside.
CVE-2026-28764 is a path traversal in MediaInfoLib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2877 is a stack buffer overflow in Tenda A18. This page lists the verified fix and inline mitigations.
CVE-2026-28776 is a hardcoded credentials in International Datacasting Corporation (IDC) IDC SFX2100 SuperFlex Satellite Receiver. This page
CVE-2026-28778 is a hardcoded credentials in International Datacasting Corporation (IDC) IDC SFX2100 SuperFlex Satellite Receiver. This page
CVE-2026-28779: CWE-668: Exposure of Resource to Wrong Sphere in Apache Airflow. Patch commands and verification.
CVE-2026-28781 is a authorization bypass through user-controlled key in craftcms cms. This page lists the verified fix and inline mitigation
CVE-2026-28784 is a improper neutralization of special elements used in a template engine in craftcms cms. This page lists the verified fix
CVE-2026-28787 is a authentication bypass in OneUptime oneuptime. This page lists the verified fix and inline mitigations.
CVE-2026-28788 is a vulnerability in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28789 is a concurrent execution using shared resource with improper synchronization ('race condition') in OliveTin OliveTin. This p
CVE-2026-28790 is a improper access control in OliveTin OliveTin. This page lists the verified fix and inline mitigations.
CVE-2026-28791 is a path traversal in media upload handle in tina in tinacms. CVSS 7.4 High. Patch commands, mitigations, and verification.
CVE-2026-28793: Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS in cli. Patch commands and verification.
CVE-2026-28795 is a path traversal in zhongyu09 openchatbi. This page lists the verified fix and inline mitigations.
CVE-2026-28797 is a cwe-20: improper input validation in Infiniflow ragflow. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-28799 is a use-after-free in pjsip pjproject. This page lists the verified fix and inline mitigations.
CVE-2026-2880 is a improper input validation in @fastify/middie @fastify/middie. This page lists the verified fix and inline mitigations.
CVE-2026-28802 is a improper verification of cryptographic signature in authlib authlib. This page lists the verified fix and inline mitigat
CVE-2026-28805: OpenSTAManager: Time-Based Blind SQL Injection via `options[stato]` Parameter in openstamanager. Patch commands and verifica
CVE-2026-28807: Path Traversal in wisp.serve_static allows arbitrary file read in wisp. Patch commands and verification.
CVE-2026-28808 is a incorrect authorization in Erlang OTP. CVSS 8.3 High. Patch commands, mitigations, and verification.
CVE-2026-2881 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-28815: A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation p
CVE-2026-2882 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-2883 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-2884 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-28840 is a improper privilege management in macOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-28846 is a stack-based buffer overflow in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-28847 improper restriction of operations within the bounds of a memory buffer in Safari. Runnable upgrade commands and verification
CVE-2026-28848 is a stack-based buffer overflow in macOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-2885 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-2886 is a stack buffer overflow in Tenda A21. This page lists the verified fix and inline mitigations.
CVE-2026-28860 is a improper input validation in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-28872 is a uncontrolled resource consumption in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-28873 is a incorrect authorization in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-28883 is a use after free in Safari. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-2890: CWE-862 Missing Authorization in Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form
CVE-2026-28904 improper restriction of operations within the bounds of a memory buffer in Safari. Runnable upgrade commands and verification
CVE-2026-28905 improper restriction of operations within the bounds of a memory buffer in Safari. Runnable upgrade commands and verification
CVE-2026-28906 exposure of private personal information to an unauthorized actor in iOS and iPadOS. Runnable upgrade commands and verificati
CVE-2026-28907 is a improper encoding or escaping of output in Safari. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-28908 is a uncontrolled resource consumption in macOS. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-28913 improper restriction of operations within the bounds of a memory buffer in Safari. Runnable upgrade commands and verification
CVE-2026-28915 improper limitation of a pathname to a restricted directory ('path traversal') in macOS. Runnable upgrade commands and verifi
CVE-2026-28919 is a improper privilege management in macOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-2892 - CWE-285 Improper Authorization in Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE. Runnable patch c
CVE-2026-28923 insertion of sensitive information into log file in macOS. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-28924 concurrent execution using shared resource with improper synchronization ('race in macOS. Runnable upgrade commands and verif
CVE-2026-28925 buffer copy without checking size of input ('classic buffer overflow') in macOS. Runnable upgrade commands and verification s
CVE-2026-28929 is a incorrect comparison logic granularity in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify
CVE-2026-28930 is a improper access control in macOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-28936 is a improper input validation in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-28940 improper restriction of operations within the bounds of a memory buffer in iOS and iPadOS. Runnable upgrade commands and veri
CVE-2026-28941 improper restriction of operations within the bounds of a memory buffer in iOS and iPadOS. Runnable upgrade commands and veri
CVE-2026-28943 insertion of sensitive information into log file in iOS and iPadOS. Runnable upgrade commands and verification steps for sysa
CVE-2026-28944 improper restriction of operations within the bounds of a memory buffer in Safari. Runnable upgrade commands and verification
CVE-2026-28947 is a use after free in Safari. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-28951 is a incorrect authorization in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-28952 is a integer overflow or wraparound in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-28953 improper restriction of operations within the bounds of a memory buffer in Safari. Runnable upgrade commands and verification
CVE-2026-28954 is a authentication bypass by spoofing in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-28955 improper restriction of operations within the bounds of a memory buffer in Safari. Runnable upgrade commands and verification
CVE-2026-28959 buffer copy without checking size of input ('classic buffer overflow') in iOS and iPadOS. Runnable upgrade commands and verif
CVE-2026-28962 exposure of sensitive information to an unauthorized actor in Safari. Runnable upgrade commands and verification steps for sy
CVE-2026-28964 user interface (ui) misrepresentation of critical information in iOS and iPadOS. Runnable upgrade commands and verification s
CVE-2026-28965 is a improper access control in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-28969 is a use after free in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-28974 is a improper access control in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-28976 exposure of sensitive information to an unauthorized actor in macOS. Runnable upgrade commands and verification steps for sys
CVE-2026-28978 is a improper access control in macOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-28983 access of resource using incompatible type ('type confusion') in iOS and iPadOS. Runnable upgrade commands and verification s
CVE-2026-28986 concurrent execution using shared resource with improper synchronization ('race in iOS and iPadOS. Runnable upgrade commands
CVE-2026-28987 insertion of sensitive information into log file in iOS and iPadOS. Runnable upgrade commands and verification steps for sysa
CVE-2026-28990 improper restriction of operations within the bounds of a memory buffer in iOS and iPadOS. Runnable upgrade commands and veri
CVE-2026-28991 is a out-of-bounds read in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-28995 is a improper privilege management in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-29002 is an authorization bypass through user-controlled key in CouchCMS. This page lists verified fix commands and short-term miti
CVE-2026-29004 is a heap-based buffer overflow in busybox mirror. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-29013 is an out-of-bounds read in libcoap. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-29039 is a code injection in dgtlmoon changedetection.io. This page lists the verified fix and inline mitigations.
CVE-2026-2904 is a buffer overflow in UTT HiPER 810G. This page lists the verified fix and inline mitigations.
CVE-2026-29041 is a unrestricted file upload in chamilo chamilo-lms. This page lists the verified fix and inline mitigations.
CVE-2026-29042 is a failure to sanitize special elements into a different plane (special element injection) in nuclio nuclio. This page list
CVE-2026-29045 is a improper handling of url encoding (hex encoding) in honojs hono. This page lists the verified fix and inline mitigations
CVE-2026-29047 is a glpi has an authenticated sql injection via log exports in Glpi-project glpi, fixed by the same patch as CVE-2026-25932.
CVE-2026-2905 is a stack buffer overflow in Tenda HG9. This page lists the verified fix and inline mitigations.
CVE-2026-29053 is a improper neutralization of special elements in output used by a downstream component ('injection') in TryGhost Ghost. Th
CVE-2026-29054 is a improper handling of case sensitivity in traefik traefik. This page lists the verified fix and inline mitigations.
CVE-2026-29056: CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes in kanboard. Patch commands and veri
CVE-2026-2906 is a stack buffer overflow in Tenda HG9. This page lists the verified fix and inline mitigations.
CVE-2026-29062 is a resource exhaustion in FasterXML jackson-core. This page lists the verified fix and inline mitigations.
CVE-2026-29063 is a improperly controlled modification of object prototype attributes ('prototype pollution') in immutable-js immutable-js.
CVE-2026-29064 is a path traversal in zarf-dev zarf. This page lists the verified fix and inline mitigations.
CVE-2026-29065 is a path traversal in dgtlmoon changedetection.io. This page lists the verified fix and inline mitigations.
CVE-2026-29067: ZITADEL: Account Takeover Due to Improper Instance Validation in V2 Login in zitadel. Patch commands and verification.
CVE-2026-29068 is a stack buffer overflow in pjsip pjproject. This page lists the verified fix and inline mitigations.
CVE-2026-2907 is a stack buffer overflow in Tenda HG9. This page lists the verified fix and inline mitigations.
CVE-2026-29072: Discourse missing permission check for policy creation in discourse-policy in discourse. Patch commands and verification.
CVE-2026-29074 is a improper restriction of recursive entity references in dtds ('xml entity expansion') in svg svgo. This page lists the ve
CVE-2026-29075 is a code injection in mesa mesa. This page lists the verified fix and inline mitigations.
CVE-2026-29077 is a improper access control in frappe frappe. This page lists the verified fix and inline mitigations.
CVE-2026-29078 is a integer underflow in lexbor iso‑2022‑jp encoder in lexbor. CVSS 8.2 High. Patch commands, mitigations, and verification.
CVE-2026-29079 is a type confusion in lexbor fragment parser in lexbor. CVSS 8.2 High. Patch commands, mitigations, and verification.
CVE-2026-2908 is a stack buffer overflow in Tenda HG9. This page lists the verified fix and inline mitigations.
CVE-2026-29082 is a cross-site scripting in kestra-io kestra. This page lists the verified fix and inline mitigations.
CVE-2026-29087 is a incorrect authorization in honojs node-server. This page lists the verified fix and inline mitigations.
CVE-2026-29089 is a untrusted search path in timescale timescaledb. This page lists the verified fix and inline mitigations.
CVE-2026-2909 is a stack buffer overflow in Tenda HG9. This page lists the verified fix and inline mitigations.
CVE-2026-29091 is a improper neutralization of directives in dynamically evaluated code ('eval injection') in locutusjs locutus. This page l
CVE-2026-29093 is a authentication bypass in WWBN AVideo. This page lists the verified fix and inline mitigations.
CVE-2026-29096: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM. Patch commands and
CVE-2026-29097: SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet in SuiteCRM. Patch commands and verification
CVE-2026-29099: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM. Patch commands and
CVE-2026-2910 is a stack buffer overflow in Tenda HG9. This page lists the verified fix and inline mitigations.
CVE-2026-29100: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in SuiteCRM. Patch commands and
CVE-2026-29102 is a suitecrm has authenticated rce in modules in SuiteCRM. CVSS 7.2 High. Patch commands, mitigations, and verification.
CVE-2026-29109 is a cwe-502: deserialization of untrusted data in SuiteCRM-Core. CVSS 8.6 High. Patch commands, mitigations, and verificatio
CVE-2026-2911 is a buffer overflow in Tenda FH451. This page lists the verified fix and inline mitigations.
CVE-2026-29112: CWE-770: Allocation of Resources Without Limits or Throttling in dicebear. Patch commands and verification.
CVE-2026-29119 is a hardcoded credentials in International Datacasting Corporation (IDC) SFX2100 Series SuperFlex SatelliteReceiver. This pa
CVE-2026-29121 is a privilege escalation in International Datacasting Corporation SFX2100 Satellite Receiver. This page lists the verified f
CVE-2026-29122 is a privilege escalation in International Datacasting Corporation SFX2100 Satellite Receiver. This page lists the verified f
CVE-2026-29123 is a privilege escalation in International Datacasting Corporation SFX2100 Satellite Receiver. This page lists the verified f
CVE-2026-29124 is a privilege escalation in International Datacasting Corporation SFX2100 Satellite Receiver. This page lists the verified f
CVE-2026-29125 is a incorrect permission assignment in International Datacasting Corporation SFX2100 Satellite Receiver. This page lists the
CVE-2026-29126 is a incorrect permission assignment in International Datacasting Corporation SFX2100 Satellite Receiver. This page lists the
CVE-2026-29128 is a weak credential storage in International Datacasting Corporation SFX2100 Satellite Receiver. This page lists the verifie
CVE-2026-29129 is an use of a broken or risky in Apache Tomcat. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-29139 is a gina state confusion account takeover in Seppmail Secure Email Gateway, fixed by the same patch as CVE-2026-29131.
CVE-2026-2914 is a privilege escalation in CyberArk Software, a Palo Alto Networks Company Endpoint Privilege Manager Agent. This page lists
CVE-2026-29140 is a s/mime signature additional certificate in Seppmail Secure Email Gateway, fixed by the same patch as CVE-2026-29131.
CVE-2026-29141 is a bounded subject tag sanitization in Seppmail Secure Email Gateway, fixed by the same patch as CVE-2026-29131.
CVE-2026-29143 is a s/mime decryption impersonation in Seppmail Secure Email Gateway, fixed by the same patch as CVE-2026-29131.
CVE-2026-29144 is a unicode subject tags in Seppmail Secure Email Gateway, fixed by the same patch as CVE-2026-29131.
CVE-2026-29146 is a generation of error message containing sensitive in Apache Tomcat. This page lists verified fix commands and short-term
CVE-2026-29168 allocation of resources without limits or throttling in Apache HTTP Server. Runnable upgrade commands and verification steps
CVE-2026-29169 is a null pointer dereference in Apache HTTP Server. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-29172: Craft Commerce has a SQL Injection in Commerce Purchasables Table Sorting in commerce. Patch commands and verification.
CVE-2026-29174: Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting in commerce. Patch commands and verification.
CVE-2026-29175: Multiple Stored XSS in Commerce Inventory Page Leading to Session Hijacking in commerce. Patch commands and verification.
CVE-2026-29178 is a SSRF in LemmyNet lemmy. This page lists the verified fix and inline mitigations.
CVE-2026-29181: CWE-770: Allocation of Resources Without Limits or Throttling in opentelemetry-go. Patch commands and verification.
CVE-2026-29182 is a incorrect authorization in parse-community parse-server. This page lists the verified fix and inline mitigations.
CVE-2026-29186 is a cwe-434: unrestricted upload of file with dangerous type in backstage. CVSS 7.7 High. Patch commands, mitigations, and v
CVE-2026-29187 is a SQL injection in openemr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-29189 is a cwe-639: authorization bypass through user-controlled key in SuiteCRM. CVSS 8.1 High. Patch commands, mitigations, and v
CVE-2026-29192: ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover in zitadel. Patch commands and verification.
CVE-2026-29193: ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2 in zitadel. Patch commands and verification.
CVE-2026-29194: Netmaker: Insufficient Authorization in Host Token Verification in netmaker. Patch commands and verification.
CVE-2026-29196 is a cwe-863: incorrect authorization in Gravitl netmaker. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-29199 weak password recovery mechanism for forgotten password in phpBB. Runnable upgrade commands and verification steps for sysadm
CVE-2026-2920 is a cwe-122: heap-based buffer overflow in GStreamer. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-29201 is a relative path traversal in cPanel. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-29205 is a path traversal in cPanel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-29206 is a SQL injection in cPanel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2921: GStreamer RIFF Palette Integer Overflow Remote Code Execution in GStreamer. Patch commands and verification.
CVE-2026-2922 is a cwe-787: out-of-bounds write in GStreamer. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-2923: GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution in GStreamer. Patch commands and verification.
CVE-2026-2925 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-2926 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-2927 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-2928 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-2929 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-2931: a vulnerability in Booking for Appointments and Events Cale. Patched version and vendor advisory inside.
CVE-2026-2935 is a buffer overflow in UTT HiPER 810G. This page lists the verified fix and inline mitigations.
CVE-2026-2936: Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting in Visitor Traffic Real Time Statis
CVE-2026-2941 is a vulnerability in Linksy Search and Replace. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-29514 is a permissive list of allowed inputs in netbox. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-29518 is a race condition in rsync. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-29522: ZwickRoell Test Data Management < 3.0.8 Path Traversal LFI in Test Data Management. Patch commands and verification.
CVE-2026-2958 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-2959 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-2960 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-29607: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) in OpenClaw. Patch comma
CVE-2026-29609 is a resource exhaustion in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-2961 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-29610 is a uncontrolled search path element in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-29611 is a external control of file name or path in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-29613 is a missing authentication in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-2962 is a stack buffer overflow in D-Link DWR-M960. This page lists the verified fix and inline mitigations.
CVE-2026-29642 is an internal asset exposed to unsafe debug in CSR. This page lists verified fix commands and short-term mitigations you can
CVE-2026-29643 is a check or handling of exceptional conditions in XiangShan. This page lists verified fix commands and short-term mitigatio
CVE-2026-29645 is a calculation of buffer size in NEMU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-29648 is an improper privilege management in In OpenXiangShan. This page lists verified fix commands and short-term mitigations you
CVE-2026-29771: Netmaker: Denial of Service via Server Shutdown Endpoint in netmaker. Patch commands and verification.
CVE-2026-29778: pyLoad: Arbitrary File Write via Path Traversal in edit_package() in pyload. Patch commands and verification.
CVE-2026-29779: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in UptimeFlare. Patch commands and verification.
CVE-2026-29782: OpenSTAManager: Remote Code Execution via Insecure Deserialization in OAuth2 in openstamanager. Patch commands and verificat
CVE-2026-29783: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in copilot-cli. Patch com
CVE-2026-29784 is a ghost: incomplete csrf protections around otc use in Tryghost Ghost. CVSS 7.5 High. Patch commands, mitigations, and ver
CVE-2026-29785 is a vulnerability in nats-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-29786 is a path traversal in isaacs node-tar. This page lists the verified fix and inline mitigations.
CVE-2026-29788 is a unverified ownership in miraheze TSPortal. This page lists the verified fix and inline mitigations.
CVE-2026-2980 is a buffer overflow in UTT HiPER 810G. This page lists the verified fix and inline mitigations.
CVE-2026-2981 is a buffer overflow in UTT HiPER 810G. This page lists the verified fix and inline mitigations.
CVE-2026-29856 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-29858 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-29870 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-2991: CWE-287 Improper Authentication in KiviCare – Clinic & Patient Management System (EHR). Patch commands and verification.
CVE-2026-2992: CWE-862 Missing Authorization in KiviCare – Clinic & Patient Management System (EHR). Patch commands and verification.
CVE-2026-29923 is an improper privilege management in The. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-2993: a SQL injection in AI Chatbot & Workflow Automation by AIWU. Patched version and vendor advisory inside.
CVE-2026-2995 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-29955 is a code injection in The. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-29972 is a stack-based buffer overflow in the affected product. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-29974 is a stack-based buffer overflow in the affected product. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-29975 loop with unreachable exit condition ('infinite loop') in the affected product. Runnable upgrade commands and verification st
CVE-2026-2998 is a untrusted search path in eAI Technologies ERP F2. This page lists the verified fix and inline mitigations.
CVE-2026-3003 is a vulnerability in Vagaro Booking Widget. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-3006 - Race Condition Vulnerability in WinFSP. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-30075 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30078 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30080 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-3009 is a incorrect authorization in Red Hat Red Hat build of Keycloak 26.4. This page lists the verified fix and inline mitigation
CVE-2026-3013 is a path traversal in coppermine photo gallery in Coppermine Photo Gallery. CVSS 8.7 High. Patch commands, mitigations, and v
CVE-2026-30140 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-3015 is a buffer overflow in UTT HiPER 810G. This page lists the verified fix and inline mitigations.
CVE-2026-3016 is a buffer overflow in UTT HiPER 810G. This page lists the verified fix and inline mitigations.
CVE-2026-3017 is a deserialization of untrusted data in Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts. This p
CVE-2026-3020: CWE-639 Authorization bypass through User-Controlled key in Wakyma application web. Patch commands and verification.
CVE-2026-3021: CWE-943: Improper Neutralization of Special Elements in Data Query Logic in Wakyma application web. Patch commands and verifi
CVE-2026-3022: CWE-943: Improper Neutralization of Special Elements in Data Query Logic in Wakyma application web. Patch commands and verifi
CVE-2026-30223 is a authentication bypass in OliveTin OliveTin. This page lists the verified fix and inline mitigations.
CVE-2026-30229 is a incorrect authorization in parse-community parse-server. This page lists the verified fix and inline mitigations.
CVE-2026-30230 is a authorization bypass through user-controlled key in FlintSH Flare. This page lists the verified fix and inline mitigatio
CVE-2026-30232 is a server-side request forgery in chartbrew. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-30242 is a SSRF in makeplane plane. This page lists the verified fix and inline mitigations.
CVE-2026-30244 is a improper access control in makeplane plane. This page lists the verified fix and inline mitigations.
CVE-2026-30266 is an insecure inherited permissions in Insecure Permissions. This page lists verified fix commands and short-term mitigation
CVE-2026-30273 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30277 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30279 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30284 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30287 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30289 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-3029 is a cve-2026-3029 in Artifex Software Inc. *pymupdf* PyMuPDF. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-30290 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30291 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30292 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30309 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30332 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30345 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-30350 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-30351 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-30363 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-30364 is a stack buffer overflow in CentSDR. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3037 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-3038: Local DoS and possible privilege escalation via routing sockets in FreeBSD. Patch commands and verification.
CVE-2026-3039 is an OS command injection in BIND 9. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-30403 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-30404 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-30405 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-3044 is a stack buffer overflow in Tenda AC8. This page lists the verified fix and inline mitigations.
CVE-2026-3045: CWE-862 Missing Authorization in Appointment Booking Calendar, Simply Schedule Appointments Booking Plugin. Patch commands an
CVE-2026-30459 is a weak password recovery mechanism for forgotten in An. This page lists verified fix commands and short-term mitigations y
CVE-2026-30460 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30461 is a command injection in Daylight Studio. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-3047 is a authentication bypass by primary weakness in Red Hat Red Hat build of Keycloak 26.2. This page lists the verified fix and
CVE-2026-30478 is an uncontrolled search path element in Dynamic. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-30495 is a improper authorization in the affected product. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-30573 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-3061 is a out-of-bounds read in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-30615 is a command injection in Windsurf. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30616 is a command injection in Jaaz. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30617 is a command injection in LangChain. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3062 is a out-of-bounds read in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-30624 is a command injection in Agent Zero. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3063 is a security vulnerability in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-30635 improper neutralization of special elements used in an os command ('os command i in the affected product. Runnable upgrade co
CVE-2026-30656 is a null pointer dereference in NULL. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30707 is a n/a in the vendor n/a. CVSS 8.1 High. Patch commands, mitigations, and verification.
CVE-2026-3071 is a unsafe deserialization in Flair Flair. This page lists the verified fix and inline mitigations.
CVE-2026-30711 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-30769 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-30778 is an exposure of sensitive information through data in Apache SkyWalking. This page lists verified fix commands and short-te
CVE-2026-30783 is a cwe-602 in rustdesk-client RustDesk Client. This page lists the verified fix and inline mitigations.
CVE-2026-30784 is a missing authorization in rustdesk-server RustDesk Server. This page lists the verified fix and inline mitigations.
CVE-2026-30785 is a cwe-257 in rustdesk-client RustDesk Client. This page lists the verified fix and inline mitigations.
CVE-2026-30791 is a broken cryptography in rustdesk-client RustDesk Client. This page lists the verified fix and inline mitigations.
CVE-2026-30795 is a cwe-319 cleartext transmission of sensitive information in rustdesk-client RustDesk Client. This page lists the verified
CVE-2026-30796 is a cwe-319 cleartext transmission of sensitive information in rustdesk-server-pro RustDesk Server Pro. This page lists the
CVE-2026-30798 is a cwe-345 insufficient verification of data authenticity in rustdesk-client RustDesk Client. This page lists the verified
CVE-2026-30804 is an unrestricted file upload in Pandora FMS. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-30806 is an OS command injection in Pandora FMS. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-30807: a cross-site request forgery (CSRF) in Pandora FMS. Patched version and vendor advisory inside.
CVE-2026-30808 is a vulnerability in Pandora FMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-30809 is an OS command injection in Pandora FMS. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-3081 is a cwe-121: stack-based buffer overflow in GStreamer. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-30810: a server-side request forgery (SSRF) in Pandora FMS. Patched version and vendor advisory inside.
CVE-2026-30811 is a default permissions in Pandora FMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30813 is a SQL injection in Pandora FMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30814: Buffer Overflow Vulnerability in TP-Link AX53 in AX53 v1.0. Patch commands and verification.
CVE-2026-30815: bundle sibling of CVE-2026-30814. Same patched build closes both.
CVE-2026-30818: bundle sibling of CVE-2026-30814. Same patched build closes both.
CVE-2026-3082 is a cwe-122: heap-based buffer overflow in GStreamer. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-30820 is a incorrect authorization in FlowiseAI Flowise. This page lists the verified fix and inline mitigations.
CVE-2026-30821 is a unrestricted file upload in FlowiseAI Flowise. This page lists the verified fix and inline mitigations.
CVE-2026-30822 is a improperly controlled modification of dynamically-determined object attributes in FlowiseAI Flowise. This page lists the
CVE-2026-30823 is a authorization bypass through user-controlled key in FlowiseAI Flowise. This page lists the verified fix and inline mitig
CVE-2026-30824 is a missing authentication in FlowiseAI Flowise. This page lists the verified fix and inline mitigations.
CVE-2026-30827 is a resource exhaustion in express-rate-limit express-rate-limit. This page lists the verified fix and inline mitigations.
CVE-2026-30828 is a path traversal: '..filename' in ellite Wallos. This page lists the verified fix and inline mitigations.
CVE-2026-3083: GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution in GStreamer. Patch commands and verification.
CVE-2026-30831 is a authentication bypass in RocketChat Rocket.Chat. This page lists the verified fix and inline mitigations.
CVE-2026-30834 is a SSRF in pinchtab pinchtab. This page lists the verified fix and inline mitigations.
CVE-2026-30837 is a elysia has a string url format redos in Elysiajs elysia. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-3084 is a cwe-191: integer underflow (wrap or wraparound) in GStreamer. CVSS 7.8 High. Patch commands, mitigations, and verificatio
CVE-2026-30840 is a SSRF in ellite Wallos. This page lists the verified fix and inline mitigations.
CVE-2026-30846 is a missing authentication in Wekan Wekan. This page lists the verified fix and inline mitigations.
CVE-2026-3085 is a cwe-122: heap-based buffer overflow in GStreamer. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-30851 is a authentication bypass in caddyserver caddy. This page lists the verified fix and inline mitigations.
CVE-2026-30855 is a improper access control in Tencent WeKnora. This page lists the verified fix and inline mitigations.
CVE-2026-3086 is a cwe-787: out-of-bounds write in GStreamer. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-30875 is a chamilo lms: authenticated rce via h5p import in chamilo-lms. CVSS 8.8 High. Patch commands, mitigations, and verificati
CVE-2026-30881: Chamilo LMS: SQL Injection in the statistics AJAX endpoint in chamilo-lms. Patch commands and verification.
CVE-2026-30896 is a uncontrolled search path element in Qsee Client. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-30898 is a command injection in Apache Airflow. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3090: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Post SMTP – Complete Email Del
CVE-2026-30900: Zoom Workplace Clients for Windows - Improper Check in Zoom Workplace. Patch commands and verification.
CVE-2026-30901: Zoom Rooms for Windows - Improper Input Validation in Zoom Rooms. Patch commands and verification.
CVE-2026-30902: Zoom Clients for Windows - Improper Privilege Management in Zoom Workplace. Patch commands and verification.
CVE-2026-30905: an arbitrary file read in Zoom Workplace VDI Plugin. Patched version and vendor advisory inside.
CVE-2026-30906 is a vulnerability in Zoom Rooms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-30910 is a cwe-190 integer overflow or wraparound in Iamb Crypt::Sodium::XS. CVSS 7.5 High. Patch commands, mitigations, and verifi
CVE-2026-30911: Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization in Apache Airflow. Patch commands and verificati
CVE-2026-30912 is an exposure of resource to wrong sphere in Apache Airflow. This page lists verified fix commands and short-term mitigation
CVE-2026-30917: Stored XSS on Bucket namespace pages in mediawiki-extensions-Bucket. Patch commands and verification.
CVE-2026-30918: facileManager Affected by Reflected Cross-Site Scripting (XSS) in facileManager. Patch commands and verification.
CVE-2026-30919: facileManager Affected by Stored Cross-Site Scripting (XSS) in facileManager. Patch commands and verification.
CVE-2026-30920 is a cwe-345: insufficient verification of data authenticity in oneuptime. CVSS 8.6 High. Patch commands, mitigations, and ve
CVE-2026-30922 is a pyasn1 vulnerable to denial of service via unbounded recursion in pyasn1. CVSS 7.5 High. Patch commands, mitigations, an
CVE-2026-30923 is a out-of-bounds read in ModSecurity. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-30925: CWE-1333: Inefficient Regular Expression Complexity in parse-server. Patch commands and verification.
CVE-2026-30926 is a cwe-284: improper access control in Siyuan-note siyuan. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-30928: Glances Exposes Unauthenticated Configuration Secrets in glances. Patch commands and verification.
CVE-2026-30929 is a imagemagick has a stack buffer overflow in magnifyimage in ImageMagick. CVSS 7.7 High. Patch commands, mitigations, and
CVE-2026-30930: Glances has SQL Injection via Process Names in TimescaleDB Export in glances. Patch commands and verification.
CVE-2026-30932 is a vulnerability in froxlor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-30933: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in filebrowser. Patch commands and verification.
CVE-2026-30934: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in filebrowser. Patch commands
CVE-2026-30939: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in parse-server. Patch c
CVE-2026-3094 is a out-of-bounds write in deltaww CNCSoft-G2. This page lists the verified fix and inline mitigations.
CVE-2026-30940: bundle sibling of CVE-2026-21861. Same patched build closes both.
CVE-2026-30941: CWE-943: Improper Neutralization of Special Elements in Data Query Logic in parse-server. Patch commands and verification.
CVE-2026-30942 is a flare has a path traversal in /api/avatars/[filename] in Flintsh Flare. CVSS 8.3 High. Patch commands, mitigations, and
CVE-2026-30944: StudioCMS Affected by Privilege Escalation via Insecure API Token Generation in studiocms. Patch commands and verification.
CVE-2026-30945: StudioCMS: IDOR, Arbitrary API Token Revocation Leading to Denial of Service in studiocms. Patch commands and verification.
CVE-2026-30946: CWE-770: Allocation of Resources Without Limits or Throttling in parse-server. Patch commands and verification.
CVE-2026-30947: Parse Server ha a bypass of class-level permissions in LiveQuery in parse-server. Patch commands and verification.
CVE-2026-30948: Parse Server has stored cross-site scripting (XSS) via SVG file upload in parse-server. Patch commands and verification.
CVE-2026-30949: Parse Server is missing audience validation in Keycloak authentication adapter in parse-server. Patch commands and verificat
CVE-2026-30950 is a missing authorization in AutoGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-30951: Sequelize v6 Vulnerable to SQL Injection via JSON Column Cast Type in sequelize. Patch commands and verification.
CVE-2026-30952 is a liquidjs has a path traversal fallback in Harttle liquidjs. CVSS 8.7 High. Patch commands, mitigations, and verification
CVE-2026-30953 is a cwe-918: server-side request forgery (ssrf) in Kovah LinkAce. CVSS 7.7 High. Patch commands, mitigations, and verificati
CVE-2026-30958 is a oneuptime: path traversal, arbitrary file read (no auth) in oneuptime. CVSS 7.2 High. Patch commands, mitigations, and v
CVE-2026-30962: Parse Server has a protected fields bypass via logical query operators in parse-server. Patch commands and verification.
CVE-2026-30967 is a cwe-287: improper authentication in Parse-community parse-server. CVSS 7.6 High. Patch commands, mitigations, and verifi
CVE-2026-30968: Coral Server has insufficient validation of agent identity for SSE connections in coral-server. Patch commands and verificat
CVE-2026-30969: CWE-639: Authorization Bypass Through User-Controlled Key in coral-server. Patch commands and verification.
CVE-2026-30970: Session authentication bypass in Coral Server session creation endpoint in coral-server. Patch commands and verification.
CVE-2026-30975 is an authentication bypass in Sonarr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-30976 is a path traversal in Sonarr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-30978: Heap-use-after-free in CIccCmm::AddXform() in iccDEV. Patch commands and verification.
CVE-2026-30979: iccDEV has a heap-based buffer overflow in CIccCalculatorFunc::InitSelectOp() in iccDEV. Patch commands and verification.
CVE-2026-30983: iccDEV has a stack buffer overflow in icFixXml() in iccDEV. Patch commands and verification.
CVE-2026-30985: iccDEV has a heap-based buffer overflow write in CIccMatrixMath::SetRange() in iccDEV. Patch commands and verification.
CVE-2026-30987: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in iccDEV. Patch commands and verification.
CVE-2026-30994 is an access control in Incorrect. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30995 is a SQL injection in Slah CMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30996 is a path traversal in An. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30997 is an out-of-bounds read in An. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30998 is a denial of service in An. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30999 is a heap buffer overflow in FFmpeg. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3100 is a improper certificate validation in ASUSTOR ADM. This page lists the verified fix and inline mitigations.
CVE-2026-31018 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31019 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3104 is an OS command injection in BIND 9. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3105 is a SQL injection in Mautic Mautic. This page lists the verified fix and inline mitigations.
CVE-2026-3108 is a vulnerability in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3110 is a multiple vulnerabilities on the educativa campus in Educativa Campus. CVSS 8.7 High. Patch commands, mitigations, and ver
CVE-2026-31195 improper neutralization of special elements used in an os command ('os command i in the affected product. Runnable upgrade co
CVE-2026-31196 improper neutralization of special elements used in an os command ('os command i in the affected product. Runnable upgrade co
CVE-2026-3120 improper control of generation of code ('code injection') in SambaBox. Runnable upgrade commands and verification steps for sy
CVE-2026-3124 is a vulnerability in Download Monitor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31247 uncontrolled resource consumption in the affected product. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-31248 improper restriction of recursive entity references in dtds ('xml entity expansi in the affected product. Runnable upgrade co
CVE-2026-31249 deserialization of untrusted data in the affected product. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-3125 is a SSRF in opennextjs @opennextjs/cloudflare. This page lists the verified fix and inline mitigations.
CVE-2026-31250 deserialization of untrusted data in the affected product. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-31251 is a improper input validation in the affected product. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-31253 deserialization of untrusted data in the affected product. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-31254 improper neutralization of directives in dynamically evaluated code ('eval injec in the affected product. Runnable upgrade co
CVE-2026-31256 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31281 is a cross-site scripting in Totara LMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31317 is a server-side request forgery in Craftql. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-3132 is a code injection in Jewel Theme Master Addons for Elementor Premium. This page lists the verified fix and inline mitigation
CVE-2026-3136 is a incorrect authorization in Google Cloud Cloud Build. This page lists the verified fix and inline mitigations.
CVE-2026-31368 - Privilege Bypass in AIAssistant. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31386: Improper neutralization of special elements used in an OS command ('OS Command Injection') in OpenLiteSpeed. Patch commands
CVE-2026-31389 is a spi: fix use-after-free on controller registration failure in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31392 is a smb: client: fix krb5 mount with username option in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31393 is a bluetooth: l2cap: validate l2cap_info_rsp payload length before access in Linux, fixed by the same patch as CVE-2026-234
CVE-2026-31396 is a net: macb: fix use-after-free access to ptp clock in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31397 is a mm/huge_memory: fix use of null folio in move_pages_huge_pmd() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31398 is a mm/rmap: fix incorrect pte restoration for lazyfree folios in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31401 is a hid: bpf: prevent buffer overflow in hid_hw_request in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31403 is a nfsd: hold net reference for the lifetime of /proc/fs/nfs/exports fd in Linux, fixed by the same patch as CVE-2026-23401
CVE-2026-31404 is a nfsd: defer sub-object cleanup in export put callbacks in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31406 is a xfrm: fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() in Linux, fixed by the same patch as CVE-2026-2
CVE-2026-31407 is a netfilter: conntrack: add missing netlink policy validations in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31408 is a bluetooth: sco: fix use-after-free in sco_recv_frame() due to missing sock_hold in Linux, fixed by the same patch as CVE
CVE-2026-31409 is a ksmbd: unset conn->binding on failed binding request in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31413 is a security vulnerability in Linux. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31417 is a security vulnerability in Linux. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31419 is a security vulnerability in Linux. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31426 is a security vulnerability in Linux. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31432 - ksmbd: fix OOB write in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31433 - ksmbd: fix potencial OOB in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31435 - netfs: Fix read abandonment during retry in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31442 - dmaengine: idxd: Fix possible invalid memory access after FLR in Linux. Runnable patch commands, mitigation, and verificati
CVE-2026-31446 - ext4: fix use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31447 - ext4: reject mount if bigalloc with s_first_data_block != 0 in Linux. Runnable patch commands, mitigation, and verification
CVE-2026-31449 - ext4: validate p_idx bounds in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31450 - ext4: publish jinode after initialization in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31453 - xfs: avoid dereferencing log items after push callbacks in Linux. Runnable patch commands, mitigation, and verification on
CVE-2026-31454 - xfs: save ailp before dropping the AIL lock in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31464 - scsi: ibmvfc: Fix OOB access in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31467 - erofs: add GFP_NOIO in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31468 - vfio/pci: Fix double free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31469 - virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false in Linux. Runnable patch commands,
CVE-2026-31470 - virt: tdx-guest: Fix handling of host controlled 'quote' buffer length in Linux. Runnable patch commands, mitigation, and v
CVE-2026-31471 - xfrm: iptfs: only publish mode_data after clone setup in Linux. Runnable patch commands, mitigation, and verification on th
CVE-2026-31473 - media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex in Linux. Runnable patch commands, mitigation, and verif
CVE-2026-31474 - can: isotp: fix tx.buf use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31475 - ASoC: sma1307: fix double free of devm_kzalloc() memory in Linux. Runnable patch commands, mitigation, and verification on
CVE-2026-31476 - ksmbd: do not expire session on binding failure in Linux. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-31477 - ksmbd: fix memory leaks and NULL deref in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31479 - drm/xe: always keep track of remap prev/next in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31484 - io_uring/fdinfo: fix OOB read in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31486 - hwmon: (pmbus/core) Protect regulator operations with mutex in Linux. Runnable patch commands, mitigation, and verification
CVE-2026-31488 - drm/amd/display: Do not skip unrelated mode changes in Linux. Runnable patch commands, mitigation, and verification on this
CVE-2026-31490 - drm/xe/pf: Fix use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31494 - net: macb: use the current queue number for stats in Linux. Runnable patch commands, mitigation, and verification on this p
CVE-2026-31502 - team: fix header_ops type confusion with non-Ethernet ports in Linux. Runnable patch commands, mitigation, and verification
CVE-2026-31504 - net: fix fanout UAF in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31505 - iavf: fix out-of-bounds writes in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31507 - net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer in Linux. Runnable patch commands, mitiga
CVE-2026-31508 - net: openvswitch: Avoid releasing netdev before teardown completes in Linux. Runnable patch commands, mitigation, and verif
CVE-2026-31511 - Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete in Linux. Runnable patch commands, mitigati
CVE-2026-31513 - Bluetooth: L2CAP: Fix stack-out-of-bounds read in Linux. Runnable patch commands, mitigation, and verification on this page
CVE-2026-31516 - xfrm: prevent policy_hthresh.work from racing with netns teardown in Linux. Runnable patch commands, mitigation, and verifi
CVE-2026-31525 - bpf: Fix undefined behavior in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31528 - perf: Make sure to use pmu_ctx->pmu for groups in Linux. Runnable patch commands, mitigation, and verification on this page
CVE-2026-31532 - can: raw: fix ro->uniq use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31538 - smb: server: make use of smbdirect_socket.recv_io.credits.available in Linux. Runnable patch commands, mitigation, and veri
CVE-2026-31539 - smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available in Linux. Runnable patch commands, mitigation, and ver
CVE-2026-31548 - wifi: cfg80211: cancel pmsr_free_wk in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31552 - wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom in Linux. Runnable patch commands, mitigati
CVE-2026-31553 - KVM: arm64: Fix the descriptor address in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31554 - futex: Require sys_futex_requeue() to have identical flags in Linux. Runnable patch commands, mitigation, and verification
CVE-2026-31557 - nvmet: move async event work off nvmet-wq in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31558 - LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more reliable in Linux. Runnable patch commands, mitigation, and verification
CVE-2026-31563 - net: macb: Use dev_consume_skb_any() to free TX SKBs in Linux. Runnable patch commands, mitigation, and verification on thi
CVE-2026-31566 - drm/amdgpu: Fix fence put before wait in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31569 - LoongArch: KVM: Handle the case that EIOINTC's coremap is empty in Linux. Runnable patch commands, mitigation, and verifica
CVE-2026-31570 - can: gw: fix OOB heap access in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31584 - media: mediatek: vcodec: fix use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31586 - mm: blk-cgroup: fix use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31587 - ASoC: qcom: q6apm: move component registration to unmanaged version in Linux. Runnable patch commands, mitigation, and veri
CVE-2026-31588 - KVM: x86: Use scratch field in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31597 - ocfs2: fix use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31598 - ocfs2: fix possible deadlock between unlink and dio_end_io_write in Linux. Runnable patch commands, mitigation, and verific
CVE-2026-31600 - arm64: mm: Handle invalid large leaf mappings correctly in Linux. Runnable patch commands, mitigation, and verification on
CVE-2026-31602 - ALSA: ctxfi: Limit PTP to a single page in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31611 - ksmbd: require 3 sub-authorities before reading sub_auth[2] in Linux. Runnable patch commands, mitigation, and verification
CVE-2026-31612 - ksmbd: validate EaNameLength in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31613 - smb: client: fix OOB reads parsing symlink error response in Linux. Runnable patch commands, mitigation, and verification o
CVE-2026-31622 - NFC: digital: Bounds check NFC-A cascade depth in Linux. Runnable patch commands, mitigation, and verification on this page
CVE-2026-31626 - staging: rtl8723bs: initialize le_tmp64 in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31627 - i2c: s3c24xx: check the size of the SMBUS message before using it in Linux. Runnable patch commands, mitigation, and verifi
CVE-2026-31629 - nfc: llcp: add missing return after LLCP_CLOSED checks in Linux. Runnable patch commands, mitigation, and verification on t
CVE-2026-31630 - rxrpc: proc: size address buffers for %pISpc output in Linux. Runnable patch commands, mitigation, and verification on this
CVE-2026-31631 - rxrpc: Fix buffer overread in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31635 - rxrpc: fix oversized RESPONSE authenticator length check in Linux. Runnable patch commands, mitigation, and verification on
CVE-2026-31638 - rxrpc: Only put the call ref if one was acquired in Linux. Runnable patch commands, mitigation, and verification on this pa
CVE-2026-31640 - rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial in Linux. Runnable patch commands, mitigation, and
CVE-2026-31641 - rxrpc: Fix RxGK token loading to check bounds in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31644 - net: lan966x: fix use-after-free and leak in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31648 - mm: filemap: fix nr_pages calculation overflow in Linux. Runnable patch commands, mitigation, and verification on this page
CVE-2026-3165 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-31656 - drm/i915/gt: fix refcount underflow in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3166 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-31662 - tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG in Linux. Runnable patch commands, mitigation, and verification on t
CVE-2026-31663 - xfrm: hold dev ref until after transport_finish NF_HOOK in Linux. Runnable patch commands, mitigation, and verification on
CVE-2026-31665 - netfilter: nft_ct: fix use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31666 - btrfs: fix incorrect return value after changing leaf in Linux. Runnable patch commands, mitigation, and verification on th
CVE-2026-31667 - Input: uinput - fix circular locking dependency with ff-core in Linux. Runnable patch commands, mitigation, and verificatio
CVE-2026-3167 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-31673 - af_unix: read UNIX_DIAG_VFS data under unix_state_lock in Linux. Runnable patch commands, mitigation, and verification on t
CVE-2026-31674 - netfilter: ip6t_rt: reject oversized addrnr in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31675 - net/sched: sch_netem: fix out-of-bounds access in Linux. Runnable patch commands, mitigation, and verification on this page
CVE-2026-31676 - rxrpc: only handle RESPONSE during service challenge in Linux. Runnable patch commands, mitigation, and verification on thi
CVE-2026-31678 - openvswitch: defer tunnel netdev_put to RCU release in Linux. Runnable patch commands, mitigation, and verification on this
CVE-2026-31679 - openvswitch: validate MPLS set/set_masked payload length in Linux. Runnable patch commands, mitigation, and verification on
CVE-2026-3168 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-31680 - net: ipv6: flowlabel: defer exclusive option free until RCU teardown in Linux. Runnable patch commands, mitigation, and ver
CVE-2026-31683 - batman-adv: avoid OGM aggregation when skb tailroom is insufficient in Linux. Runnable patch commands, mitigation, and veri
CVE-2026-3169 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-31693 - cifs: some missing initializations on replay in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31694 - fuse: reject oversized dirents in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31695 - wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free in Linux. Runnable patch commands, mitigation, and verificat
CVE-2026-31697 - crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed in Linux. Runnable patch commands, mitigation, and
CVE-2026-31698 - crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed in Linux. Runnable patch commands, mitigatio
CVE-2026-31699 - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed in Linux. Runnable patch commands, mitigation, an
CVE-2026-31700 - net/packet: fix TOCTOU race on mmap'd vnet_hdr in Linux. Runnable patch commands, mitigation, and verification on this page
CVE-2026-31703 - writeback: Fix use after free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31706 - ksmbd: validate num_aces and harden ACE walk in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31707 - ksmbd: validate response sizes in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31708 - smb: client: fix OOB read in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31709 - smb: client: validate the whole DACL before rewriting it in Linux. Runnable patch commands, mitigation, and verification on
CVE-2026-31711 - smb: server: fix active_num_conn leak on transport allocation failure in Linux. Runnable patch commands, mitigation, and ve
CVE-2026-31712 - ksmbd: require minimum ACE size in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31716 - fs/ntfs3: validate rec->used in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31717 - ksmbd: validate owner of durable handle on reconnect in Linux. Runnable patch commands, mitigation, and verification on thi
CVE-2026-31719 - crypto: krb5enc - fix async decrypt skipping hash verification in Linux. Runnable patch commands, mitigation, and verificat
CVE-2026-3172 is a integer underflow in n/a pgvector. This page lists the verified fix and inline mitigations.
CVE-2026-31730 - misc: fastrpc: possible double-free of cctx->remote_heap in Linux. Runnable patch commands, mitigation, and verification on
CVE-2026-31731 - thermal: core: Address thermal zone removal races with resume in Linux. Runnable patch commands, mitigation, and verificati
CVE-2026-31735 - iommupt: Fix short gather if the unmap goes into a large mapping in Linux. Runnable patch commands, mitigation, and verific
CVE-2026-31739 - crypto: tegra - Add missing CRYPTO_ALG_ASYNC in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31742 - vt: discard stale unicode buffer on alt screen exit after resize in Linux. Runnable patch commands, mitigation, and verific
CVE-2026-31743 - nvmem: zynqmp_nvmem: Fix buffer size in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31758 - usb: usbtmc: Flush anchored URBs in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31761 - iio: gyro: mpu3050: Move iio_device_register() to correct location in Linux. Runnable patch commands, mitigation, and verif
CVE-2026-31766 - drm/amdgpu: validate doorbell_offset in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31768 - iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() in Linux. Runnable patch commands, mitigation, and verification
CVE-2026-31769 - gpib: fix use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31771 - Bluetooth: hci_event: move wake reason storage into validated event handlers in Linux. Runnable patch commands, mitigation,
CVE-2026-31772 - Bluetooth: hci_sync: fix stack buffer overflow in Linux. Runnable patch commands, mitigation, and verification on this page
CVE-2026-31773 - Bluetooth: SMP: derive legacy responder STK authentication from MITM state in Linux. Runnable patch commands, mitigation, a
CVE-2026-31774 - io_uring/net: fix slab-out-of-bounds read in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31779 - wifi: iwlwifi: mvm: fix potential out-of-bounds read in Linux. Runnable patch commands, mitigation, and verification on thi
CVE-2026-3178: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Name Directory. Patch commands
CVE-2026-31780 - wifi: wilc1000: fix u8 overflow in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31782 - perf/x86: Fix potential bad container_of in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31786 - Buffer overflow in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31788 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31790 is a incorrect failure handling in rsa kem rsasve encapsulation in OpenSSL, fixed by the same patch as CVE-2026-28386.
CVE-2026-31792: iccDEV has a null pointer dereference in CIccTagXmlStruct::ParseTag() in iccDEV. Patch commands and verification.
CVE-2026-31795: iccDEV has a stack buffer overflow write in CIccXform3DLut::Apply() in iccDEV. Patch commands and verification.
CVE-2026-31796: iccDEV has a heap-based buffer overflow in icCurvesFromXml() in iccDEV. Patch commands and verification.
CVE-2026-3180 is a SQL injection in contest-gallery Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe. This page list
CVE-2026-31800 is a cwe-862: missing authorization in Parse-community parse-server. CVSS 8.8 High. Patch commands, mitigations, and verifica
CVE-2026-31801 is a cwe-863: incorrect authorization in Project-zot zot. CVSS 7.7 High. Patch commands, mitigations, and verification.
CVE-2026-31802: node-tar Symlink Path Traversal via Drive-Relative Linkpath in node-tar. Patch commands and verification.
CVE-2026-31812 is a cwe-248: uncaught exception in Quinn-rs quinn. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-31814: Yamux remote Panic via malformed WindowUpdate credit in rust-yamux. Patch commands and verification.
CVE-2026-31817: OliveTin's unsafe parsing of UniqueTrackingId can be used to write files in OliveTin. Patch commands and verification.
CVE-2026-31820 is a sylius affected by idor in cart and checkout livecomponents in Sylius. CVSS 7.1 High. Patch commands, mitigations, and v
CVE-2026-31824 is a sylius has a promotion usage limit bypass via race condition in Sylius. CVSS 8.2 High. Patch commands, mitigations, and
CVE-2026-31827: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in Alienbin. Patch comm
CVE-2026-31829 is a cwe-918: server-side request forgery (ssrf) in Flowiseai Flowise. CVSS 7.1 High. Patch commands, mitigations, and verifi
CVE-2026-31830 is a cwe-252: unchecked return value in sigstore-ruby. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-31831 is a path traversal in Tautulli. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31834 is a cwe-269: improper privilege management in Umbraco-CMS. CVSS 7.2 High. Patch commands, mitigations, and verification.
CVE-2026-31836 is an access control bypass in Checkmate. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-31837: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in istio. Patch commands and verification.
CVE-2026-31839 is a striae has a hash validation utility in Striae-org striae. CVSS 8.2 High. Patch commands, mitigations, and verification.
CVE-2026-31842: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in Tinyproxy. Patch commands and verificati
CVE-2026-31844: Authenticated SQL Injection in Koha displayby parameter of suggestion.pl in Koha. Patch commands and verification.
CVE-2026-31846: an authentication bypass in Nebula 300+ / Tenda F3 V2.0 Firmware. Patched version and vendor advisory inside.
CVE-2026-31847 is a vulnerability in Nebula 300+. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31848 is a vulnerability in Nebula 300+. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31849 is a vulnerability in Nebula 300+. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31851 is a vulnerability in Nebula 300+. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31854: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in cursor. Patch commands
CVE-2026-31857: CWE-94: Improper Control of Generation of Code ('Code Injection') in cms. Patch commands and verification.
CVE-2026-31858: CraftCMS's `ElementSearchController` Affected by Blind SQL Injection in cms. Patch commands and verification.
CVE-2026-31861: Shell Command Injection in Git Routes [CloudCLI UI] in claudecodeui. Patch commands and verification.
CVE-2026-31866: Allocation of Resources Without Limits or Throttling in flagd in flagd. Patch commands and verification.
CVE-2026-31870 is a cwe-248: uncaught exception in Yhirose cpp-httplib. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-31872: Parse Server has a protected fields bypass via dot-notation in query and sort in parse-server. Patch commands and verificati
CVE-2026-31875: Parse Server MFA recovery codes not consumed after use in parse-server. Patch commands and verification.
CVE-2026-31881 is a cwe-306: missing authentication for critical function in runtipi. CVSS 7.7 High. Patch commands, mitigations, and verifi
CVE-2026-31882 is a dagu sse authentication bypass in basic auth mode in Dagu-org dagu. CVSS 7.5 High. Patch commands, mitigations, and veri
CVE-2026-31887 is a cwe-863: incorrect authorization in Shopware core. CVSS 8.9 High. Patch commands, mitigations, and verification.
CVE-2026-31889 is a shopware has a potential take over of app credentials in Shopware core. CVSS 8.9 High. Patch commands, mitigations, and
CVE-2026-31891: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Cockpit. Patch commands and
CVE-2026-31892 is a cwe-863: incorrect authorization in Argoproj argo-workflows. CVSS 8.9 High. Patch commands, mitigations, and verificatio
CVE-2026-31895: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in WeGIA. Patch commands and ve
CVE-2026-31898 is a jspdf has a pdf object injection via freetext color in Parallax jsPDF. CVSS 8.1 High. Patch commands, mitigations, and v
CVE-2026-31899 is a cwe-674: uncontrolled recursion in Kozea CairoSVG. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-31900: Black's vulnerable version parsing leads to RCE in GitHub Action in black. Patch commands and verification.
CVE-2026-31903 is a vulnerability in eParking.fi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31904 is a vulnerability in Chargeportal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31913 is a path traversal in Scape. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31917 is a wordpress wp erp plugin <= 1.16.10 - sql injection in Wedevs WP ERP. CVSS 8.5 High. Patch commands, mitigations, and ver
CVE-2026-31921: a vulnerability in Product Rearrange for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-31922 is a wordpress fox lms plugin <= 1.0.6.3 - sql injection in Ays Pro Fox LMS. CVSS 8.5 High. Patch commands, mitigations, and
CVE-2026-31923 is a cleartext transmission of sensitive information in Apache APISIX. This page lists verified fix commands and short-term m
CVE-2026-31931 is a suricata tls: null dereference in tls.alpn rule keyword in Oisf suricata. CVSS 7.5 High. Patch commands, mitigations, an
CVE-2026-31932 is a suricata krb5: quadratic complexity in krb5 buffering in Oisf suricata, fixed by the same patch as CVE-2026-31931.
CVE-2026-31933 is a suricata stream: quadratic complexity in stream inspection in Oisf suricata, fixed by the same patch as CVE-2026-31931.
CVE-2026-31934 is a suricata smtp/mine: quadratic complexity in extracting urls in Oisf suricata, fixed by the same patch as CVE-2026-31931.
CVE-2026-31935 is a suricata http2: unbounded resource consumption in Oisf suricata, fixed by the same patch as CVE-2026-31931.
CVE-2026-31937 is a suricata dcerpc: quadratic complexity in dcerpc buffering in Oisf suricata, fixed by the same patch as CVE-2026-31931.
CVE-2026-31939 is a path traversal in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31940 is a cwe-384: session fixation in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-31941 is a server-side request forgery in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-31943 is a vulnerability in LibreChat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31944: CWE-306: Missing Authentication for Critical Function in LibreChat. Patch commands and verification.
CVE-2026-31945 is a vulnerability in LibreChat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-31952 - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in xibo-cms. Runnable patch co
CVE-2026-31958 is a tornado has a dos due to too many multipart parts in Tornadoweb tornado. CVSS 8.7 High. Patch commands, mitigations, and
CVE-2026-31962: HTSlib CRAM reader has heap buffer overflow due to improper validation of input in htslib. Patch commands and verification.
CVE-2026-31963: HTSlib CRAM reader has heap buffer overflow due to improper validation of input in htslib. Patch commands and verification.
CVE-2026-31968 is a htslib cram decoder vulnerable to buffer overflow in Samtools htslib. CVSS 8.8 High. Patch commands, mitigations, and ve
CVE-2026-31969 is a htslib cram decoder has a heap buffer overflow in Samtools htslib. CVSS 7.1 High. Patch commands, mitigations, and verif
CVE-2026-31970: HTSlib BGZF index file reader has a heap buffer overflow in htslib. Patch commands and verification.
CVE-2026-31971 is a htslib cram decoder vulnerable to buffer overflow in Samtools htslib. CVSS 7.1 High. Patch commands, mitigations, and ve
CVE-2026-31975 is a cloud cli websocket shell injection in Siteboon claudecodeui. CVSS 8.7 High. Patch commands, mitigations, and verificati
CVE-2026-31979: CWE-59: Improper Link Resolution Before File Access ('Link Following') in himmelblau. Patch commands and verification.
CVE-2026-31987 is an insertion of sensitive information into log in Apache Airflow. This page lists verified fix commands and short-term mit
CVE-2026-31992: OpenClaw < 2026.2.23 - Allowlist Exec-Guard Bypass via env -S in OpenClaw. Patch commands and verification.
CVE-2026-31998 is a cwe-863: incorrect authorization in OpenClaw. CVSS 8.3 High. Patch commands, mitigations, and verification.
CVE-2026-32003: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) in OpenClaw. Patch comma
CVE-2026-32004: CWE-288: Authentication Bypass Using an Alternate Path or Channel in OpenClaw. Patch commands and verification.
CVE-2026-32005 is a cwe-863: incorrect authorization in OpenClaw. CVSS 7.6 High. Patch commands, mitigations, and verification.
CVE-2026-32007: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in OpenClaw. Patch commands and verifi
CVE-2026-32008: OpenClaw < 2026.2.21 - Arbitrary Local File Read via Browser Navigation Guard in OpenClaw. Patch commands and verification.
CVE-2026-32009 is a cwe-426: untrusted search path in OpenClaw. CVSS 7 High. Patch commands, mitigations, and verification.
CVE-2026-32011: CWE-770: Allocation of Resources Without Limits or Throttling in OpenClaw. Patch commands and verification.
CVE-2026-32013: OpenClaw < 2026.2.25 - Symlink Traversal in agents.files Methods in OpenClaw. Patch commands and verification.
CVE-2026-32014 is a cwe-290: authentication bypass by spoofing in OpenClaw. CVSS 8.6 High. Patch commands, mitigations, and verification.
CVE-2026-32015 is a cwe-426: untrusted search path in OpenClaw. CVSS 7.3 High. Patch commands, mitigations, and verification.
CVE-2026-32016 is a cwe-426: untrusted search path in OpenClaw. CVSS 7.3 High. Patch commands, mitigations, and verification.
CVE-2026-32025: CWE-307 Improper Restriction of Excessive Authentication Attempts in OpenClaw. Patch commands and verification.
CVE-2026-32026: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in OpenClaw. Patch commands and verifi
CVE-2026-32027 is a cwe-863 incorrect authorization in OpenClaw. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-32030: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in OpenClaw. Patch commands and verifi
CVE-2026-32032 is a cwe-426: untrusted search path in OpenClaw. CVSS 7.3 High. Patch commands, mitigations, and verification.
CVE-2026-32036 is a cwe-289 authentication bypass by alternate name in OpenClaw. CVSS 8.3 High. Patch commands, mitigations, and verificatio
CVE-2026-32041 is a cwe-306 missing authentication for critical function in OpenClaw. CVSS 7.5 High. Patch commands, mitigations, and verifi
CVE-2026-32042 is an access control bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32045 is an authentication bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32048 is an arbitrary file read in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32049 is an OS command injection in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-32051 is an access control bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32055 is a path traversal in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32056 is an OS command injection in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-32059 is a incorrect authorization in openclaw. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-32060: OpenClaw < 2026.2.14 - Path Traversal in apply_patch via Crafted Paths in openclaw. Patch commands and verification.
CVE-2026-32062 is a allocation of resources without limits or throttling in openclaw. CVSS 8.7 High. Patch commands, mitigations, and verifi
CVE-2026-32064 is an authentication bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32068 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32069 is a double free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3207 is a tibco bpm enterprise remote code execution (rce) in TIBCO BPM Enterprise. CVSS 8.7 High. Patch commands, mitigations, and
CVE-2026-32070 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32071 is a cwe-476: null pointer dereference in Microsoft Windows. This page lists verified fix commands and short-term mitigations
CVE-2026-32073 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32074 is a double free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32075 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32076 is an out-of-bounds read in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-32077 is a cwe-822: untrusted pointer dereference in Microsoft Windows. This page lists verified fix commands and short-term mitiga
CVE-2026-32078 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32080 is an use-after-free in Microsoft Windows Server. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-32082 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32083 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32086 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32087 is a heap buffer overflow in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-32089 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32090 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32091 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32093 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32097: CWE-639: Authorization Bypass Through User-Controlled Key in pingpong. Patch commands and verification.
CVE-2026-32101 is a cwe-863: incorrect authorization in @studiocms s3-storage. CVSS 7.6 High. Patch commands, mitigations, and verification.
CVE-2026-32102: OliveTin Unauthorized Action Output Disclosure via EventStream in OliveTin. Patch commands and verification.
CVE-2026-32107 is a cwe-273: improper check for dropped privileges in xrdp. This page lists verified fix commands and short-term mitigations
CVE-2026-32110: SiYuan has a Full-Read SSRF via /api/network/forwardProxy in siyuan. Patch commands and verification.
CVE-2026-32116: Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite in magic-wormhole. Patch commands and verification.
CVE-2026-32117: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in grafanacubism-panel. Patch c
CVE-2026-32121 is a openemr: stored dom xss via `.html()` in portal signer modal in openemr. CVSS 7.7 High. Patch commands, mitigations, and
CVE-2026-32123 is a openemr: therapy group sensitivity acl no longer enforced in openemr. CVSS 7.7 High. Patch commands, mitigations, and ve
CVE-2026-32126 is a cwe-862: missing authorization in openemr. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-32127 is a sql injection vulnerability in ajax graphs library (openemr) in openemr. CVSS 8.8 High. Patch commands, mitigations, and
CVE-2026-32129: Poseidon V1 variable-length input collision via implicit zero-padding in rs-soroban-poseidon. Patch commands and verificatio
CVE-2026-32130 is a zitadel scim authentication bypass via url encoding in zitadel. CVSS 7.5 High. Patch commands, mitigations, and verifica
CVE-2026-32131 is a zitadel cross-tenant information disclosure in management api in zitadel. CVSS 7.7 High. Patch commands, mitigations, an
CVE-2026-32132 is a zitadel: reactivation of expired passkey registration codes in zitadel. CVSS 7.4 High. Patch commands, mitigations, and
CVE-2026-32133 is a cwe-918: server-side request forgery (ssrf) in Bubka 2FAuth. CVSS 7.8 High. Patch commands, mitigations, and verificatio
CVE-2026-32135 is a heap buffer overflow in nanomq. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32138 is a nexulean api key leak in Stalin-143 website. CVSS 8.2 High. Patch commands, mitigations, and verification.
CVE-2026-32141: flatted: Unbounded recursion DoS in parse() revive phase in flatted. Patch commands and verification.
CVE-2026-32144: bundle sibling of CVE-2026-28808. Same patched build closes both.
CVE-2026-32145: Multipart form body parser bypasses body size limits in wisp in wisp. Patch commands and verification.
CVE-2026-32146 is a path traversal in Gleam. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32148 - CWE-354 Improper Validation of Integrity Check Value in hex. Runnable patch commands, mitigation, and verification on this
CVE-2026-32149 is an improper input validation in Microsoft Windows. This page lists verified fix commands and short-term mitigations you ca
CVE-2026-32150 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32152 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32153 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32154 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32155 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32156 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32157 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32158 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32159 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32160 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32161 is a race condition in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-32162 is a cwe-349: acceptance of extraneous untrusted data in Microsoft Windows. This page lists verified fix commands and short-t
CVE-2026-32163 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32164 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32165 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32168 is an improper input validation in Azure Monitor. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-32171 is a cwe-522: insufficiently protected credentials in Azure Logic Apps. This page lists verified fix commands and short-term
CVE-2026-32172 - CWE-427: Uncontrolled Search Path Element in Microsoft Power Apps. Runnable patch commands, mitigation, and verification on
CVE-2026-32173: Azure SRE Agent Information Disclosure in Azure SRE Agent Gateway - SignalR Hub. Patch commands and verification.
CVE-2026-32177 is a path traversal in .NET 10.0. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32178 is a vulnerability in .NET 10.0. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32183 is a command injection in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-32184 is a deserialization of untrusted data in Microsoft HPC Pack 2019. This page lists verified fix commands and short-term mitig
CVE-2026-32188 is an out-of-bounds read in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-32189 is an use-after-free in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32190 is an use-after-free in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32192 is a deserialization of untrusted data in Azure Monitor. This page lists verified fix commands and short-term mitigations you
CVE-2026-32195 is a stack buffer overflow in Windows 11 version 26H1. This page lists verified fix commands and short-term mitigations you c
CVE-2026-32197 is an use-after-free in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32198 is an use-after-free in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32199 is an use-after-free in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32200 is an use-after-free in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32203 is a stack buffer overflow in .NET 10.0. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32204 is an arbitrary file read in Azure Monitor. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-32207 improper neutralization of input during web page generation ('cross-site scripti in Azure Machine Learning. Runnable upgrade
CVE-2026-32219 is a double free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3222: WP Maps <= 4.9.1 - Unauthenticated SQL Injection via 'location_id' Parameter in WP Maps – Store Locator, Google Maps, OpenStr
CVE-2026-32221 is a heap buffer overflow in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-32222 is a cwe-822: untrusted pointer dereference in Microsoft Windows. This page lists verified fix commands and short-term mitiga
CVE-2026-32224 is an use-after-free in Windows 11 version 26H1. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-32225 is a protection mechanism failure in Microsoft Windows. This page lists verified fix commands and short-term mitigations you
CVE-2026-32228 is an incorrect authorization in Apache Airflow. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-3223 is a path traversal in Google Web Designer. This page lists the verified fix and inline mitigations.
CVE-2026-32231 is a cwe-306: missing authentication for critical function in Qhkm zeptoclaw. CVSS 8.2 High. Patch commands, mitigations, and
CVE-2026-32232: ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink in zeptoclaw. Patch commands and verification.
CVE-2026-32241 is an OS command injection in flannel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32246: Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint in tinyauth. Patch commands and verification.
CVE-2026-32247: CWE-943: Improper Neutralization of Special Elements in Data Query Logic in graphiti. Patch commands and verification.
CVE-2026-32252 is an improper authorization in chartbrew. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32254 is a cwe-284: improper access control in Cloudnativelabs kube-router. CVSS 7.1 High. Patch commands, mitigations, and verific
CVE-2026-32255: Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint in kan. Patch commands and verification.
CVE-2026-32256: music-metadata has an infinite loop vulnerability in ASF parser in music-metadata. Patch commands and verification.
CVE-2026-32260: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in deno. Patch commands a
CVE-2026-32261: RCE via SSTI for users with permissions to access the Craft CMS Webhooks plugin in webhooks. Patch commands and verification
CVE-2026-32263: Craft CMS vulnerable to behavior injection RCE via EntryTypesController in cms. Patch commands and verification.
CVE-2026-32264: CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in cms. Patch commands and verif
CVE-2026-32267 is a cwe-863: incorrect authorization in Craftcms cms. CVSS 7.7 High. Patch commands, mitigations, and verification.
CVE-2026-32268 is a cwe-862: missing authorization in Craftcms azure-blob. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-3227: Authenticated Command Injection on TP-Link TL-WR802N, TL-WR841N and TL-WR840N in TL-WR802N v4. Patch commands and verificatio
CVE-2026-32271 is a SQL injection in commerce. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32272 is a SQL injection in commerce. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32274: Black: Arbitrary file writes from unsanitized user input in cache file name in black. Patch commands and verification.
CVE-2026-32275 is a vulnerability in Tautulli. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32276 is a code injection in connect-cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32277 is a vulnerability in connect-cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32278 is an unrestricted file upload in connect-cms. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-32280: Unexpected work during chain building in crypto/x509 in crypto/x509. Patch commands and verification.
CVE-2026-32281 is a inefficient policy validation in crypto/x509 in Go Standard Library crypto/x509, fixed by the same patch as CVE-2026-322
CVE-2026-32283 is a improper locking in Go Standard Library crypto/tls. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-32290: GL-iNet Comet (GL-RM1) KVM insufficient firmware verification in Comet KVM. Patch commands and verification.
CVE-2026-32291: GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console in Comet KVM. Patch commands and verification
CVE-2026-32296: Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint in NanoKVM. Patch commands and verification.
CVE-2026-32298 is a angeet es3 kvm os command injection in Angeet ES3 KVM. CVSS 8.5 High. Patch commands, mitigations, and verification.
CVE-2026-32299 is an access control bypass in connect-cms. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-32300 is an access control bypass in connect-cms. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-32302 is a cwe-346: origin validation error in openclaw. CVSS 8.1 High. Patch commands, mitigations, and verification.
CVE-2026-32303 is a vulnerability in cryptomator. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32305 is an authentication bypass in traefik. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-32308: OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose") in oneuptime. Patch commands and verification.
CVE-2026-32309 is a vulnerability in cryptomator. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3231: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkout Field Editor (Checkou
CVE-2026-32313: CWE-354: Improper Validation of Integrity Check Value in xmlseclibs. Patch commands and verification.
CVE-2026-32314: Yamux remote Panic via malformed Data frame with SYN set and len = 262145 in rust-yamux. Patch commands and verification.
CVE-2026-32316 is a heap buffer overflow in jq. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32317 is a vulnerability in android. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32318 is a vulnerability in ios. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32319 is a cwe-125: out-of-bounds read in Ellanetworks core. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-32321: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in clipbucket-v5. Patch command
CVE-2026-32323 is a vulnerability in mullvadvpn-app. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32324 is an use of hard-coded cryptographic key in Anviz CX7 Firmware. This page lists verified fix commands and short-term mitigat
CVE-2026-32355 is a deserialization of untrusted data in Crocoblock JetEngine. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-32358: WordPress Booking Calendar plugin <= 10.14.15 - SQL Injection in Booking Calendar. Patch commands and verification.
CVE-2026-32364: WordPress Turbo Manager plugin < 4.0.8 - Local File Inclusion in Turbo Manager. Patch commands and verification.
CVE-2026-32365: WordPress Collapsing Archives plugin <= 3.0.7 - SQL Injection in Collapsing Archives. Patch commands and verification.
CVE-2026-32366: WordPress Collapsing Categories plugin <= 3.0.9 - SQL Injection in Collapsing Categories. Patch commands and verification.
CVE-2026-32368: WordPress Geo to Lat plugin <= 1.0.19 - SQL Injection in Geo to Lat. Patch commands and verification.
CVE-2026-32369: WordPress Medilink-Core plugin < 2.0.7 - Local File Inclusion in Medilink-Core. Patch commands and verification.
CVE-2026-32384: WordPress WpBookingly plugin <= 1.2.9 - Local File Inclusion in WpBookingly. Patch commands and verification.
CVE-2026-32392: WordPress Greenly theme <= 8.1 - Local File Inclusion in Greenly. Patch commands and verification.
CVE-2026-32393: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in Greenly Theme Add
CVE-2026-32399: WordPress Media LIbrary Assistant plugin <= 3.32 - SQL Injection in Media LIbrary Assistant. Patch commands and verification
CVE-2026-32400: WordPress Boldman theme <= 7.7 - Local File Inclusion in Boldman. Patch commands and verification.
CVE-2026-32401: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in Client Invoicing
CVE-2026-32414: Improper Control of Generation of Code ('Code Injection') in Advanced Woo Labels. Patch commands and verification.
CVE-2026-32418: WordPress Meow Gallery plugin <= 5.4.4 - SQL Injection in Meow Gallery. Patch commands and verification.
CVE-2026-32422: WordPress WP EasyCart plugin <= 5.8.13 - SQL Injection in WP EasyCart. Patch commands and verification.
CVE-2026-32426: WordPress Medilazar Core plugin < 1.4.7 - Local File Inclusion in Medilazar Core. Patch commands and verification.
CVE-2026-3243: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Advanced Members for ACF. Patch commands an
CVE-2026-32433: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in CP Contact Form with Paypal. Patch c
CVE-2026-32441 is a vulnerability in Comments Import & Export. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-32458 is a wordpress wolf plugin <= 1.0.8.7 - sql injection in Realmag777 WOLF. CVSS 7.6 High. Patch commands, mitigations, and ver
CVE-2026-32459 is a wordpress upsellwp plugin <= 2.2.4 - sql injection in Flycart UpsellWP. CVSS 7.6 High. Patch commands, mitigations, and
CVE-2026-32484 is an unsafe deserialization in weForms. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32485 is a vulnerability in WP User Frontend. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-32488 is a vulnerability in User Registration. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32493 is a vulnerability in JobSearch. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32494 is a vulnerability in Image Slider by Ays. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-32495 is a vulnerability in WP Terms Popup. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32498 is a vulnerability in RegistrationMagic. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32500 is a vulnerability in MetaMax. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32501 is a vulnerability in WP Configurator Pro. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-32503 is a vulnerability in Trendustry. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32504 is a vulnerability in VintWood. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32505 is a vulnerability in Kiddy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32513 is an unsafe deserialization in JS Archive List. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-32515 is a vulnerability in Miraculous. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32516 is a SQL injection in Miraculous Core Plugin. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-32517 is a vulnerability in Contact Manager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32518 is a vulnerability in Gaea. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32522: a path traversal in WooCommerce Support Ticket System. Patched version and vendor advisory inside.
CVE-2026-32526: a vulnerability in Abandoned Cart Recovery for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-32528 is a vulnerability in Riode. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32529 is a vulnerability in Molla. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32530 is a vulnerability in Creator LMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32531 is a vulnerability in Kunco. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32532: a vulnerability in Contact Form & Lead Form Elementor Build. Patched version and vendor advisory inside.
CVE-2026-32534 is a SQL injection in JS Help Desk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32537 is a vulnerability in Visual Portfolio. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-32538 is a vulnerability in SMTP Mailer. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32540 is a vulnerability in Bookly. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32542 is a vulnerability in Fusion Builder. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32544 is a vulnerability in OOPSpam Anti-Spam. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32545 is a vulnerability in Taboola Pixel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32546 is a vulnerability in Restrict Content. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-32589 is a mirror-registry: quay: insecure direct object reference in blobupload in Red Hat Quay 3.16, fixed by the same patch as C
CVE-2026-3259 - CWE-209 Generation of error message containing sensitive information in BigQuery. Runnable patch commands, mitigation, and v
CVE-2026-32590 is a mirror-registry: remote code execution using pickle deserialization in Red Hat Quay 3.16, fixed by the same patch as CVE
CVE-2026-32596 is a glances exposes the rest api without authentication in Nicolargo glances. CVSS 8.7 High. Patch commands, mitigations, an
CVE-2026-32597: CWE-345: Insufficient Verification of Data Authenticity in pyjwt. Patch commands and verification.
CVE-2026-32600: CWE-354: Improper Validation of Integrity Check Value in xml-security. Patch commands and verification.
CVE-2026-32603 is a improper input validation in Sandboxie. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-32605 is an out-of-bounds read in core-rs-albatross. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-32606: IncusOS has a LUKS encryption bypass due to insufficient TPM policy in incus-os. Patch commands and verification.
CVE-2026-32608: Glances has a Command Injection via Process Names in Action Command Templates in glances. Patch commands and verification.
CVE-2026-32609: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in glances. Patch commands and verification.
CVE-2026-32610: Glances's Default CORS Configuration Allows Cross-Origin Credential Theft in glances. Patch commands and verification.
CVE-2026-32611: Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements in glances. Patch commands and verification.
CVE-2026-32614 is a go shangmi sm9 infinity-point ciphertext forgery in Emmansun gmsm. CVSS 7.5 High. Patch commands, mitigations, and verif
CVE-2026-32616: Pigeon has a Host Header Injection in email verification flow in Pigeon. Patch commands and verification.
CVE-2026-32617 is a anythingllm permissable cors policy in Mintplex-labs anything-llm. CVSS 7.1 High. Patch commands, mitigations, and verif
CVE-2026-32622: SQLBot: Remote Code Execution via Terminology Poisoning in SQLBot. Patch commands and verification.
CVE-2026-32623 is a heap buffer overflow in xrdp. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32627 is a cwe-295: improper certificate validation in Yhirose cpp-httplib. CVSS 8.7 High. Patch commands, mitigations, and verific
CVE-2026-32628: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in anything-llm. Patch commands
CVE-2026-32631 is an information disclosure in git. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32634 is a cwe-346: origin validation error in Nicolargo glances. CVSS 8.1 High. Patch commands, mitigations, and verification.
CVE-2026-32635 is a angular has xss in i18n attribute bindings in @angular compiler. CVSS 8.6 High. Patch commands, mitigations, and verific
CVE-2026-32640: CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes in simpleeval. Patch commands and ve
CVE-2026-32643 is a path traversal in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32646 is a gardyn cloud api missing authentication for critical function in Gardyn Cloud API, fixed by the same patch as CVE-2026-2
CVE-2026-32647 is a path traversal in NGINX Open Source. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-32649 - CWE-78 in MS-Cxx63-PD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-32650 is a cwe-757 in Anviz CrossChex Standard. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32658 is a missing authorization in Automation Platform. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-3266 is a missing authorization in OpenText™ Filr. This page lists the verified fix and inline mitigations.
CVE-2026-32663 is a vulnerability in eParking.fi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32666: an authentication bypass in WebCTRL Premium Server. Patched version and vendor advisory inside.
CVE-2026-32669 is a code injection in BUFFALO Wi-Fi router products. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-32678: an authentication bypass in BUFFALO Wi-Fi router products. Patched version and vendor advisory inside.
CVE-2026-32679 - Uncontrolled Search Path Element in Downloader5Installer.exe. Runnable patch commands, mitigation, and verification on this
CVE-2026-32680: a vulnerability in RATOC RAID Monitoring Manager for Window. Patched version and vendor advisory inside.
CVE-2026-32687 is a SQL injection in postgrex. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32688 - CWE-770 Allocation of Resources Without Limits or Throttling in plug_cowboy. Runnable patch commands, mitigation, and verif
CVE-2026-32689 allocation of resources without limits or throttling in phoenix. Runnable upgrade commands and verification steps for sysadmi
CVE-2026-32692 is a unauthorized update of out-of-scope vault secrets in Canonical Juju. CVSS 7.6 High. Patch commands, mitigations, and ver
CVE-2026-32693 is a unauthorized access to kubernetes secrets in juju in Canonical Juju. CVSS 8.8 High. Patch commands, mitigations, and ver
CVE-2026-32701 is a vulnerability in qwik. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32706: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in PX4-Autopilot. Patch commands and verific
CVE-2026-32708: Zenoh uORB Subscriber Allows Arbitrary Stack Allocation (PX4/PX4-Autopilot) in PX4-Autopilot. Patch commands and verificatio
CVE-2026-3271 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-32710 is a path traversal in server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32711 is a path traversal in pydicom. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32716 is a scitokens: authorization bypass via incorrect scope path prefix checking in scitokens, fixed by the same patch as CVE-20
CVE-2026-3272 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-32720: Improper Access Control in github.com/ctfer-io/monitoring in monitoring. Patch commands and verification.
CVE-2026-32721: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in luci. Patch commands and ver
CVE-2026-32725 is a scitokens c++: relative path traversal in scitokens-cpp. CVSS 8.3 High. Patch commands, mitigations, and verification.
CVE-2026-32726 is a scitokens c++: sibling-path authorization bypass in scitokens-cpp. CVSS 8.1 High. Patch commands, mitigations, and verif
CVE-2026-32727 is a scitokens: authorization bypass via path traversal in scope validation in scitokens, fixed by the same patch as CVE-2026
CVE-2026-32728: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in parse-server. Patch commands
CVE-2026-32729: CWE-307: Improper Restriction of Excessive Authentication Attempts in runtipi. Patch commands and verification.
CVE-2026-3273 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-32730 is a cwe-287: improper authentication in Apostrophecms apostrophe. CVSS 8.1 High. Patch commands, mitigations, and verificati
CVE-2026-32733 is a path traversal in halloy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32734 is a basercms: multiple vulnerabilities in basercms in Baserproject basercms, fixed by the same patch as CVE-2026-21861.
CVE-2026-32737 is a cwe-284: improper access control in Ctfer-io romeo. CVSS 7.9 High. Patch commands, mitigations, and verification.
CVE-2026-3274 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-32740 is an OS command injection in libheif. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32741 is a path traversal in libheif. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32748 is a vulnerability in squid. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32749 is a cwe-73: external control of file name or path in Siyuan-note siyuan. CVSS 7.6 High. Patch commands, mitigations, and ver
CVE-2026-3275 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-32753: FreeScout: Stored XSS through SVG file upload with filter bypass in freescout. Patch commands and verification.
CVE-2026-32756 is a cwe-434: unrestricted upload of file with dangerous type in admidio. CVSS 8.8 High. Patch commands, mitigations, and ver
CVE-2026-32763: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in kysely. Patch commands and v
CVE-2026-32768 is an access control bypass in chall-manager. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-32769 is an access control bypass in fullchain. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-32771 is a path traversal in monitoring. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32775: CWE-191 Integer Underflow (Wrap or Wraparound) in libexif. Patch commands and verification.
CVE-2026-3278: XSS Vulnerability discovered in OpenText™ ZENworks Service Desk. in ZENworks Service Desk. Patch commands and verification.
CVE-2026-32805: Romeo is vulnerable to Archive Slip due to missing checks in sanitization in romeo. Patch commands and verification.
CVE-2026-32808 is a path traversal in pyload. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32811 is a vulnerability in heimdall. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32813 is a SQL injection in admidio. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32829 is a vulnerability in lz4_flex. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32834 use of hard-coded credentials in easy-paypal-events-tickets. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-32838: Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP in Edimax GS-5008PL. Patch commands and verification.
CVE-2026-32842: Edimax GS-5008PL <= 1.00.54 Admin Credentials Stored in Cleartext in Edimax GS-5008PL. Patch commands and verification.
CVE-2026-32846 is a path traversal in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32857 is a vulnerability in Firecrawl. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32860: Out-of-Bounds Write Vulnerability in NI LabVIEW when loading lvlib file in LabVIEW. Patch commands and verification.
CVE-2026-32861 is a out-of-bounds write vulnerability in ni labview when loading lvclass file in Ni LabVIEW, fixed by the same patch as CVE-
CVE-2026-32862 is a out-of-bounds write in resfilefactory::initresourcemgr() in Ni LabVIEW, fixed by the same patch as CVE-2026-32860.
CVE-2026-32863 is a out-of-bounds read in sentry_transaction_context_set_operation() in Ni LabVIEW, fixed by the same patch as CVE-2026-3286
CVE-2026-32864 is a out-of-bounds read in mgcore_sh_25_3!aligned_free() in Ni LabVIEW, fixed by the same patch as CVE-2026-32860.
CVE-2026-32873 is a path traversal in ewe. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32874 is a vulnerability in ultrajson. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32875 is a vulnerability in ultrajson. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32877 is a path traversal in botan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3288: ingress-nginx rewrite-target nginx configuration injection in ingress-nginx. Patch commands and verification.
CVE-2026-32882 is an out-of-bounds read in libheif. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32886: CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in parse-server. Patch c
CVE-2026-32887 is a vulnerability in effect. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32888 is a SQL injection in opensourcepos. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32894 is a cwe-476: null pointer dereference in chamilo-lms. This page lists verified fix commands and short-term mitigations you c
CVE-2026-3290 is a vulnerability in RS9116 SDK. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32913 is a path traversal in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32914 is an access control bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32915 is an access control bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32918 is an access control bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32920: bundle sibling of CVE-2026-32916. Same patched build closes both.
CVE-2026-32925: Stack-based buffer overflow in V-SFT. Patch commands and verification.
CVE-2026-32926 is a out-of-bounds read in Fuji Electric Co., Ltd. / Hakko Electronics Co., Ltd. V-SFT, fixed by the same patch as CVE-2026-3
CVE-2026-32927 is a out-of-bounds read in Fuji Electric Co., Ltd. / Hakko Electronics Co., Ltd. V-SFT, fixed by the same patch as CVE-2026-3
CVE-2026-32928 is a stack-based buffer overflow in Fuji Electric Co., Ltd. / Hakko Electronics Co., Ltd. V-SFT, fixed by the same patch as C
CVE-2026-32929 is a out-of-bounds read in Fuji Electric Co., Ltd. / Hakko Electronics Co., Ltd. V-SFT, fixed by the same patch as CVE-2026-3
CVE-2026-32930 is a vulnerability in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32931 is an unrestricted file upload in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-32933 is a vulnerability in AutoMapper. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32934 allocation of resources without limits or throttling in coredns. Runnable upgrade commands and verification steps for sysadmi
CVE-2026-32935 is a vulnerability in phpseclib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32936 is a uncontrolled resource consumption in coredns. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-32937 is a vulnerability in chf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32939 is an OS command injection in dataease. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-3294 is an improper input validation in Archer RE650 v1. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-32942 is an use-after-free in pjproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32944: Parse Server crash via deeply nested query condition operators in parse-server. Patch commands and verification.
CVE-2026-32945 is a path traversal in pjproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32949 is a vulnerability in SQLBot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32950 is a SQL injection in SQLBot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32954 is a SQL injection in erpnext. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32955 is a stack buffer overflow in AMC Manager. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32965 is an insecure default initialization in AMC Manager. This page lists verified fix commands and short-term mitigations you ca
CVE-2026-32969 is a SQL injection in MB connect line mbCONNECT24. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-32971 is a user interface (ui) misrepresentation of critical information in OpenClaw, fixed by the same patch as CVE-2026-32916.
CVE-2026-32972 is an access control bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32973 is a path traversal in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32974 is an authentication bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32976: bundle sibling of CVE-2026-32916. Same patched build closes both.
CVE-2026-32978 is an access control bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32979 is a vulnerability in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3298 is an out-of-bounds write in CPython. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32980 is an OS command injection in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-32981: Ray Dashboard <= 2.8.0 Path Traversal Leading to Local File Disclosure in Ray. Patch commands and verification.
CVE-2026-32982 is a openclaw < 2026.3.13 - telegram bot token exposure in media fetch error logs in OpenClaw, fixed by the same patch as CVE
CVE-2026-32989 is a vulnerability in Precurio Intranet Portal. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-32991 is an access control bypass in cPanel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32992 is an authentication bypass in cPanel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32993 is a vulnerability in cPanel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33001 is a security vulnerability in Jenkins Project Jenkins. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-33002 is a security vulnerability in Jenkins Project Jenkins. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-33009 is a vulnerability in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33010 is a code injection in mcp-memory-service. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-33011 is a vulnerability in nest. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33012 is an OS command injection in micronaut-core. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33013 is a denial of service in micronaut-core. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-33018 is an use-after-free in libsixel. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33019 is an out-of-bounds read in libsixel. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33020 is a heap buffer overflow in libsixel. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33021 is an use-after-free in libsixel. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33023 is an use-after-free in libsixel. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33025 is a SQL injection in AVideo-Encoder. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33028 is a vulnerability in nginx-ui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33030 is an OS command injection in nginx-ui. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-33031 is a cwe-284: improper access control in nginx-ui. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-33034: bundle sibling of CVE-2026-3902. Same patched build closes both.
CVE-2026-33036 is an OS command injection in fast-xml-parser. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33037 is an insecure default configuration in AVideo. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-33038 is an authentication bypass in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33039 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3304 is a cwe-459 in expressjs multer. This page lists the verified fix and inline mitigations.
CVE-2026-33040 is a vulnerability in rust-libp2p. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33043 is a code injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33044 is a vulnerability in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33045 is a vulnerability in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33046 is an OS command injection in indico. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33058: Kanboard has Authenticated SQL Injection in Project Permissions Handler in kanboard. Patch commands and verification.
CVE-2026-33062 is an access control bypass in nrf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33063 is a vulnerability in ausf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33064 is an OS command injection in free5gc. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33068 is a vulnerability in claude-code. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33072 is a hard-coded credentials in FileRise. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-33076 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in roxy-wi. Runnable patch commands,
CVE-2026-33077 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in roxy-wi. Runnable patch commands,
CVE-2026-33078 - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in roxy-wi. Runnable patch com
CVE-2026-33079 is a inefficient regular expression complexity in mistune. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-3308 is a cve-2026-3308 in Artifex Software Inc. *pymupdf* MuPDF. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-33080 is a vulnerability in filament. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33082 is a SQL injection in dataease. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33083 is a SQL injection in dataease. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33084 is a SQL injection in dataease. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33088: Improper neutralization of special elements used in an SQL command ('SQL Injection') in Movable Type. Patch commands and ver
CVE-2026-33092 is a cwe-15 in Acronis True Image. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33095 is an use-after-free in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33096 is an out-of-bounds read in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-33098 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-33099 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-33100 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-33101 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-33104 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33110: an unsafe deserialization in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-33111 improper neutralization of special elements used in a command ('command injectio in Copilot Chat (Microsoft Edge). Runnable u
CVE-2026-33112: an unsafe deserialization in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-33114 is a cwe-822: untrusted pointer dereference in Microsoft Office. This page lists verified fix commands and short-term mitigat
CVE-2026-33115 is an use-after-free in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33116 is a cwe-835: loop with unreachable exit condition in .NET 10.0. This page lists verified fix commands and short-term mitigat
CVE-2026-33120 is a cwe-822: untrusted pointer dereference in Microsoft SQL Server 2022 (GDR). This page lists verified fix commands and sho
CVE-2026-33121 is a SQL injection in dataease. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33122 is a SQL injection in dataease. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33124 is an authentication bypass in frigate. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-33125 is an access control bypass in frigate. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-33128 is a vulnerability in h3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33131 is an authentication bypass in h3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33133 is a SQL injection in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33139 is a vulnerability in PySpector. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33142 is a SQL injection in oneuptime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33143 is a vulnerability in oneuptime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33147 is a stack-based buffer overflow in gmt. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-33149 is a vulnerability in recipes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33150 is an use-after-free in libfuse. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33151 is an improper input validation in socket.io. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33153 is a SQL injection in recipes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33154 is a server-side template injection in dynaconf. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-33155 is a vulnerability in deepdiff. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33156 is a vulnerability in ScreenToGif. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33157 is a vulnerability in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33163: Parse Server leaks protected fields via LiveQuery afterEvent trigger in parse-server. Patch commands and verification.
CVE-2026-33164 is a path traversal in libde265. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33166 is a path traversal in allure2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33172 is a vulnerability in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33175: OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims in oauthenticator. Patch commands a
CVE-2026-33180: HAPI FHIR HTTP authentication leak in redirects in org.hl7.fhir.core. Patch commands and verification.
CVE-2026-33183 is a path traversal in saloon. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33184: CWE-191: Integer Underflow (Wrap or Wraparound) in core-rs-albatross. Patch commands and verification.
CVE-2026-33190 incorrect implementation of authentication algorithm in coredns. Runnable upgrade commands and verification steps for sysadmi
CVE-2026-33191: CWE-158: Improper Neutralization of Null Byte or NUL Character in free5gc. Patch commands and verification.
CVE-2026-33192: CWE-209: Generation of Error Message Containing Sensitive Information in free5gc. Patch commands and verification.
CVE-2026-33195 is a path traversal in activestorage. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33203: SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass in siyuan. Patch commands and verification.
CVE-2026-33204: SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering in simplejwt. Patch commands and verification.
CVE-2026-33206 is a path traversal in calibre. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33207 is a SQL injection in dataease. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33208 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in roxy-wi. Runnable pat
CVE-2026-3321 is a vulnerability in ON24 Q&A chat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33210 is a ruby json has a format string injection in Ruby json. CVSS 8.3 High. Patch commands, mitigations, and verification.
CVE-2026-33216 is a path traversal in nats-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33217 is an access control bypass in nats-server. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-33218 is an improper input validation in nats-server. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-33226 is a cwe-918: server-side request forgery (ssrf) in budibase. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-33228 is a flatted: prototype pollution via parse() in Webreflection flatted. CVSS 8.9 High. Patch commands, mitigations, and verif
CVE-2026-33229 is a cwe-862: missing authorization in xwiki-platform. CVSS 8.6 High. Patch commands, mitigations, and verification.
CVE-2026-3323 - CWE-306 Missing Authentication for Critical Function in VEGAPULS 6X Two-wire PROFINET, Modbus TCP, OPC UA (Ethernet-APL). Ru
CVE-2026-33231 is a nltk has unauthenticated remote shutdown in nltk.app.wordnet_app in nltk. CVSS 7.5 High. Patch commands, mitigations, an
CVE-2026-33232 is a vulnerability in AutoGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33233 is an unsafe deserialization in AutoGPT. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-33236: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in nltk. Patch commands and verificat
CVE-2026-3324 is an authentication bypass using an alternate path in ManageEngine Log360. This page lists verified fix commands and short-te
CVE-2026-33241 is an OS command injection in salvo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33242 is a path traversal in salvo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33243 is a barebox: fit signature verification bypass in barebox. CVSS 8.3 High. Patch commands, mitigations, and verification.
CVE-2026-33247 is a vulnerability in nats-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33250 is an improper input validation in freeciv21. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33252 is a vulnerability in go-sdk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33266 is an use of hard-coded cryptographic key in Apache OpenMeetings. This page lists verified fix commands and short-term mitiga
CVE-2026-33276 is a xss in unified search via unescaped host/service names in Checkmk Gmbh Checkmk, fixed by the same patch as CVE-2026-3466
CVE-2026-33277 - Improper neutralization of special elements used in an OS command ('OS Command Injection') in LogonTracer. Runnable patch c
CVE-2026-3328: an unsafe deserialization in Frontend Admin by DynamiApps. Patched version and vendor advisory inside.
CVE-2026-33280 is a vulnerability in BUFFALO Wi-Fi router products. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-33282 is a vulnerability in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33285 is an improper input validation in liquidjs. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-33287 is an improper input validation in liquidjs. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-33288: SuiteCRM has Authenticated SQL Injection in Authentication Module in SuiteCRM. Patch commands and verification.
CVE-2026-33289 is a suitercrm has ldap filter injection in authentication module in SuiteCRM. CVSS 8.8 High. Patch commands, mitigations, an
CVE-2026-33292 is a path traversal in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33293 is a path traversal in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33295 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33298 is a path traversal in llama.cpp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33299: OpenEMR has Stored XSS in patient encounter Eye Exam form answers in openemr. Patch commands and verification.
CVE-2026-33301 is a openemr has arbitrary image file read via pdf generator in openemr. CVSS 7.1 High. Patch commands, mitigations, and veri
CVE-2026-33302 is a openemr: zhaclcheck ignores explicit acl denies in openemr. CVSS 7.3 High. Patch commands, mitigations, and verification
CVE-2026-33307 is a stack-based buffer overflow in mod_gnutls. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-33310 is an OS command injection in intake. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33316 is an access control bypass in vikunja. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-33317 - CWE-125: Out-of-bounds Read in optee_os. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-33318 - CWE-284: Improper Access Control in actual. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-33321: OpenEMR has Out-of-Band Server-Side Request Forgery (OOB SSRF) in openemr. Patch commands and verification.
CVE-2026-33329 is a path traversal in FileRise. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33330 is an access control bypass in FileRise. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-33331 is a vulnerability in orpc. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33337 is a cwe-120: buffer copy without checking size in firebird. This page lists verified fix commands and short-term mitigations
CVE-2026-3334: a SQL injection in CMS Commander – Manage Multiple Sites. Patched version and vendor advisory inside.
CVE-2026-33344 is a path traversal in dagu. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33346: OpenEMR has stored XSS in portal_payment.php via Unescaped table_args in openemr. Patch commands and verification.
CVE-2026-33348 is a vulnerability in openemr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33350 is a loris has a sql injection in mri feedback popup in Aces Loris. CVSS 7.5 High. Patch commands, mitigations, and verificat
CVE-2026-33353 is an information disclosure in soft-serve. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-33354 is an arbitrary file read in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33356 authorization bypass through user-controlled key in IoT Cloud MQTT Broker EMQX. Runnable upgrade commands and verification st
CVE-2026-33357 is a missing authorization in com.meari.sdk. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-33359 is a missing authorization in Alibaba OSS Hosted. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-3336 is a improper certificate validation in AWS AWS-LC. This page lists the verified fix and inline mitigations.
CVE-2026-33361 is a inadequate encryption strength in com.meari.sdk. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-33362 is a use of hard-coded cryptographic key in com.meari.sdk. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-33376 is a vulnerability in Grafana OSS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33377 is a vulnerability in Grafana OSS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3338 is a cwe-347 (improper verification of cryptographic signature) in AWS AWS-LC. This page lists the verified fix and inline mit
CVE-2026-33392 is a cwe-1336 in YouTrack. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33399 is a vulnerability in Wallos. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33401 is a vulnerability in Wallos. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33407 is a vulnerability in Wallos. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33409 is an authentication bypass in parse-server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-33413 is a vulnerability in etcd. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33416 is an use-after-free in libpng. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33418 is a vulnerability in dicebear. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3342 is a out-of-bounds write in WatchGuard Fireware OS. This page lists the verified fix and inline mitigations.
CVE-2026-33421 is an access control bypass in parse-server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-33430 is an arbitrary file read in briefcase. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-33432 is an authentication bypass in roxy-wi. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33435 is a cwe-23: relative path traversal in weblate. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-33442 is a SQL injection in kysely. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33451 - Arbitrary read/write vulnerability in Secure Access. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-33461 is a incorrect authorization in kibana fleet leading to information disclosure in Elastic Kibana, fixed by the same patch as
CVE-2026-33466: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Logstash. Patch commands and verification.
CVE-2026-33468 is a SQL injection in kysely. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33476: SiYuan has an Unauthenticated Arbitrary File Read via Path Traversal in siyuan. Patch commands and verification.
CVE-2026-33479 is a code injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33480 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33482 is an OS command injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33483 is an OS command injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33484 is an access control bypass in langflow. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-33485 is a SQL injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33487 is an authentication bypass in goxmldsig. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-33488 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33489 is a incorrect authorization in coredns. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-33491 is a stack-based buffer overflow in zenc. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-33492 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33493 is a path traversal in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33496 is a vulnerability in oathkeeper. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33497 is a path traversal in langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33498 is a vulnerability in parse-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33503 is a SQL injection in kratos. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33504 is a SQL injection in hydra. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33505 is a SQL injection in keto. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33506 is a vulnerability in polis. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33507 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33508 is a vulnerability in parse-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33509 is a vulnerability in pyload. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33510 is a dom-based xss in homarr /auth/login redirect in Homarr-labs homarr. CVSS 8.8 High. Patch commands, mitigations, and veri
CVE-2026-33511 is a vulnerability in pyload. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33512 is an authentication bypass in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33513 is a path traversal in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33516 is an out-of-bounds read in xrdp. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33517 is a vulnerability in mantisbt. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3352 is a code injection in shahadul878 Easy PHP Settings. This page lists the verified fix and inline mitigations.
CVE-2026-33524 - CWE-789: Memory Allocation with Excessive Size Value in zserio. Runnable patch commands, mitigation, and verification on th
CVE-2026-33530 is an information disclosure in InvenTree. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-33533: CWE-942: Permissive Cross-domain Policy with Untrusted Domains in glances. Patch commands and verification.
CVE-2026-33538 is a vulnerability in parse-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33539 is a SQL injection in parse-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33540 is a cwe-918: server-side request forgery (ssrf) in distribution. CVSS 7.5 High. Patch commands, mitigations, and verificatio
CVE-2026-33544: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in tinyauth. Patch comm
CVE-2026-33548 is a vulnerability in mantisbt. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3357: IBM Langflow Desktop FAISS Vector Store Remote Code Execution via malicious Pickle file in Langflow Desktop. Patch commands a
CVE-2026-33573 is a vulnerability in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33575 is a path traversal in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33577 is a openclaw < 2026.3.28 - insufficient scope validation in node.pair.approve in OpenClaw, fixed by the same patch as CVE-20
CVE-2026-33581 is a openclaw < 2026.3.24 - arbitrary file read via mediaurl and fileurl parameters in OpenClaw, fixed by the same patch as C
CVE-2026-33583: a vulnerability in Symmetric Key Agreement Platform. Patched version and vendor advisory inside.
CVE-2026-33588 is a improper input validation in Open Notebook. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-33589 is a improper input validation in Open Notebook. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-3359 improper neutralization of special elements used in an sql command ('sql injecti in Form Maker by 10Web – Mobile-Friendly Drag
CVE-2026-33593 - Divide By Zero in DNSdist. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3360 is a missing authorization in Tutor LMS – eLearning and online course solution. This page lists verified fix commands and shor
CVE-2026-33608 - Improper Control of Generation of Code ('Code Injection') in Authoritative. Runnable patch commands, mitigation, and verifi
CVE-2026-33613: MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray in mbCONNECT24. Patch commands and verification.
CVE-2026-33614: bundle sibling of CVE-2026-33613. Same patched build closes both.
CVE-2026-33616: bundle sibling of CVE-2026-33613. Same patched build closes both.
CVE-2026-33618 is a cwe-95: improper neutralization of directives in in chamilo-lms. This page lists verified fix commands and short-term mi
CVE-2026-33626 is a server-side request forgery in lmdeploy. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-33627 is an information disclosure in parse-server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33631 is a vulnerability in clearancekit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33632 is a vulnerability in clearancekit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33633 is a path traversal in kitty. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33636 is a path traversal in libpng. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33641: Glances Vulnerable to Command Injection via Dynamic Configuration Values in glances. Patch commands and verification.
CVE-2026-33645 is a path traversal in fireshare. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33647 is an unrestricted file upload in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-33648 is an OS command injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33649 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33650 is an access control bypass in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33651 is a SQL injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33654 is a code injection in nanobot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33661 is an authentication bypass in pay. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33662 - CWE-190: Integer Overflow or Wraparound in optee_os. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-33663 is a vulnerability in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33664 is a vulnerability in kestra. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33665 is an authentication bypass in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33666 - CWE-190: Integer Overflow or Wraparound in zserio. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-33667 is a vulnerability in openproject. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33668 is an access control bypass in vikunja. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-33671 is a vulnerability in picomatch. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33673 is a vulnerability in PrestaShop. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33678 is a vulnerability in vikunja. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3368: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Injection Guard. Patch command
CVE-2026-33680 is an access control bypass in vikunja. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-33681 is a path traversal in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33686 is a path traversal in sharp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33687 is an unrestricted file upload in sharp. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-33689 is an out-of-bounds read in xrdp. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33694 - CWE-59 Improper link resolution before file access ('link following') in Tenable Nessus, Tenable Nessus Agent. Runnable pat
CVE-2026-33697 is a path traversal in cocos. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33702 is a vulnerability in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33703 is a vulnerability in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33704 is an unrestricted file upload in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-33706 is an improper privilege management in chamilo-lms. This page lists verified fix commands and short-term mitigations you can
CVE-2026-33710 is a cwe-330: use of insufficiently random values in chamilo-lms. This page lists verified fix commands and short-term mitiga
CVE-2026-33713 is a SQL injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33714 is a SQL injection in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33715 is a missing authentication in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-33717 is an unrestricted file upload in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-33718 is an OS command injection in OpenHands. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-33719 is an authentication bypass in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33722 is an access control bypass in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33723 is a SQL injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33725 is an unsafe deserialization in metabase. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-33733 - CWE-23: Relative Path Traversal in espocrm. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-33735 is an access control bypass in MyTube. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33744 is a code injection in BentoML. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33745 is an information disclosure in cpp-httplib. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-33747 is a path traversal in buildkit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33748 is a path traversal in buildkit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33752 is a cwe-918: server-side request forgery (ssrf) in Lexiforest curl_cffi. CVSS 8.6 High. Patch commands, mitigations, and ver
CVE-2026-33755 is a SQL injection in groupoffice. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33756: Saleor Affected by Denial of Service via Unbounded GraphQL Query Batching in saleor. Patch commands and verification.
CVE-2026-3376 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-33765 is an OS command injection in web. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33767 is a SQL injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3377 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-33770 is a SQL injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33771 is a weak password requirements in CTP OS. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-33778 is a validation of syntactic correctness of input in Junos OS. This page lists verified fix commands and short-term mitigatio
CVE-2026-3378 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-33785 is a missing authorization in Junos OS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33788 is a missing authentication in Junos OS Evolved. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-3379 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-33790 is a check for unusual or exceptional conditions in Junos OS. This page lists verified fix commands and short-term mitigation
CVE-2026-33793 is a cwe-250: execution with unnecessary privileges in Junos OS. This page lists verified fix commands and short-term mitigat
CVE-2026-33797 is an improper input validation in Junos OS. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-3380 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-33804 is a cwe-436: interpretation conflict in @fastify/middie. This page lists verified fix commands and short-term mitigations yo
CVE-2026-33806 is a cwe-1287: improper validation of specified type in fastify. This page lists verified fix commands and short-term mitigat
CVE-2026-33810: bundle sibling of CVE-2026-32280. Same patched build closes both.
CVE-2026-33811 is a double free in net. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-33813 - CWE-190: Integer Overflow or Wraparound in golang.org/x/image/webp. Runnable patch commands, mitigation, and verification o
CVE-2026-33814 loop with unreachable exit condition ('infinite loop') in golang.org/x/net/http2. Runnable upgrade commands and verification
CVE-2026-33821 is a local privilege escalation in Dynamics 365. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-33826 is an improper input validation in Microsoft Windows Server. This page lists verified fix commands and short-term mitigations
CVE-2026-33827 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33833 is a vulnerability in Azure Machine Learning. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33834: an access control bypass in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-33835 is an use-after-free in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-33837 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-33838 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33839 is a race condition in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-33840 is an use-after-free in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-33841 is a path traversal in Windows 10 Version 21H2. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-33845 - Integer Underflow (Wrap or Wraparound) in the affected product. Runnable patch commands, mitigation, and verification on th
CVE-2026-33846 improper handling of length parameter inconsistency in Red Hat Hardened Images. Runnable upgrade commands and verification st
CVE-2026-33847 is a memory corruption in rapidvms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33848 is a memory corruption in rapidvms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33849 is a memory corruption in rapidvms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33850 is an OS command injection in DualSenseY-v2. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-33851 is a memory corruption in doslib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33852 is a vulnerability in Android-ImageMagick7. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-33854 is an OS command injection in Android-ImageMagick7. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-33856 is a vulnerability in Android-ImageMagick7. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-33858 is a deserialization of untrusted data in Apache Airflow. This page lists verified fix commands and short-term mitigations yo
CVE-2026-33862 is a cross-site scripting (XSS) in Teamcenter V2312. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-33870 is a vulnerability in netty. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33871 is an OS command injection in netty. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33872 is a vulnerability in elixir-nodejs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33874 is an OS command injection in app-Authenticator. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-33881 is a code injection in windmill. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33890 is an access control bypass in MyTube. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33891 is a denial of service in forge. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33892 is a cwe-305: authentication bypass by primary weakness in Industrial Edge Management Pro V1. This page lists verified fix co
CVE-2026-33893 is a cross-site scripting (XSS) in Teamcenter V2312. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-33894 is an authentication bypass in forge. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33895 is an authentication bypass in forge. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33896 is a code injection in forge. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33898 is an authentication bypass in incus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33901 is a heap buffer overflow in ImageMagick. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33906 is a vulnerability in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33908 is a cwe-674: uncontrolled recursion in ImageMagick. This page lists verified fix commands and short-term mitigations you can
CVE-2026-33910 is a SQL injection in openemr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33913 is a XML external entity (XXE) in openemr. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-33914 is a SQL injection in openemr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33917 is a SQL injection in openemr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33918 is a vulnerability in openemr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33932 is a vulnerability in openemr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33935 is a vulnerability in MyTube. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33938 is a code injection in handlebars.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33939 is a denial of service in handlebars.js. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-33940 is a code injection in handlebars.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33941 is a vulnerability in handlebars.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33942 is an unsafe deserialization in saloon. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-33943 is a code injection in happy-dom. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33946 is a vulnerability in ruby-sdk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33949: @tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files in tinacms. Patch commands and verification.
CVE-2026-33953 is a vulnerability in LinkAce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33955 is a vulnerability in Notesnook Web/Desktop. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-3396: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in WCAPF – Ajax Product Filter for WooCo
CVE-2026-33975 is a server-side request forgery (ssrf) in twenty. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-33979 is a vulnerability in express-xss-sanitizer. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-3398 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-33980 is a code injection in adx-mcp-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33981 is an information disclosure in changedetection.io. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-33982 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33984 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33986 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33987 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33989 is a path traversal in mobile-mcp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3399 is a buffer overflow in Tenda F453. This page lists the verified fix and inline mitigations.
CVE-2026-33991 is a SQL injection in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33999 - Integer Underflow (Wrap or Wraparound) in Red Hat Enterprise Linux 10. Runnable patch commands, mitigation, and verificatio
CVE-2026-3400 is a stack buffer overflow in Tenda AC15. This page lists the verified fix and inline mitigations.
CVE-2026-34001 - Expired Pointer Dereference in Red Hat Enterprise Linux 10. Runnable patch commands, mitigation, and verification on this p
CVE-2026-34003 - Out-of-bounds Read in Red Hat Enterprise Linux 10. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-34005 is an OS command injection in DVR/NVR devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34020 is an use of get request method with in Apache OpenMeetings. This page lists verified fix commands and short-term mitigations
CVE-2026-34040 is a moby: authz plugin bypass with oversized request body in moby. CVSS 8.8 High. Patch commands, mitigations, and verificat
CVE-2026-34041: act: Unrestricted set-env and add-path command processing enables environment injection in act. Patch commands and verificat
CVE-2026-34042 is a act: actions/cache server allows malicious cache injection in Nektos act. CVSS 8.2 High. Patch commands, mitigations, an
CVE-2026-34045 is a podman desktop webview server exposed in podman-desktop. CVSS 8.2 High. Patch commands, mitigations, and verification.
CVE-2026-34046 is a vulnerability in langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34053 is a vulnerability in openemr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34054 is a cwe-427: uncontrolled search path element in Microsoft vcpkg. CVSS 7.8 High. Patch commands, mitigations, and verificati
CVE-2026-34055 is a vulnerability in openemr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34056 is an access control bypass in openemr. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-34059 is a buffer over-read in Apache HTTP Server. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-34060: Ruby LSP has arbitrary code execution through branch setting in ruby-lsp. Patch commands and verification.
CVE-2026-34063 - CWE-617: Reachable Assertion in network-libp2p. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-34065 - CWE-252: Unchecked Return Value in nimiq-primitives. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-34070: LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions in langchain. Patch commands and verifica
CVE-2026-34072 is a cwe-287: improper authentication in Fccview cronmaster. CVSS 8.3 High. Patch commands, mitigations, and verification.
CVE-2026-34076 is a cwe-918: server-side request forgery (ssrf) in Clerk javascript. CVSS 7.4 High. Patch commands, mitigations, and verific
CVE-2026-34079: Flatpak affected by arbitrary file deletion on the host filesystem in flatpak. Patch commands and verification.
CVE-2026-34118 is a heap-based buffer overflow in Tp-link Systems Inc. Tapo C520WS v2.6. CVSS 7.1 High. Patch commands, mitigations, and ver
CVE-2026-34119 is a heap-based buffer overflow in Tp-link Systems Inc. Tapo C520WS v2.6, fixed by the same patch as CVE-2026-34118.
CVE-2026-34120 is a heap-based buffer overflow in Tp-link Systems Inc. Tapo C520WS v2.6, fixed by the same patch as CVE-2026-34118.
CVE-2026-34121 is a improper authentication in Tp-link Systems Inc. Tapo C520WS v2.6, fixed by the same patch as CVE-2026-34118.
CVE-2026-34122: bundle sibling of CVE-2026-34118. Same patched build closes both.
CVE-2026-34124: bundle sibling of CVE-2026-34118. Same patched build closes both.
CVE-2026-34148 is a cwe-400: uncontrolled resource consumption in @fedify fedify. CVSS 7.5 High. Patch commands, mitigations, and verificati
CVE-2026-34155 is a rauc: improper signing of plain bundles exceeding 2 gib in rauc. CVSS 7.2 High. Patch commands, mitigations, and verific
CVE-2026-34160 is a missing authentication in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-34163: Server-Side Request Forgery via MCP Tools Endpoint in FastGPT in FastGPT. Patch commands and verification.
CVE-2026-34172: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in giskard-oss. Patch commands and verificat
CVE-2026-34176 is an OS command injection in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34184 is a missing authorization in Control System. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-34185 is a SQL injection in Control System. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34186 is a SQL injection in Pandora FMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34187 is a SQL injection in Pandora FMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34188 is an OS command injection in Pandora FMS. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-34200: Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port in nhost. Patch commands and verificat
CVE-2026-34204: MinIO is Vulnerable to SSE Metadata Injection via Replication Headers in minio. Patch commands and verification.
CVE-2026-34207 is an improper input validation in typebot.io. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34209 is a cwe-294: authentication bypass by capture-replay in Wevm mppx. CVSS 7.5 High. Patch commands, mitigations, and verificat
CVE-2026-34214: Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON in trino. Patch commands and verific
CVE-2026-34215: Parse Server: Auth data exposed via verify password endpoint in parse-server. Patch commands and verification.
CVE-2026-34219: libp2p-gossipsub: Gossipsub PRUNE Backoff Heartbeat Instant Overflow in rust-libp2p. Patch commands and verification.
CVE-2026-34221 is a mikroorm has prototype pollution in utils.merge in mikro-orm. CVSS 8.3 High. Patch commands, mitigations, and verificati
CVE-2026-34222 is a open webui has broken access control in tool valves in open-webui. CVSS 7.7 High. Patch commands, mitigations, and verif
CVE-2026-34226 is a vulnerability in happy-dom. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34228 is a cwe-352: cross-site request forgery (csrf) in emlog. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-34232 is a vulnerability in firebird. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34236 is a auth0 php sdk insufficient entropy in cookie encryption in auth0-PHP. CVSS 8.2 High. Patch commands, mitigations, and ve
CVE-2026-34240: jose vulnerable to untrusted JWK header key acceptance during signature verification in jose. Patch commands and verificatio
CVE-2026-34241 is a cross-site scripting (XSS) in panel. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-34242 is a path traversal in weblate. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3425 is a vulnerability in RTMKit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34256 is a missing authorization in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise). This page lists verified fix commands
CVE-2026-34259: an OS command injection in SAP Forecasting & Replenishment. Patched version and vendor advisory inside.
CVE-2026-34282 - Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise O
CVE-2026-34290 - Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity
CVE-2026-34291 - Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP S
CVE-2026-34292 - Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic
CVE-2026-34297 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM Comm
CVE-2026-34305 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic
CVE-2026-34309 - Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enter
CVE-2026-34310 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financia
CVE-2026-34320 is an improper authorization in Oracle Financial Services Customer Screening. This page lists verified fix commands and short
CVE-2026-34327 externally controlled reference to a resource in another sphere in Microsoft Partner Center. Runnable upgrade commands and ve
CVE-2026-34329 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-34330 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34331 is a race condition in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-34332 is an use-after-free in Windows Server 2025. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-34333 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-34334 is a race condition in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-34336 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-34337 is an use-after-free in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-34338 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-34340 is an use-after-free in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-34341 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34342 is a race condition in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-34343 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-34344 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34345 is a race condition in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-34347 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-34351 is a race condition in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-34352 is an arbitrary file read in TigerVNC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34354 time-of-check time-of-use (toctou) race condition in Guardicore Platform Agent. Runnable upgrade commands and verification st
CVE-2026-34358 is an access control bypass in panel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34359 is a cwe-346: origin validation error in Hapifhir org.hl7.fhir.core. CVSS 7.4 High. Patch commands, mitigations, and verifica
CVE-2026-34363: bundle sibling of CVE-2026-34215. Same patched build closes both.
CVE-2026-34365: InvoiceShelf: SSRF in Estimate PDF Rendering via Unsanitised HTML in Notes Field in InvoiceShelf. Patch commands and verific
CVE-2026-34366: bundle sibling of CVE-2026-34365. Same patched build closes both.
CVE-2026-34367: bundle sibling of CVE-2026-34365. Same patched build closes both.
CVE-2026-34375 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34376: PdfDing: Password-protected share bypass via direct serve endpoint in PdfDing. Patch commands and verification.
CVE-2026-34377: Zebra has a Consensus Failure due to Improper Verification of V5 Transactions in zebra. Patch commands and verification.
CVE-2026-34379 is a cwe-704: incorrect type conversion or cast in Academysoftwarefoundation openexr, fixed by the same patch as CVE-2026-343
CVE-2026-34381: Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess in admidio. Patch commands and verifi
CVE-2026-34392 is a loris has a path traversal in static router in Aces Loris, fixed by the same patch as CVE-2026-33350.
CVE-2026-34393 is an improper privilege management in weblate. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-34394: AVideo: CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking in AVideo. Patch commands and verification.
CVE-2026-34413 - CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere in xerteonlinetoolkits. Runnable patch c
CVE-2026-34414 - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in xerteonlinetoolkits. Runnable patc
CVE-2026-34427 is a vulnerability in Vvveb. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34428 is a server-side request forgery in Vvveb. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-34430: ByteDance DeerFlow LocalSandboxProvider Host Bash Escape in DeerFlow. Patch commands and verification.
CVE-2026-34444 is a cwe-284: improper access control in Scoder lupa. CVSS 7.9 High. Patch commands, mitigations, and verification.
CVE-2026-34445: bundle sibling of CVE-2026-27489. Same patched build closes both.
CVE-2026-3445: Missing Authorization in Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Conte
CVE-2026-34453 is a cwe-863: incorrect authorization in Siyuan-note siyuan, fixed by the same patch as CVE-2026-34448.
CVE-2026-34455: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Hi.Events. Patch commands an
CVE-2026-34459 is a stack-based buffer overflow in Sandboxie. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-34461 is a stack-based buffer overflow in Sandboxie. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-34462 is a stack-based buffer overflow in Sandboxie. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-34463 is a cross-site scripting (XSS) in mantisbt. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-34464 is a stack-based buffer overflow in Sandboxie. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-34473 uncontrolled resource consumption in the affected product. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-34474 exposure of sensitive information to an unauthorized actor in the affected product. Runnable upgrade commands and verificatio
CVE-2026-34476 is a server-side request forgery in Apache SkyWalking MCP. This page lists verified fix commands and short-term mitigations y
CVE-2026-34483 is an encoding or escaping of output in Apache Tomcat. This page lists verified fix commands and short-term mitigations you c
CVE-2026-34486 is a missing encryption of sensitive data in Apache Tomcat. This page lists verified fix commands and short-term mitigations
CVE-2026-34487 is an insertion of sensitive information into log in Apache Tomcat. This page lists verified fix commands and short-term miti
CVE-2026-34488 - Uncontrolled Search Path Element in IP Setting Software. Runnable patch commands, mitigation, and verification on this page
CVE-2026-34503 is a insufficient session expiration in OpenClaw, fixed by the same patch as CVE-2026-32916.
CVE-2026-34512 is an incorrect authorization in OpenClaw. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-3452 is a unsafe deserialization in Concrete CMS Concrete CMS. This page lists the verified fix and inline mitigations.
CVE-2026-34522: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in SillyTavern. Patch commands and ve
CVE-2026-34524: bundle sibling of CVE-2026-34522. Same patched build closes both.
CVE-2026-34528 is a cwe-269: improper privilege management in filebrowser. CVSS 8.1 High. Patch commands, mitigations, and verification.
CVE-2026-34529: bundle sibling of CVE-2026-34528. Same patched build closes both.
CVE-2026-3453: CWE-639 Authorization Bypass Through User-Controlled Key in Paid Membership Plugin, Ecommerce, User Registration Form, Login
CVE-2026-34543 is a cwe-908: use of uninitialized resource in Academysoftwarefoundation openexr, fixed by the same patch as CVE-2026-34378.
CVE-2026-34544: bundle sibling of CVE-2026-34378. Same patched build closes both.
CVE-2026-34545 is a openexr: integer overflow lead to oob in htj2k decoder in Academysoftwarefoundation openexr, fixed by the same patch as
CVE-2026-3456 improper neutralization of special elements used in an sql command ('sql injecti in GeekyBot, AI Copilot, Chatbot, WooCommerce
CVE-2026-3457 is a vulnerability in Sentinel LDK Runtime. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-34570 is a cwe-284: improper access control in Ci4-cms-erp ci4ms, fixed by the same patch as CVE-2026-34559.
CVE-2026-34572 is a cwe-284: improper access control in Ci4-cms-erp ci4ms, fixed by the same patch as CVE-2026-34559.
CVE-2026-34573: bundle sibling of CVE-2026-34215. Same patched build closes both.
CVE-2026-34576 is a cwe-918: server-side request forgery (ssrf) in Gitroomhq postiz-app. CVSS 8.3 High. Patch commands, mitigations, and ver
CVE-2026-34577 is a cwe-918: server-side request forgery (ssrf) in Gitroomhq postiz-app, fixed by the same patch as CVE-2026-34576.
CVE-2026-34578 is a vulnerability in core. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34581 is a goshs has auth bypass via share token in Patrickhener goshs. CVSS 8.1 High. Patch commands, mitigations, and verificatio
CVE-2026-34582 is a botan has a tls 1.3 certificate authentication bypass in Randombit botan. CVSS 8.7 High. Patch commands, mitigations, an
CVE-2026-34585: bundle sibling of CVE-2026-34448. Same patched build closes both.
CVE-2026-34587 - CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in kirby. Runnable patch commands, mitigati
CVE-2026-34588: bundle sibling of CVE-2026-34378. Same patched build closes both.
CVE-2026-34589 is a openexr: dwa lossy decoder heap out-of-bounds write in Academysoftwarefoundation openexr, fixed by the same patch as CVE
CVE-2026-3459 is a unrestricted file upload in glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7. This page lists the verifi
CVE-2026-34591: Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write in poetry. Patch commands and verification.
CVE-2026-34593 is a cwe-400: uncontrolled resource consumption in Ash-project ash. CVSS 8.2 High. Patch commands, mitigations, and verificat
CVE-2026-34598 is a yeswiki has persistant blind xss at "/?bazar&vue=consulter" in yeswiki. CVSS 7.1 High. Patch commands, mitigations, and
CVE-2026-34601 is a cwe-91: xml injection (aka blind xpath injection) in xmldom. CVSS 7.5 High. Patch commands, mitigations, and verificatio
CVE-2026-34602 is a vulnerability in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34603: bundle sibling of CVE-2026-33949. Same patched build closes both.
CVE-2026-34604: bundle sibling of CVE-2026-33949. Same patched build closes both.
CVE-2026-34605: bundle sibling of CVE-2026-34448. Same patched build closes both.
CVE-2026-34607 is a emlog: path traversal in emunzip() allows arbitrary file write leading to rce in emlog, fixed by the same patch as CVE-2
CVE-2026-34617 is a cross-site scripting in Adobe Connect. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-34618 is an out-of-bounds write in Illustrator. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34619 is a path traversal in ColdFusion. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34622 is a vulnerability in Acrobat Reader. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34627 is a heap buffer overflow in InDesign Desktop. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-34628 is a heap buffer overflow in InDesign Desktop. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-34629 is a heap buffer overflow in InDesign Desktop. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-34630 is a heap buffer overflow in Bridge. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34631 is an out-of-bounds write in InCopy. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34632 is an uncontrolled search path element in Adobe Photoshop Installer. This page lists verified fix commands and short-term mit
CVE-2026-34636 is an OS command injection in Premiere Pro. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-34637 is an OS command injection in Premiere Pro. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-34638 is an use-after-free in Premiere Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34639 is an OS command injection in Media Encoder. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-3464 is a path traversal in WP Customer Area. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34640 is a vulnerability in Media Encoder. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34642 is a path traversal in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34643 is an OS command injection in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-34644 is a vulnerability in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34645 is an access control bypass in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34646 is an access control bypass in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34647: a server-side request forgery (SSRF) in Adobe Commerce. Patched version and vendor advisory inside.
CVE-2026-34648 is a vulnerability in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34649 is a vulnerability in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34650 is a vulnerability in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34651 is a vulnerability in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34652 is a code injection in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34653 is a path traversal in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3466 is a cross-site scripting in dashlet title in Checkmk Gmbh Checkmk. CVSS 8.5 High. Patch commands, mitigations, and verificati
CVE-2026-34661 is an OS command injection in Illustrator. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-34665 is a vulnerability in CAI Content Credentials. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34675 is an OS command injection in Substance3D - Painter. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-34676 is an OS command injection in Substance3D - Painter. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-34681 is an OS command injection in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-34682 is an OS command injection in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-34683 is an OS command injection in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-34684 is an OS command injection in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-34686 is a cross-site scripting (XSS) in Adobe Commerce. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-34687 is a path traversal in Illustrator. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34690 is a stack-based buffer overflow in After Effects. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-34719 is a zammad has a server-side request forgery (ssrf) via webhooks in zammad, fixed by the same patch as CVE-2026-34248.
CVE-2026-34723 is a zammad has incorrect access control in getting_started_controller in zammad, fixed by the same patch as CVE-2026-34248.
CVE-2026-34724 is a zammad has a server-side template injection leading to rce via ai agent in zammad, fixed by the same patch as CVE-2026-3
CVE-2026-34725: CWE-94: Improper Control of Generation of Code ('Code Injection') in dbgate. Patch commands and verification.
CVE-2026-34727 is an authentication bypass in vikunja. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34728: bundle sibling of CVE-2026-32629. Same patched build closes both.
CVE-2026-34731: bundle sibling of CVE-2026-34394. Same patched build closes both.
CVE-2026-34734 is an use-after-free in hdf5. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34735: CWE-434: Unrestricted Upload of File with Dangerous Type in wiki. Patch commands and verification.
CVE-2026-34742: CWE-1188: Insecure Default Initialization of Resource in go-sdk. Patch commands and verification.
CVE-2026-34746: Payload has Authenticated SSRF via Upload Functionality in payload. Patch commands and verification.
CVE-2026-34747 is a payload has an sql injection via query handling in Payloadcms payload, fixed by the same patch as CVE-2026-34746.
CVE-2026-34748 is a @payloadcms/next has stored xss in admin panel in Payloadcms payload, fixed by the same patch as CVE-2026-34746.
CVE-2026-34752 is a haraka affected by dos via `__proto__` email header in Haraka. CVSS 8.7 High. Patch commands, mitigations, and verificat
CVE-2026-3476: CWE-94 Improper Control of Generation of Code ('Code Injection') in SOLIDWORKS Desktop. Patch commands and verification.
CVE-2026-34769: bundle sibling of CVE-2026-34764. Same patched build closes both.
CVE-2026-34770 is a electron: use-after-free in powermonitor on windows and macos in electron, fixed by the same patch as CVE-2026-34764.
CVE-2026-34771 is a cwe-416: use after free in electron, fixed by the same patch as CVE-2026-34764.
CVE-2026-34774 is a electron: use-after-free in offscreen child window paint callback in electron, fixed by the same patch as CVE-2026-34764
CVE-2026-3478 is a vulnerability in Content Syndication Toolkit. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-34780 is a electron: context isolation bypass via contextbridge videoframe transfer in electron, fixed by the same patch as CVE-202
CVE-2026-34783: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ferret. Patch commands and verific
CVE-2026-34784: bundle sibling of CVE-2026-34215. Same patched build closes both.
CVE-2026-34785 is a rack: local file inclusion in `rack::static` via url prefix matching in rack, fixed by the same patch as CVE-2026-26961.
CVE-2026-34790: Endian Firewall /cgi-bin/backup.cgi remove ARCHIVE Directory Traversal in Endian Firewall. Patch commands and verification.
CVE-2026-34791 is a endian firewall /cgi-bin/logs_proxy.cgi date perl command injection in Endian Firewall, fixed by the same patch as CVE-2
CVE-2026-34792 is a endian firewall /cgi-bin/logs_clamav.cgi date perl command injection in Endian Firewall, fixed by the same patch as CVE-
CVE-2026-34793 is a endian firewall /cgi-bin/logs_firewall.cgi date perl command injection in Endian Firewall, fixed by the same patch as CV
CVE-2026-34794 is a endian firewall /cgi-bin/logs_ids.cgi date perl command injection in Endian Firewall, fixed by the same patch as CVE-202
CVE-2026-34795 is a endian firewall /cgi-bin/logs_log.cgi date perl command injection in Endian Firewall, fixed by the same patch as CVE-202
CVE-2026-34796 is a endian firewall /cgi-bin/logs_openvpn.cgi date perl command injection in Endian Firewall, fixed by the same patch as CVE
CVE-2026-34797 is a endian firewall /cgi-bin/logs_smtp.cgi date perl command injection in Endian Firewall, fixed by the same patch as CVE-20
CVE-2026-34824: Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service in mesop. Patch commands and verification.
CVE-2026-34825: NocoBase Has SQL Injection via template variable substitution in workflow SQL node in nocobase. Patch commands and verificat
CVE-2026-34827 is a rack: algorithmic-complexity dos in rack::multipart::parser in rack, fixed by the same patch as CVE-2026-26961.
CVE-2026-34828: listmonk: Active sessions remain valid after password reset and password change in listmonk. Patch commands and verification
CVE-2026-34829 is a rack: denial of service via unbounded multipart file upload without content-length in rack, fixed by the same patch as C
CVE-2026-3483: CWE-749 Exposed dangerous method or function in Desktop and Server Management. Patch commands and verification.
CVE-2026-34833: Bulwark Webmail: Information Exposure: password returned in /api/auth/session in webmail. Patch commands and verification.
CVE-2026-34834 is a cwe-287: improper authentication in Bulwarkmail webmail, fixed by the same patch as CVE-2026-34833.
CVE-2026-34839 is an information disclosure in glances. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34840: bundle sibling of CVE-2026-34758. Same patched build closes both.
CVE-2026-34853 is a privilege context switching error in EMUI. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-34856 is a race condition in HarmonyOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34874 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-34876 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-34885: WordPress Media LIbrary Assistant plugin <= 3.34 - SQL Injection in Media LIbrary Assistant. Patch commands and verification
CVE-2026-3489 is a SQL injection in DirectoryPress – Business Directory And Classified Ad Listing. This page lists verified fix commands and
CVE-2026-34896: Cross-Site Request Forgery (CSRF) in Under Construction, Coming Soon & Maintenance Mode. Patch commands and verification.
CVE-2026-34904: Cross-Site Request Forgery (CSRF) in Simple Social Media Share Buttons. Patch commands and verification.
CVE-2026-34911 is a path traversal in UniFi OS Server. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-34927 is a vulnerability in TrendAI Apex One. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-34928 is a vulnerability in TrendAI Apex One. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-34929 is a vulnerability in TrendAI Apex One. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-34930 is a vulnerability in TrendAI Apex One. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-34931 is a hoppscotch: improper loopback redirect_uri validation in device-login flow in hoppscotch, fixed by the same patch as CVE
CVE-2026-34932 is a hoppscotch: stored xss via mock server responses on backend origin in hoppscotch, fixed by the same patch as CVE-2026-34
CVE-2026-34936: bundle sibling of CVE-2026-34934. Same patched build closes both.
CVE-2026-34937: bundle sibling of CVE-2026-34934. Same patched build closes both.
CVE-2026-34940: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in kubeai. Patch commands
CVE-2026-34954 is a praisonai: ssrf in filetools.download_file() via unvalidated url in Mervinpraison PraisonAI, fixed by the same patch as
CVE-2026-34955: bundle sibling of CVE-2026-34934. Same patched build closes both.
CVE-2026-3496: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in JetBooking. Patch commands and
CVE-2026-34963 is a integer overflow or wraparound in barebox. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-34965 - CWE-94: Improper Control of Generation of Code ('Code Injection') in Cockpit CMS. Runnable patch commands, mitigation, and
CVE-2026-34975: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') in plunk. Patch commands and verification.
CVE-2026-34982 is a vim modeline bypass via various options affects vim < 9.2.0276 in vim. CVSS 8.2 High. Patch commands, mitigations, and v
CVE-2026-34984 is an information disclosure in external-secrets. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-34986 is a go jose affect by a panic in jwe decryption in go-jose. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-3499: Cross-Site Request Forgery (CSRF) in Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce. Patch comm
CVE-2026-34992: Missing Encryption of Sensitive Data in antrea.io/antrea in antrea. Patch commands and verification.
CVE-2026-35000: ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrary File Read in ChangeDetection.io. Patch commands and verificati
CVE-2026-35020: Anthropic Claude Code & Agent SDK OS Command Injection via TERMINAL Environment Variable in Claude Code. Patch commands and
CVE-2026-35021: bundle sibling of CVE-2026-35020. Same patched build closes both.
CVE-2026-35029: LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint in litellm. Patch commands and verifi
CVE-2026-35032 is a server-side request forgery in jellyfin. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-35035: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-35036: Ech0 Affected by Unauthenticated Server-Side Request Forgery in Website Preview Feature in Ech0. Patch commands and verifica
CVE-2026-35037 is a cwe-918: server-side request forgery (ssrf) in Lin-snow Ech0. CVSS 7.2 High. Patch commands, mitigations, and verificati
CVE-2026-35042: bundle sibling of CVE-2026-34950. Same patched build closes both.
CVE-2026-35043: BentoML: command injection in cloud deployment setup script (deployment.py) in BentoML. Patch commands and verification.
CVE-2026-35044: CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine in BentoML. Patch commands and verification.
CVE-2026-35045: Tandoor Recipes Affected by Private Recipe Exposure and Unauthorized Modification in recipes. Patch commands and verificatio
CVE-2026-3505 is an allocation of resources without limits in BC-JAVA. This page lists verified fix commands and short-term mitigations you
CVE-2026-35051 - CWE-345: Insufficient Verification of Data Authenticity in traefik. Runnable patch commands, mitigation, and verification o
CVE-2026-35056 is a xenforo remote code execution via authenticated admin in XenForo, fixed by the same patch as CVE-2026-35054.
CVE-2026-35063 is a missing authorization in OpenPLC_V3. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35064 - CWE-306 Missing authentication for critical function in X3050. Runnable patch commands, mitigation, and verification on thi
CVE-2026-35071 is an OS command injection in PowerScale InsightIQ. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-3509: a format string vulnerability in CODESYS Control RTE (SL). Patched version and vendor advisory inside.
CVE-2026-35091: bundle sibling of CVE-2026-4631. Same patched build closes both.
CVE-2026-35092: bundle sibling of CVE-2026-4631. Same patched build closes both.
CVE-2026-35093 is a improper control of generation of code ('code injection') in Red Hat Enterprise Linux 10, fixed by the same patch as CVE
CVE-2026-35099: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in SysTrack Agent. Patch command
CVE-2026-3511: CWE-611 Improper Restriction of XML External Entity Reference in Autogram. Patch commands and verification.
CVE-2026-35155 - CWE-522: Insufficiently Protected Credentials in iDRAC10. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-35164 is a brave cms sffected by unrestricted file upload via ckeditor endpoint in Ajax30 BraveCMS-2.0, fixed by the same patch as
CVE-2026-35167: Kedro has a path traversal in versioned dataset loading via unsanitized version string in kedro. Patch commands and verifica
CVE-2026-35168 is a openstamanager: sql injection via aggiornamenti module in Devcode-it openstamanager, fixed by the same patch as CVE-2026
CVE-2026-35169 is a loris has potential cross-site scripting in help_editor module in Aces Loris, fixed by the same patch as CVE-2026-33350.
CVE-2026-3517 is a command injection in ECS Connections Manager. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-35170 is a cwe-125: out-of-bounds read in Trabucayre openFPGALoader. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-35172 is a cwe-284: improper access control in distribution. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-35175: Ajenti has an authorization bypass during custom package installation in ajenti. Patch commands and verification.
CVE-2026-35176 is a cwe-125: out-of-bounds read in Trabucayre openFPGALoader. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-3518 is a command injection in ECS Connections Manager. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-35182 is a missing authorization privilege escalation in Ajax30 BraveCMS-2.0, fixed by the same patch as CVE-2026-35047.
CVE-2026-35183: bundle sibling of CVE-2026-35047. Same patched build closes both.
CVE-2026-35184 is a ecclesiacrm has a critical sql injection in Phili67 ecclesiacrm. CVSS 8.7 High. Patch commands, mitigations, and verific
CVE-2026-35185 is a cwe-284: improper access control in Haxtheweb HAXiam. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-35187: pyLoad has SSRF in parse_urls API endpoint via unvalidated URL parameter in pyload. Patch commands and verification.
CVE-2026-3519 is a command injection in ECS Connections Manager. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-35196 is an OS command injection in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-3520 is a uncontrolled recursion in expressjs multer. This page lists the verified fix and inline mitigations.
CVE-2026-35203 is a zlmediakit vp9 rtp parser out-of-bounds read in ZLMediaKit. CVSS 7.5 High. Patch commands, mitigations, and verification
CVE-2026-35204 is a path traversal in helm. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35205 is a cwe-636: not failing securely in helm. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-35209: defu: Prototype pollution via `__proto__` key in defaults argument in defu. Patch commands and verification.
CVE-2026-35213: Regular Expression Denial of Service (ReDoS) in @hapi/content HTTP header parsing in content. Patch commands and verificatio
CVE-2026-35214: bundle sibling of CVE-2026-25043. Same patched build closes both.
CVE-2026-35215 is a divide by zero in firebird. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35218: bundle sibling of CVE-2026-25043. Same patched build closes both.
CVE-2026-35225 - CWE-754 Improper Check for Unusual or Exceptional Conditions in CODESYS EtherNetIP. Runnable patch commands, mitigation, an
CVE-2026-35227 is an OS command injection in CODESYS Modbus. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-35228 improper neutralization of special elements used in an sql command ('sql injecti in Oracle MCP Server Helper Tool product of
CVE-2026-35229 is an access control in Oracle Database Server. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-35230 is an access control in Oracle VM VirtualBox. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-35231 is an access control in Oracle Financial Services Transaction Filtering. This page lists verified fix commands and short-term
CVE-2026-3524 is a cwe-862: missing authorization in Mattermost. CVSS 8.3 High. Patch commands, mitigations, and verification.
CVE-2026-35242 is an access control in Oracle VM VirtualBox. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-35243 is an access control in Oracle Application Development Framework (ADF). This page lists verified fix commands and short-term
CVE-2026-35245 is an access control in Oracle VM VirtualBox. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-35246 is an access control in Oracle VM VirtualBox. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-35251 is an access control in Oracle VM VirtualBox. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-3533 is an unrestricted file upload in Jupiter X Core. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-35337 is a deserialization of untrusted data in Apache Storm Client. This page lists verified fix commands and short-term mitigatio
CVE-2026-35338 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in coreutils. Runnable patch command
CVE-2026-35341 - CWE-732: Incorrect Permission Assignment for Critical Resource in coreutils. Runnable patch commands, mitigation, and verif
CVE-2026-35352 - CWE-367: Time-of-Check Time-of-Use (TOCTOU) Race Condition in coreutils. Runnable patch commands, mitigation, and verificat
CVE-2026-3536 is a integer overflow in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-35368 - CWE-426: Untrusted Search Path in coreutils. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3537 is a cwe-1091 use of object without invoking destructor method in Google Chrome. This page lists the verified fix and inline m
CVE-2026-3538 is a integer overflow in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-35385 is a improper preservation of permissions in Openbsd OpenSSH. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-35389: bundle sibling of CVE-2026-34833. Same patched build closes both.
CVE-2026-3539 is a cwe-1091 use of object without invoking destructor method in Google Chrome. This page lists the verified fix and inline m
CVE-2026-35391 is a cwe-348: use of less trusted source in Bulwarkmail webmail, fixed by the same patch as CVE-2026-34833.
CVE-2026-35394: Mobile Next has Arbitrary Android Intent Execution via mobile_open_url in mobile-mcp. Patch commands and verification.
CVE-2026-35395: WeGIA has a SQL Injection in DespachoDAO.php via id_memorando parameter in WeGIA. Patch commands and verification.
CVE-2026-35397 improper limitation of a pathname to a restricted directory ('path traversal') in jupyter server. Runnable upgrade commands a
CVE-2026-35399 is a wegia has stored xss in backup file names in Labredescefetrj WeGIA, fixed by the same patch as CVE-2026-35395.
CVE-2026-3540 is a security vulnerability in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-35401 is a saleor has a resource exhaustion vulnerability in graphql queries in saleor, fixed by the same patch as CVE-2026-33756.
CVE-2026-35405 is a cwe-770: allocation of resources without limits or throttling in rust-libp2p, fixed by the same patch as CVE-2026-34219.
CVE-2026-35408 is a directus is missing cross-origin opener policy in directus. CVSS 8.7 High. Patch commands, mitigations, and verification
CVE-2026-35409: bundle sibling of CVE-2026-35408. Same patched build closes both.
CVE-2026-3541 is a cwe-284 improper access control in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-35412 is a directus has a tus upload authorization bypass allows arbitrary file overwrite in directus, fixed by the same patch as C
CVE-2026-35415 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-35416 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-35417 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-35418 is an use-after-free in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-3542 is a cwe-284 improper access control in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-35420 is a path traversal in Windows Server 2012. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-35421 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-35424 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-3543 is a cwe-284 improper access control in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-35430: an insecure direct object reference (IDOR) in Azure Privileged Identity Management (PI. Patched version and vendor advisory
CVE-2026-35433 is an improper input validation in .NET 10.0. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-35435 is a improper access control in Azure AI Foundry. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-35436: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-35438 is a missing authorization in Windows Admin Center. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-35439: an unsafe deserialization in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-3544 is a heap buffer overflow in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-35442: bundle sibling of CVE-2026-35408. Same patched build closes both.
CVE-2026-35444: SDL_image has a heap buffer overflow READ via unchecked colormap index in XCF loader in SDL_image. Patch commands and verifi
CVE-2026-35446 is a loris has a path traversal in filesdownloadhandler in Aces Loris, fixed by the same patch as CVE-2026-33350.
CVE-2026-35454: Code Extension Marketplace has a Zip Slip Path Traversal in code-marketplace. Patch commands and verification.
CVE-2026-35455: immich has Stored XSS via OCR Text in 360° Panorama Viewer in immich. Patch commands and verification.
CVE-2026-35457: bundle sibling of CVE-2026-34219. Same patched build closes both.
CVE-2026-35458 is a gotenberg has a redos via extrahttpheaders scope feature in gotenberg. CVSS 8.7 High. Patch commands, mitigations, and v
CVE-2026-35463 is a pyload has improper neutralization of special elements used in an os command in pyload, fixed by the same patch as CVE-2
CVE-2026-35464 is a cwe-502: deserialization of untrusted data in pyload, fixed by the same patch as CVE-2026-35187.
CVE-2026-35465 is a cwe-73: external control of file name in securedrop-client. This page lists verified fix commands and short-term mitigat
CVE-2026-35467: Private Key stored as extractable in browser IndexeDB in cveClient/encrypt-storage.js. Patch commands and verification.
CVE-2026-35469 is an allocation of resources without limits in spdystream. This page lists verified fix commands and short-term mitigations
CVE-2026-3547: wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validation in wolfSSL. Patch commands and verification.
CVE-2026-35470: bundle sibling of CVE-2026-28805. Same patched build closes both.
CVE-2026-35476 is a inventree affected by privilege escalation via api in InvenTree. CVSS 7.2 High. Patch commands, mitigations, and verific
CVE-2026-35478 is a inventree has arbitrary api token creation in InvenTree, fixed by the same patch as CVE-2026-35476.
CVE-2026-3548 is a buffer overflow in crl number parsing in wolfssl in wolfSSL. CVSS 7.2 High. Patch commands, mitigations, and verification
CVE-2026-35485: bundle sibling of CVE-2026-35050. Same patched build closes both.
CVE-2026-35486 is a cwe-918: server-side request forgery (ssrf) in Oobabooga text-generation-webui, fixed by the same patch as CVE-2026-3505
CVE-2026-35488 is a cwe-749: exposed dangerous method or function in Tandoorrecipes recipes, fixed by the same patch as CVE-2026-35045.
CVE-2026-35489: bundle sibling of CVE-2026-35045. Same patched build closes both.
CVE-2026-3549 is a ech parsing heap buffer overflow in Wofssl wolfSSL. CVSS 8.3 High. Patch commands, mitigations, and verification.
CVE-2026-35506 is an OS command injection in WRC-BE72XSD-B. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-35512 is a heap buffer overflow in xrdp. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35517: bundle sibling of CVE-2026-35491. Same patched build closes both.
CVE-2026-35518: bundle sibling of CVE-2026-35491. Same patched build closes both.
CVE-2026-35519: bundle sibling of CVE-2026-35491. Same patched build closes both.
CVE-2026-35520: bundle sibling of CVE-2026-35491. Same patched build closes both.
CVE-2026-35521: bundle sibling of CVE-2026-35491. Same patched build closes both.
CVE-2026-35523: Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol in strawberry. Patch commands and ve
CVE-2026-35525 is a cwe-61: unix symbolic link (symlink) following in Harttle liquidjs, fixed by the same patch as CVE-2026-34166.
CVE-2026-35526: Strawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptions in strawberry. Patch commands and v
CVE-2026-35533 is a mise has a local settings bypass config trust checks in Jdx mise. CVSS 7.8 High. Patch commands, mitigations, and verifi
CVE-2026-35534: ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection in CRM. Patch commands and verification.
CVE-2026-35535 is a privilege dropping / lowering errors in Sudo Project Sudo. CVSS 7.4 High. Patch commands, mitigations, and verification.
CVE-2026-35536: Improper Handling of Invalid Use of Special Elements in Tornado. Patch commands and verification.
CVE-2026-35547 - CWE-122: Heap-based Buffer Overflow in FreeBSD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-35548 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3555 is a cwe-122: heap-based buffer overflow in Philips Hue Bridge. CVSS 8 High. Patch commands, mitigations, and verification.
CVE-2026-35554 is a use after free in Apache Software Foundation Apache Kafka Clients. CVSS 8.7 High. Patch commands, mitigations, and verif
CVE-2026-35555: an access control bypass in PowerSYSTEM Center 2024. Patched version and vendor advisory inside.
CVE-2026-35558: bundle sibling of CVE-2026-5485. Same patched build closes both.
CVE-2026-3556 is a cwe-122: heap-based buffer overflow in Philips Hue Bridge. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-35560 is a cwe-295: improper certificate validation in Amazon Athena ODBC driver, fixed by the same patch as CVE-2026-5485.
CVE-2026-35561 is a cwe-862: missing authorization in Amazon Athena ODBC driver, fixed by the same patch as CVE-2026-5485.
CVE-2026-35562: bundle sibling of CVE-2026-5485. Same patched build closes both.
CVE-2026-35568 is a mcp java-sdk has a dns rebinding in Modelcontextprotocol java-sdk. CVSS 7.6 High. Patch commands, mitigations, and verif
CVE-2026-35569 is a cross-site scripting in apostrophe. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3557 is a cwe-122: heap-based buffer overflow in Philips Hue Bridge. CVSS 8 High. Patch commands, mitigations, and verification.
CVE-2026-35570 is a path traversal in openclaude. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35572 is a cwe-918: server-side request forgery (ssrf) in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-35574 is a churchcrm has a stored xss in person profile - add a note in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-35575 is a churchcrm has stored xss in group name in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-35576: bundle sibling of CVE-2026-35534. Same patched build closes both.
CVE-2026-35579 is a improper authentication in coredns. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-3558: CWE-306: Missing Authentication for Critical Function in Hue Bridge. Patch commands and verification.
CVE-2026-35581: bundle sibling of CVE-2026-35571. Same patched build closes both.
CVE-2026-35582 is an OS command injection in emissary. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35585 is a file browser has a command injection via hook runner in filebrowser, fixed by the same patch as CVE-2026-34528.
CVE-2026-35587 is a server-side request forgery in glances. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-35589 is a cwe-1385: missing origin validation in websockets in nanobot. This page lists verified fix commands and short-term mitig
CVE-2026-3559 is a cwe-323: reusing a nonce, key pair in encryption in Philips Hue Bridge. CVSS 8.1 High. Patch commands, mitigations, and v
CVE-2026-35595 is an improper privilege management in vikunja. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-3560 is a cwe-122: heap-based buffer overflow in Philips Hue Bridge. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-35604: bundle sibling of CVE-2026-34528. Same patched build closes both.
CVE-2026-35607: bundle sibling of CVE-2026-34528. Same patched build closes both.
CVE-2026-3561 is a cwe-122: heap-based buffer overflow in Philips Hue Bridge. CVSS 8 High. Patch commands, mitigations, and verification.
CVE-2026-35610: PolarLearn has a Server Action Admin Bypass in Account Management Actions in PolarLearn. Patch commands and verification.
CVE-2026-35611: Addressable has a Regular Expression Denial of Service in Addressable templates in addressable. Patch commands and verificat
CVE-2026-35618 is an authentication bypass by capture-replay in OpenClaw. This page lists verified fix commands and short-term mitigations y
CVE-2026-35621 is a missing authorization in OpenClaw. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35625 is a cwe-648: incorrect use of privileged apis in OpenClaw. This page lists verified fix commands and short-term mitigations
CVE-2026-35631 is a missing authorization in OpenClaw. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35636 is a cwe-696: incorrect behavior order in OpenClaw. This page lists verified fix commands and short-term mitigations you can
CVE-2026-35638 is an execute unauthorized code or commands in OpenClaw. This page lists verified fix commands and short-term mitigations you
CVE-2026-35639 is a cwe-648: incorrect use of privileged apis in OpenClaw. This page lists verified fix commands and short-term mitigations
CVE-2026-35641 is a cwe-349: acceptance of extraneous untrusted data in OpenClaw. This page lists verified fix commands and short-term mitig
CVE-2026-35643 is a cwe-940: improper verification of source of in OpenClaw. This page lists verified fix commands and short-term mitigation
CVE-2026-35644 is a vulnerability in OpenClaw. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35650 is a cwe-15: external control of system or in OpenClaw. This page lists verified fix commands and short-term mitigations you
CVE-2026-35653 is an incorrect authorization in OpenClaw. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-35657 is an incorrect authorization in OpenClaw. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-35660 is a missing authorization in OpenClaw. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35663 is a cwe-648: incorrect use of privileged apis in OpenClaw. This page lists verified fix commands and short-term mitigations
CVE-2026-35666 is a cwe-706: use of incorrectly-resolved name or in OpenClaw. This page lists verified fix commands and short-term mitigatio
CVE-2026-35668 is a path traversal in OpenClaw. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35669 is a cwe-648: incorrect use of privileged apis in OpenClaw. This page lists verified fix commands and short-term mitigations
CVE-2026-35682 is a command injection in Anviz CX2 Lite Firmware. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-3585: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in The Events Calendar. Patch commands
CVE-2026-3588 is a server-side request forgery (ssrf) in ikea dirigera in Ikea dirigera. CVSS 7.5 High. Patch commands, mitigations, and ver
CVE-2026-3589 is a CSRF in Automattic WooCommerce. This page lists the verified fix and inline mitigations.
CVE-2026-3593 is an use-after-free in BIND 9. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3598 is a broken cryptography in rustdesk-server-pro RustDesk Server Pro. This page lists the verified fix and inline mitigations.
CVE-2026-3599 is a SQL injection in Riaxe Product Customizer. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-3605 is a cwe-288: authentication bypass using an alternate in Vault. This page lists verified fix commands and short-term mitigati
CVE-2026-3608 is a vulnerability in Kea. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3612 is a command injection in Wavlink WL-NU516U1. This page lists the verified fix and inline mitigations.
CVE-2026-3613 is a stack buffer overflow in Wavlink WL-NU516U1. This page lists the verified fix and inline mitigations.
CVE-2026-3614 is a missing authorization in AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress. This
CVE-2026-3621 - CWE-269 Improper Privilege Management in WebSphere Application Server - Liberty. Runnable patch commands, mitigation, and ve
CVE-2026-3622 is a path traversal in TL-WR841N v14. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3629: a vulnerability in Import and export users and customers. Patched version and vendor advisory inside.
CVE-2026-3631 is a buffer over-read dos vulnerability in commgr2 in Deltaww COMMGR2. CVSS 7.5 High. Patch commands, mitigations, and verific
CVE-2026-36340 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-36355 exposed ioctl with insufficient access control in the affected product. Runnable upgrade commands and verification steps for
CVE-2026-36365 improper control of generation of code ('code injection') in the affected product. Runnable upgrade commands and verification
CVE-2026-3643 is a cross-site scripting in Accessibly – WordPress Website Accessibility. This page lists verified fix commands and short-ter
CVE-2026-3650 is a vulnerability in Grassroots DICOM (GDCM). Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-3657: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in My Sticky Bar – Floating Notif
CVE-2026-3658: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Appointment Booking Calendar,
CVE-2026-3666: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in wpForo Forum. Patch commands and verificati
CVE-2026-36734 improper neutralization of special elements used in a command ('command injectio in the affected product. Runnable upgrade co
CVE-2026-36762 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-36765 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3677 is a stack buffer overflow in Tenda FH451. This page lists the verified fix and inline mitigations.
CVE-2026-3678 is a stack buffer overflow in Tenda FH451. This page lists the verified fix and inline mitigations.
CVE-2026-3679 is a stack buffer overflow in Tenda FH451. This page lists the verified fix and inline mitigations.
CVE-2026-36837 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3690 is a cwe-291: reliance on ip address for in OpenClaw. This page lists verified fix commands and short-term mitigations you can
CVE-2026-3692: Unintended command execution during report generation in Progress Flowmon in Flowmon. Patch commands and verification.
CVE-2026-36948 is a SQL injection in Sourcecodester Online. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-36956 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-36957 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-36958 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-36959 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-36960 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-36962 improper neutralization of special elements used in an sql command ('sql injecti in the affected product. Runnable upgrade co
CVE-2026-3698 is a utt hiper 810g ntp strcpy buffer overflow in Utt HiPER 810G. CVSS 8.7 High. Patch commands, mitigations, and verification
CVE-2026-36983 improper neutralization of special elements used in a command ('command injectio in the affected product. Runnable upgrade co
CVE-2026-3699 is a utt hiper 810g formremotecontrol strcpy buffer overflow in Utt HiPER 810G. CVSS 8.7 High. Patch commands, mitigations, an
CVE-2026-3700: UTT HiPER 810G formConfigDnsFilterGlobal strcpy buffer overflow in HiPER 810G. Patch commands and verification.
CVE-2026-3701 is a h3c magic b1 aspform edit_basicssid_5g buffer overflow in H3c Magic B1. CVSS 8.7 High. Patch commands, mitigations, and v
CVE-2026-3715: Wavlink WL-WN579X3-C firewall.cgi sub_40139C stack-based overflow in WL-WN579X3-C. Patch commands and verification.
CVE-2026-3718 is a cross-site scripting (XSS) in ManageWP Worker. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-3726: Tenda F453 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow in F453. Patch commands and verification.
CVE-2026-3727 is a tenda f453 quickindex sub_3c6c0 stack-based overflow in Tenda F453. CVSS 8.7 High. Patch commands, mitigations, and verif
CVE-2026-3728 is a tenda f453 setcfm fromsetcfm stack-based overflow in Tenda F453. CVSS 8.7 High. Patch commands, mitigations, and verifica
CVE-2026-3729 is a tenda f453 pptpdclient frompptpuseradd stack-based overflow in Tenda F453. CVSS 8.7 High. Patch commands, mitigations, an
CVE-2026-3732 is a tenda f453 execommand strcpy stack-based overflow in Tenda F453. CVSS 8.7 High. Patch commands, mitigations, and verifica
CVE-2026-37336 is a SQL injection in SourceCodester Simple. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-37337 is a SQL injection in SourceCodester Simple. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-37341 is a SQL injection in SourceCodester Vehicle. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-37342 is a SQL injection in SourceCodester Vehicle. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-37343 is a SQL injection in SourceCodester Vehicle. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-37344 is a SQL injection in SourceCodester Vehicle. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-37457 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37459 uncontrolled resource consumption in the affected product. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-37461 is a out-of-bounds read in the affected product. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-37525 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37526 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37530 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37532 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37535 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37536 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37537 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37538 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37540 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37552 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37554 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37555 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37630 improper control of generation of code ('code injection') in the affected product. Runnable upgrade commands and verification
CVE-2026-3768 is a tenda f453 wrlextraset formwrlextraset stack-based overflow in Tenda F453. CVSS 8.7 High. Patch commands, mitigations, an
CVE-2026-3769 is a tenda f453 wrlclientset stack-based overflow in Tenda F453. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-3772 - CWE-352 Cross-Site Request Forgery (CSRF) in WP Editor. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37748 is an unrestricted file upload in PHP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3775 is a cwe-427: dll hijacking in Foxit Software Inc. Foxit PDF Editor, fixed by the same patch as CVE-2026-3774.
CVE-2026-3779: bundle sibling of CVE-2026-3774. Same patched build closes both.
CVE-2026-3780: Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation in Foxit PDF Reader. Patch commands and verif
CVE-2026-3787: UltraVNC Windows Service cryptbase.dll uncontrolled search path in UltraVNC. Patch commands and verification.
CVE-2026-3799 is a tenda i3 setcfm formsetcfm stack-based overflow in Tenda i3. CVSS 8.7 High. Patch commands, mitigations, and verification
CVE-2026-3801 is a tenda i3 setautoping formsetautoping stack-based overflow in Tenda i3. CVSS 8.7 High. Patch commands, mitigations, and ve
CVE-2026-3802 is a tenda i3 execommand formexecommand stack-based overflow in Tenda i3. CVSS 8.7 High. Patch commands, mitigations, and veri
CVE-2026-3803: Tenda i3 WifiMacFilterGet formWifiMacFilterGet stack-based overflow in i3. Patch commands and verification.
CVE-2026-3804: Tenda i3 WifiMacFilterSet formWifiMacFilterSet stack-based overflow in i3. Patch commands and verification.
CVE-2026-3805 is a use after free in smb connection reuse in curl. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-3807: Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow in FH1202. Patch commands and verification.
CVE-2026-3808: Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow in FH1202. Patch commands and verification.
CVE-2026-3809: Tenda FH1202 NatSaticSetting fromNatStaticSetting stack-based overflow in FH1202. Patch commands and verification.
CVE-2026-3810: Tenda FH1202 DhcpListClient fromDhcpListClient stack-based overflow in FH1202. Patch commands and verification.
CVE-2026-3811: Tenda FH1202 P2pListFilter fromP2pListFilter stack-based overflow in FH1202. Patch commands and verification.
CVE-2026-3814: UTT HiPER 810G getOneApConfTempEntry strcpy buffer overflow in HiPER 810G. Patch commands and verification.
CVE-2026-3815 is a utt hiper 810g formapmail strcpy buffer overflow in Utt HiPER 810G. CVSS 8.7 High. Patch commands, mitigations, and verif
CVE-2026-3822: Taipower|Taipower APP(Android) - Improper Certificate Validation in Taipower APP. Patch commands and verification.
CVE-2026-3828 improper neutralization of special elements used in an os command ('os command i in Ds-3E1310P-Si. Runnable upgrade commands a
CVE-2026-3830 is a SQL injection in Product Filter for WooCommerce by WBW. This page lists verified fix commands and short-term mitigations
CVE-2026-38361 uncontrolled resource consumption in the affected product. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-3838 is a unraid update request path traversal remote code execution in Unraid. CVSS 8.8 High. Patch commands, mitigations, and ver
CVE-2026-3839: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Unraid. Patch commands and verifica
CVE-2026-3841: Command Injection Vulnerability in Telnet CLI on TP-Link TL-MR6400 in TL-MR6400 v5.3. Patch commands and verification.
CVE-2026-3845 is a buffer overflow in Mozilla Firefox. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3847 is a memory safety bugs fixed in firefox 148.0.2 in Mozilla Firefox. CVSS 8.8 High. Patch commands, mitigations, and verificat
CVE-2026-38527 is a server-side request forgery in Server. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-38528 is a SQL injection in Krayin CRM. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-38529 is an improper privilege management in Broken Object. This page lists verified fix commands and short-term mitigations you ca
CVE-2026-38530 is an authorization bypass through user-controlled key in Broken Object. This page lists verified fix commands and short-term
CVE-2026-38532 is an authorization bypass through user-controlled key in Broken Object. This page lists verified fix commands and short-term
CVE-2026-3854: Remote code execution via git push option injection in GitHub Enterprise Server in Enterprise Server. Patch commands and veri
CVE-2026-38566 cross-site request forgery (csrf) in the affected product. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-38568 authorization bypass through user-controlled key in the affected product. Runnable upgrade commands and verification steps fo
CVE-2026-3857 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3861 is a denial of service in LINE client for iOS. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-38651 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3868 - CWE-130: Improper Handling of Length Parameter Inconsistency in EDR-8010 Series. Runnable patch commands, mitigation, and ve
CVE-2026-3872: Keycloak: keycloak: information disclosure due to redirect_uri validation bypass in Red Hat build of Keycloak 26.2. Patch com
CVE-2026-3873 is a legacy built-in user account in Syslink Software Ag Avantra. CVSS 7.2 High. Patch commands, mitigations, and verification
CVE-2026-38751 unrestricted upload of file with dangerous type in the affected product. Runnable upgrade commands and verification steps for
CVE-2026-3876 is a cross-site scripting in Prismatic. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3877 is a reflected cross-site scripting in dashboard search in VertiGIS FM. CVSS 7.3 High. Patch commands, mitigations, and verifi
CVE-2026-3879 is a stored xss in Zohocorp ManageEngine Exchange Reporter Plus. CVSS 7.3 High. Patch commands, mitigations, and verification.
CVE-2026-3880 is a stored xss in Zohocorp ManageEngine Exchange Reporter Plus, fixed by the same patch as CVE-2026-3879.
CVE-2026-38834 is a command injection in Tenda W30E. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3888 is a local privilege escalation in snapd in Canonical Ubuntu 16.04 LTS. CVSS 7.8 High. Patch commands, mitigations, and verifi
CVE-2026-3892: an arbitrary file read in Motors – Car Dealership & Classified Lis. Patched version and vendor advisory inside.
CVE-2026-38934 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-38949 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-38991 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3902: ASGI header spoofing via underscore/hyphen conflation in Django. Patch commands and verification.
CVE-2026-39110 is a SQL injection in SQL Injection. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39111 is a SQL injection in SQL Injection. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3912 is a vulnerability in ActiveMatrix BusinessWorks. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-3913 is a heap buffer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3914 is a integer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3915 is a heap buffer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3917 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3918 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3919 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3920 is a out of bounds memory access in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3921 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3922 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3923 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-3924 is a use after free in Google Chrome. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-3926 is a out of bounds read in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-39304 is a denial of service in Apache ActiveMQ. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-39306: bundle sibling of CVE-2026-34934. Same patched build closes both.
CVE-2026-39307: bundle sibling of CVE-2026-34934. Same patched build closes both.
CVE-2026-39308: bundle sibling of CVE-2026-34934. Same patched build closes both.
CVE-2026-3931 is a heap buffer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-39310 is an access control bypass in Trilium. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-39312 is a pre-auth eap-tls dos on softether vpn developer edition in SoftEtherVPN. CVSS 7.5 High. Patch commands, mitigations, and
CVE-2026-39313 is an allocation of resources without limits in mcp-framework. This page lists verified fix commands and short-term mitigatio
CVE-2026-39318 is a churchcrm has a ddl sql injection in grouppropsformrowops.php in Churchcrm CRM, fixed by the same patch as CVE-2026-3553
CVE-2026-39319 is a churchcrm has a second order sqli via fundraisereditor.php in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39320 is a denial of service in signalk-server. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39325 is a churchcrm has a blind sql injection in settingsuser.php in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39326 is a churchcrm has a blind sql injection in propertytypeeditor.php in Churchcrm CRM, fixed by the same patch as CVE-2026-3553
CVE-2026-39327 is a churchcrm has a sql injection in memberrolechange.php in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39328 is a churchcrm has stored xss in social profile fields in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39329 is a churchcrm has a blind sql injection in eventnames.php in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39330 is a churchcrm has a blind sql injection in propertyassign.php in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39331 is a cwe-639: authorization bypass through user-controlled key in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39332 is a churchcrm has reflected cross-site scripting (xss) in geopage.php in Churchcrm CRM, fixed by the same patch as CVE-2026-
CVE-2026-39333: bundle sibling of CVE-2026-35534. Same patched build closes both.
CVE-2026-39334 is a churchcrm has a blind sql injection in settingsindividual.php in Churchcrm CRM, fixed by the same patch as CVE-2026-3553
CVE-2026-39338: bundle sibling of CVE-2026-35534. Same patched build closes both.
CVE-2026-39340: bundle sibling of CVE-2026-35534. Same patched build closes both.
CVE-2026-39341 is a sql injection in churchcrm.0 in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39343 is a churchcrm has a sql injection in event type editor (admin) in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39344 is a reflected xss the login page through the 'username' parameter in Churchcrm CRM, fixed by the same patch as CVE-2026-3553
CVE-2026-39352 is a path traversal in frappe. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-39356: SQL Injection via escapeName() in all Drizzle ORM SQL dialects in drizzle-orm. Patch commands and verification.
CVE-2026-39358 is a SQL injection in v6. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3936 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-39361 is a cwe-918: server-side request forgery (ssrf) in openobserve. CVSS 7.7 High. Patch commands, mitigations, and verification
CVE-2026-39363: Vite Affected by Arbitrary File Read via Vite Dev Server WebSocket in vite. Patch commands and verification.
CVE-2026-39364 is a vite has a `server.fs.deny` bypass with queries in Vitejs vite, fixed by the same patch as CVE-2026-39363.
CVE-2026-39369: bundle sibling of CVE-2026-34394. Same patched build closes both.
CVE-2026-39370 is a cwe-918: server-side request forgery (ssrf) in Wwbn AVideo, fixed by the same patch as CVE-2026-34394.
CVE-2026-39371: RedwoodSDK has a CSRF vulnerability in server function dispatch via GET requests in sdk. Patch commands and verification.
CVE-2026-39376: FastFeedParser has an infinite redirect loop DoS via meta-refresh chain in fastfeedparser. Patch commands and verification.
CVE-2026-39384: bundle sibling of CVE-2026-34442. Same patched build closes both.
CVE-2026-39386 is an improper input validation in neko. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39387 is a cwe-98: improper control of filename for in BoidCMS. This page lists verified fix commands and short-term mitigations yo
CVE-2026-39393: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-39394: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-39414: MinIO affected a DoS via Unbounded Memory Allocation in S3 Select CSV Parsing in minio. Patch commands and verification.
CVE-2026-39416: Stored XSS in modal item preview for long item content in AIL Framework in ail-framework. Patch commands and verification.
CVE-2026-39429: kcp's cache server is accessible without authentication or authorization checks in kcp. Patch commands and verification.
CVE-2026-39432 is a missing authorization in Timetics. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-3945 is a vulnerability in tinyproxy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-39454 is a default permissions in SKYMEC IT Manager. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-39455 is an OS command injection in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-39457 - CWE-121: Stack-based Buffer Overflow in FreeBSD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-39458 is a vulnerability in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-39459 is a vulnerability in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-39466: WordPress Broken Link Checker plugin <= 2.4.7 - SQL Injection in Broken Link Checker. Patch commands and verification.
CVE-2026-39467 is a deserialization of untrusted data in Responsive Slider by MetaSlider. This page lists verified fix commands and short-te
CVE-2026-39475: WordPress User Feedback plugin <= 1.10.1 - SQL Injection in User Feedback. Patch commands and verification.
CVE-2026-39479: WordPress OttoKit plugin <= 1.1.20 - SQL Injection in OttoKit. Patch commands and verification.
CVE-2026-39486: WordPress Download Monitor plugin <= 5.1.8 - SQL Injection in Download Monitor. Patch commands and verification.
CVE-2026-39487 is a wordpress amelia plugin <= 2.1.1 - sql injection in Ameliabooking Amelia. CVSS 7.6 High. Patch commands, mitigations, an
CVE-2026-39495: WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection in Simply Schedule Appointments. Patch commands an
CVE-2026-39496 is a wordpress yaymail plugin <= 4.3.3 - sql injection in Yaycommerce YayMail. CVSS 7.6 High. Patch commands, mitigations, an
CVE-2026-39497 is a wordpress fox plugin <= 1.4.5 - sql injection in Realmag777 FOX. CVSS 7.6 High. Patch commands, mitigations, and verific
CVE-2026-3953 improper neutralization of input during web page generation ('cross-site scripti in Proticaret E-Commerce. Runnable upgrade co
CVE-2026-39538: WordPress Mikado Core plugin <= 1.6 - Local File Inclusion in Mikado Core. Patch commands and verification.
CVE-2026-39544: WordPress LabtechCO theme <= 8.3 - Local File Inclusion in LabtechCO. Patch commands and verification.
CVE-2026-39611: WordPress KuteShop theme <= 4.2.9 - Local File Inclusion in KuteShop. Patch commands and verification.
CVE-2026-39613: WordPress Boutique theme <= 2.3.3 - Local File Inclusion in Boutique. Patch commands and verification.
CVE-2026-39621 is a cross-site request forgery (csrf) in Spicethemes SpicePress. CVSS 8.8 High. Patch commands, mitigations, and verificatio
CVE-2026-39623: WordPress Biolife theme <= 3.2.3 - Local File Inclusion in Biolife. Patch commands and verification.
CVE-2026-39671: Cross-Site Request Forgery (CSRF) in Extra Fees Plugin for WooCommerce. Patch commands and verification.
CVE-2026-39677: WordPress Emphires theme <= 3.9 - Local File Inclusion in Emphires. Patch commands and verification.
CVE-2026-39679: WordPress Freeio theme <= 1.3.21 - Local File Inclusion in Freeio. Patch commands and verification.
CVE-2026-39681: WordPress Homeo theme <= 1.2.59 - Local File Inclusion in Homeo. Patch commands and verification.
CVE-2026-39684: WordPress OrganicFood theme <= 3.6.4 - Local File Inclusion in OrganicFood. Patch commands and verification.
CVE-2026-3970 is a tenda i3 wifissidget formwrlssidget stack-based overflow in Tenda i3. CVSS 8.7 High. Patch commands, mitigations, and ver
CVE-2026-3971 is a tenda i3 wifissidset formwrlssidset stack-based overflow in Tenda i3. CVSS 8.7 High. Patch commands, mitigations, and ver
CVE-2026-3972 is a tenda w3 http setcfm formsetcfm stack-based overflow in Tenda W3. CVSS 8.7 High. Patch commands, mitigations, and verific
CVE-2026-3973: Tenda W3 POST Parameter setAutoPing formSetAutoPing stack-based overflow in W3. Patch commands and verification.
CVE-2026-3974 is a tenda w3 http execommand formexecommand stack-based overflow in Tenda W3. CVSS 8.7 High. Patch commands, mitigations, and
CVE-2026-3975 is a stack-based buffer overflow in Tenda W3. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-3976 is a stack-based buffer overflow in Tenda W3. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-3978: D-Link DIR-513 formEasySetupWizard3 stack-based overflow in DIR-513. Patch commands and verification.
CVE-2026-39803 is a denial of service in bandit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-39804 - CWE-770 Allocation of Resources Without Limits or Throttling in bandit. Runnable patch commands, mitigation, and verificati
CVE-2026-39806 is a denial of service in bandit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-39815 is a SQL injection in FortiDDoS-F. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39816 is a missing authorization in Apache NiFi. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-39820 is a inefficient algorithmic complexity in net/mail. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-39836 is a uncaught exception in net. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-39843 is a server-side request forgery in plane. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-39849 improper neutralization of crlf sequences ('crlf injection') in FTL. Runnable upgrade commands and verification steps for sys
CVE-2026-3985: a SQL injection in Creative Mail – Easier WordPress & WooCo. Patched version and vendor advisory inside.
CVE-2026-39850 is an improper input validation in yii2. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-39852 is a incorrect authorization in quarkus. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-39853 is a stack buffer overflow in osslsigncode. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-39858 - CWE-290: Authentication Bypass by Spoofing in traefik. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-39861 is a path traversal in claude-code. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39863 is a kamailio core: tcp data processing in kamailio. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-39866 is a command injection in lawnchair. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3987: WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI in Fireware OS. Patch commands and verification
CVE-2026-39870 improper restriction of operations within the bounds of a memory buffer in macOS. Runnable upgrade commands and verification
CVE-2026-39871 files or directories accessible to external parties in macOS. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-3988 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-39883 is a cwe-426: untrusted search path in Open-telemetry opentelemetry-go, fixed by the same patch as CVE-2026-29181.
CVE-2026-39884 is a vulnerability in mcp-server-kubernetes. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-39885: FrontMCP Affected by SSRF via $ref Dereferencing in Untrusted OpenAPI Specifications in frontmcp. Patch commands and verific
CVE-2026-39889: bundle sibling of CVE-2026-34934. Same patched build closes both.
CVE-2026-3989 is a cve-2026-3989 in SGLang. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-39891 is a praisonai has a template injection in agent tool definitions in Mervinpraison PraisonAI, fixed by the same patch as CVE-
CVE-2026-39906 is an unintended proxy or intermediary in WebPerfect Image Suite. This page lists verified fix commands and short-term mitiga
CVE-2026-39907 is an external control of file name or in WebPerfect Image Suite. This page lists verified fix commands and short-term mitiga
CVE-2026-3991: a local privilege escalation in Data Loss Prevention. Patched version and vendor advisory inside.
CVE-2026-39911 is an exposure of resource to wrong sphere in guardian. This page lists verified fix commands and short-term mitigations you
CVE-2026-39937: Global vanishing does not completely remove user email in Mediawiki - CentralAuth Extension. Patch commands and verification
CVE-2026-39942 is a cwe-284: improper access control in directus. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-39959 is an allocation of resources without limits in Tmds.DBus. This page lists verified fix commands and short-term mitigations y
CVE-2026-39962 is a vulnerability in MISP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39965: a server-side request forgery (SSRF) in typebot.io. Patched version and vendor advisory inside.
CVE-2026-39968 is an access control bypass in typebot.io. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-39970 is a cross-site scripting (XSS) in typebot.io. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-39971 is a cwe-113: improper neutralization of crlf sequences in Serendipity. This page lists verified fix commands and short-term
CVE-2026-39972 is a vulnerability in mercure. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39973 is a path traversal in Apktool. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39974 is a server-side request forgery in n8n-mcp. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-39976 is an authentication bypass in passport. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39977 is a path traversal in flatpak-builder. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39981 is a path traversal in AGiXT. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39983 is a cwe-93: improper neutralization of crlf sequences in basic-ftp. This page lists verified fix commands and short-term mit
CVE-2026-3999: Broken access control vulnerability affecting ID Server in ID Server. Patch commands and verification.
CVE-2026-40022 - CWE-288 Authentication Bypass Using an Alternate Path or Channel in Apache Camel Platform HTTP Main. Runnable patch command
CVE-2026-40024 is a sleuth kit tsk_recover path traversal in sleuthkit. CVSS 8.4 High. Patch commands, mitigations, and verification.
CVE-2026-40027 is a aleapp nq vault artifact parser path traversal in Abrignoni ALEAPP. CVSS 8.4 High. Patch commands, mitigations, and veri
CVE-2026-40029: parseusbs < 1.9 Command Injection via Crafted LNK Filename in parseusbs. Patch commands and verification.
CVE-2026-40030: parseusbs < 1.9 Command Injection via Volume Path Argument in parseusbs. Patch commands and verification.
CVE-2026-40031 is a memprocfs < 5.17 dll/shared library hijacking in Ufrisk MemProcFS. CVSS 8.5 High. Patch commands, mitigations, and verif
CVE-2026-40032: UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution in UAC. Patch commands and verification.
CVE-2026-40036: Unfurl < 2026.04 - Denial of Service via Unbounded zlib Decompression in unfurl. Patch commands and verification.
CVE-2026-40037 is a url redirection to untrusted site ('open redirect') in OpenClaw, fixed by the same patch as CVE-2026-32916.
CVE-2026-40039 is an authentication bypass by primary weakness in Pachno. This page lists verified fix commands and short-term mitigations y
CVE-2026-40040 is an unrestricted file upload in Pachno. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40043 is an authorization bypass through user-controlled key in Pachno. This page lists verified fix commands and short-term mitiga
CVE-2026-40046 is an integer overflow in Apache ActiveMQ. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-40048 - CWE-502 Deserialization of Untrusted Data in Apache Camel PQC. Runnable patch commands, mitigation, and verification on thi
CVE-2026-40060 is a path traversal in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-40062 - Improper limitation of a pathname to a restricted directory ('Path Traversal') in Ziostation2. Runnable patch commands, mit
CVE-2026-40066 is a cwe-494 in Anviz CX2 Lite Firmware. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40067 is a vulnerability in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-40068 is a improper input validation in claude-code. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-40069 is a cwe-754: improper check for unusual or in bsv-ruby-sdk. This page lists verified fix commands and short-term mitigations
CVE-2026-4007 is a tenda w3 post parameter wifissidget stack-based overflow in Tenda W3. CVSS 8.7 High. Patch commands, mitigations, and ver
CVE-2026-40070 is a vulnerability in bsv-ruby-sdk. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40073 is an allocation of resources without limits in kit. This page lists verified fix commands and short-term mitigations you can
CVE-2026-40075 improper limitation of a pathname to a restricted directory ('path traversal') in openmrs-core. Runnable upgrade commands and
CVE-2026-4008 is a tenda w3 post parameter wifissidset stack-based overflow in Tenda W3. CVSS 8.7 High. Patch commands, mitigations, and ver
CVE-2026-40090 is a path traversal in zarf. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40092 is a path traversal in core-rs-albatross. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-40093 is a vulnerability in core-rs-albatross. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40107 is a server-side request forgery in siyuan. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-40110 is a regular expression without anchors in jupyter server. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-40113 is a vulnerability in PraisonAI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40114 is a server-side request forgery in PraisonAI. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-40116 is an allocation of resources without limits in PraisonAI. This page lists verified fix commands and short-term mitigations y
CVE-2026-40149 is a cwe-396: declaration of catch for generic in PraisonAI. This page lists verified fix commands and short-term mitigations
CVE-2026-40150 is a server-side request forgery in PraisonAIAgents. This page lists verified fix commands and short-term mitigations you can
CVE-2026-40153 is a vulnerability in PraisonAIAgents. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40156 is a code injection in PraisonAI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40158 is a code injection in PraisonAI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40160 is a server-side request forgery in PraisonAIAgents. This page lists verified fix commands and short-term mitigations you can
CVE-2026-40161 is a cwe-201: insertion of sensitive information into in pipeline. This page lists verified fix commands and short-term mitig
CVE-2026-40162 is an improper input validation in bugsink. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-40163 is a path traversal in saltcorn. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40164 is a cwe-328: use of weak hash in jq. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40165 is an authentication bypass in authentik. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-40166 is an information disclosure in authentik. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-40168 is a server-side request forgery in postiz-app. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-40170 is a stack buffer overflow in ngtcp2. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40171 improper neutralization of input during web page generation ('cross-site scripti in notebook. Runnable upgrade commands and v
CVE-2026-40172 is a local privilege escalation in authentik. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-40174 is a cross-site request forgery (csrf) in MasaCMS. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-40176 is an improper input validation in composer. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-40180 is a path traversal in quarkus-openapi-generator. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-40185 is a missing authorization in TREK. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40188 is a cwe-1314: missing write protection for parametric in goshs. This page lists verified fix commands and short-term mitigat
CVE-2026-40192 is an allocation of resources without limits in Pillow. This page lists verified fix commands and short-term mitigations you
CVE-2026-40193 is a vulnerability in maddy. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40195 is a null pointer dereference in incus. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-40196 is a cwe-708: incorrect ownership assignment in homebox. This page lists verified fix commands and short-term mitigations you
CVE-2026-40197 is a null pointer dereference in incus. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-40198 is a validation of syntactic correctness of input in Net::CIDR::Lite. This page lists verified fix commands and short-term mi
CVE-2026-4020: Gravity SMTP <= 2.1.4 - Unauthenticated Sensitive Information Exposure via REST API in Gravity SMTP. Patch commands and verif
CVE-2026-40200 is an always-incorrect control flow implementation in musl. This page lists verified fix commands and short-term mitigations
CVE-2026-4021: an authentication bypass in Contest Gallery – Upload & Vote Photos. Patched version and vendor advisory inside.
CVE-2026-40213 is a incorrect authorization in Cyborg. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-40217 is an unprotected alternate channel in LiteLLM. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-40242 is a server-side request forgery in arcane. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-40244 is an integer overflow in openexr. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40245 is an information disclosure in free5gc. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40246 is an improper authorization in free5gc. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40247 is an improper authorization in free5gc. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40248 is an improper authorization in free5gc. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40250 is an integer overflow in openexr. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40251 is a improper validation of array index in incus. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-40259 is an improper authorization in siyuan. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40261 is an OS command injection in composer. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40262 is a cross-site scripting in note-mark. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40280 is a server-side request forgery (ssrf) in gotenberg. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-40285 is a SQL injection in WeGIA. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40286 is a cross-site scripting in WeGIA. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40287 is a code injection in PraisonAI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4029: a missing authorization in Database Backup for WordPress. Patched version and vendor advisory inside.
CVE-2026-40291 is an improper privilege management in chamilo-lms. This page lists verified fix commands and short-term mitigations you can
CVE-2026-4030: a missing authorization in Database Backup for WordPress. Patched version and vendor advisory inside.
CVE-2026-40303 is a denial of service in zrok. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40308 is a vulnerability in my-calendar. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40309 is a cross-site request forgery (csrf) in MasaCMS. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-4031: a missing authorization in Database Backup for WordPress. Patched version and vendor advisory inside.
CVE-2026-40315 is a SQL injection in PraisonAI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40316 is a code injection in BLT. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40318 is a cwe-24: path traversal: '../filedir' in siyuan. This page lists verified fix commands and short-term mitigations you can
CVE-2026-40321 is a cwe-87: improper neutralization of alternate xss in Dnn.Platform. This page lists verified fix commands and short-term m
CVE-2026-40323 is an insufficient verification of data in sp1. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-40325 is a cross-site request forgery (csrf) in MasaCMS. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-40326 is a cross-site request forgery (csrf) in MasaCMS. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-40344 - CWE-287: Improper Authentication in minio. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-40348 is a server-side request forgery in movary. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-40349 is a missing authorization in movary. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40350 is an incorrect authorization in movary. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40352 is a vulnerability in FastGPT. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40357: an unsafe deserialization in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-40358: an use-after-free in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40359: an use-after-free in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40360: an out-of-bounds read in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40361: an use-after-free in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40362: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40363: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40364: a vulnerability in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40365: a path traversal in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-40366: an use-after-free in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40367: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40368: an unsafe deserialization in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-40369 is a path traversal in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-40370: an arbitrary file read in Microsoft SQL Server 2016 Service Pack 3. Patched version and vendor advisory inside.
CVE-2026-40377 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-40381: an access control bypass in Azure Connected Machine Agent. Patched version and vendor advisory inside.
CVE-2026-40382 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-40393 is an out-of-bounds write in Mesa. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40397 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-40398 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-40399: a stack-based buffer overflow in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-40401 is a denial of service in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-40403 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-40405 is a denial of service in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-40406 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-40407 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-40408 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-4041 is a tenda i12 execommand vos_strcpy stack-based overflow in Tenda i12. CVSS 8.7 High. Patch commands, mitigations, and verifi
CVE-2026-40410 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-40413 is a denial of service in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-40414 is a denial of service in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-40415 is an use-after-free in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-40417: a vulnerability in Microsoft Dynamics 365 Business Central . Patched version and vendor advisory inside.
CVE-2026-40418: an use-after-free in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40419: an use-after-free in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-4042: Tenda i12 WifiMacFilterGet formWifiMacFilterGet stack-based overflow in i12. Patch commands and verification.
CVE-2026-40420: an access control bypass in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-40423 is a denial of service in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4043 is a tenda i12 wifissidget formwrlssidget stack-based overflow in Tenda i12. CVSS 8.7 High. Patch commands, mitigations, and v
CVE-2026-40434 is a cwe-940 in Anviz CrossChex Standard. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40436 is a security vulnerability in ZXEDM iEMS. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-40458 is a cross-site request forgery in PAC4J. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40459 is a vulnerability in PAC4J. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40461 is a missing authentication in Anviz CX2 Lite Firmware. This page lists verified fix commands and short-term mitigations you
CVE-2026-40466 - CWE-20 Improper Input Validation in Apache ActiveMQ Broker. Runnable patch commands, mitigation, and verification on this p
CVE-2026-40473 - CWE-502 Deserialization of Untrusted Data in Apache Camel Mina. Runnable patch commands, mitigation, and verification on th
CVE-2026-40474 is a cwe-284: improper access control in wger. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-4048 is a command injection in ECS Connections Manager. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-40480 is a vulnerability in CRM. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40481 is a denial of service in monetr. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40482 is a SQL injection in CRM. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40487 is a cross-site scripting in postiz-app. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40488 is an unrestricted file upload in magento-lts. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-40489 is a stack buffer overflow in editorconfig-core-c. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-40496 is a cwe-330: use of insufficiently random values in freescout. This page lists verified fix commands and short-term mitigati
CVE-2026-40497 is a cross-site scripting in freescout. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40498 is an information disclosure in freescout. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-40499 is an OS command injection in radare2. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40502 is a missing authorization in OpenHarness. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-40503 is a path traversal in OpenHarness. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40514 - CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in SmarterMail. Runnable patch commands, mitiga
CVE-2026-40515 is an incorrect authorization in OpenHarness. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-40516 is a server-side request forgery in OpenHarness. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-40517 - CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in radare2. Runnable patc
CVE-2026-40518 is a path traversal in deer-flow. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40520 is an OS command injection in api. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40527 is an OS command injection in radare2. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40542 - CWE-304: Missing Critical Step in Authentication in Apache HttpClient. Runnable patch commands, mitigation, and verificatio
CVE-2026-40551 - CWE-603: Use of Client-Side Authentication in mpGabinet. Runnable patch commands, mitigation, and verification on this page
CVE-2026-40560 - CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in Starman. Runnable patch command
CVE-2026-40562 inconsistent interpretation of http requests ('http request/response smuggling') in Gazelle. Runnable upgrade commands and ve
CVE-2026-40563 improper control of generation of code ('code injection') in Apache Atlas. Runnable upgrade commands and verification steps f
CVE-2026-40568 is a cross-site scripting in freescout. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40581 is a cross-site request forgery in CRM. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40583 is a cwe-460: improper cleanup on thrown exception in core. This page lists verified fix commands and short-term mitigations
CVE-2026-40585 is a cwe-640: weak password recovery mechanism for in blueprintue-self-hosted-edition. This page lists verified fix commands
CVE-2026-40586 is a vulnerability in blueprintue-self-hosted-edition. This page lists verified fix commands and short-term mitigations you c
CVE-2026-40588 is a cwe-620: unverified password change in blueprintue-self-hosted-edition. This page lists verified fix commands and short-
CVE-2026-40589 is a vulnerability in freescout. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40591 is a vulnerability in freescout. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40595 - CWE-284: Improper Access Control in chartbrew. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-40596 is a cross-site scripting (XSS) in mantisbt. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-40597 is a cross-site scripting (XSS) in mantisbt. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-40599 is an incorrect authorization in clearancekit. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-4060 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Geo Mashup. Runnable patch co
CVE-2026-40600 - CWE-639: Authorization Bypass Through User-Controlled Key in chartbrew. Runnable patch commands, mitigation, and verificati
CVE-2026-40601 - CWE-862: Missing Authorization in chartbrew. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-40604 is a protection mechanism failure in clearancekit. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-40607 is a cross-site scripting (XSS) in mantisbt. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-4061 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Geo Mashup. Runnable patch co
CVE-2026-40611 is a path traversal in lego. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40613 is a cwe-704: incorrect type conversion or cast in coturn. This page lists verified fix commands and short-term mitigations y
CVE-2026-40614 is a heap buffer overflow in pjproject. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40618 is a vulnerability in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4062 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Geo Mashup. Runnable patch co
CVE-2026-40623 - CWE-862 Missing Authorization in X3050. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-40629 is a denial of service in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-40631 is a vulnerability in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4064 is a missing authorization in Devolutions PowerShell Universal. CVSS 8.3 High. Patch commands, mitigations, and verification.
CVE-2026-40683 is an access of resource using incompatible type in Keystone. This page lists verified fix commands and short-term mitigation
CVE-2026-40698 is an OS command injection in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-40706 is a heap buffer overflow in NTFS-3G. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40719 is an always-incorrect control flow implementation in MaraDNS. This page lists verified fix commands and short-term mitigatio
CVE-2026-40744 is a SQL injection in Beaver Builder. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40745 is a SQL injection in Element Pack Elementor Addons. This page lists verified fix commands and short-term mitigations you can
CVE-2026-40764 is a cross-site request forgery in Contact Form by WPForms. This page lists verified fix commands and short-term mitigations
CVE-2026-40784 is an authorization bypass through user-controlled key in FluentBoards. This page lists verified fix commands and short-term
CVE-2026-40858 - CWE-502 Deserialization of Untrusted Data in Apache Camel. Runnable patch commands, mitigation, and verification on this pa
CVE-2026-40863 is a denial of service in PhpSpreadsheet. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-40865 is a cwe-284: improper access control in horilla. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-40866 is a cwe-284: improper access control in horilla. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-40867 is a cwe-284: improper access control in horilla. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-40868 is a cwe-922: insecure storage of sensitive information in kyverno. This page lists verified fix commands and short-term miti
CVE-2026-40869 is a cwe-266: incorrect privilege assignment in decidim. This page lists verified fix commands and short-term mitigations you
CVE-2026-40870 is a missing authorization in decidim. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40871 is an improper input validation in mailcow-dockerized. This page lists verified fix commands and short-term mitigations you c
CVE-2026-40873 is a cross-site scripting in mailcow-dockerized. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-40875 is a cross-site scripting in mailcow-dockerized. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-40876 is a path traversal in goshs. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40879 is a cwe-674: uncontrolled recursion in nest. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-40880 is a cwe-1025: comparison using wrong factors in zebra-consensus. This page lists verified fix commands and short-term mitiga
CVE-2026-40882 - CWE-611: Improper Restriction of XML External Entity Reference in openremote. Runnable patch commands, mitigation, and veri
CVE-2026-40885 is an information disclosure in goshs. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40886 - CWE-129: Improper Validation of Array Index in argo-workflows. Runnable patch commands, mitigation, and verification on thi
CVE-2026-40890 is an out-of-bounds read in markdown. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40892 is a stack buffer overflow in pjproject. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40893 is an arbitrary file read in gotenberg. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-40897 - CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes in mathjs. Runnable patch commands,
CVE-2026-40899 is a cwe-183: permissive list of allowed inputs in dataease. This page lists verified fix commands and short-term mitigations
CVE-2026-40900 is a SQL injection in dataease. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40901 is a deserialization of untrusted data in dataease. This page lists verified fix commands and short-term mitigations you can
CVE-2026-40902 is a denial of service in PhpSpreadsheet. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-40904 - CWE-284: Improper Access Control in chartbrew. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-40905 is a cwe-601: url redirection to untrusted site in LinkAce. This page lists verified fix commands and short-term mitigations
CVE-2026-40909 is a path traversal in AVideo. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40912 - CWE-706: Use of Incorrectly-Resolved Name or Reference in traefik. Runnable patch commands, mitigation, and verification on
CVE-2026-4092: Arbitrary File Write via Path Traversal in Google clasp leading to RCE in Clasp. Patch commands and verification.
CVE-2026-40925 is a cross-site request forgery in AVideo. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-40926 is a cross-site request forgery in AVideo. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-40931 is a cwe-59: improper link resolution before file in compressing. This page lists verified fix commands and short-term mitiga
CVE-2026-40934 is a insufficient session expiration in jupyter server. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-40937 - CWE-862: Missing Authorization in rustfs. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-40938 is a vulnerability in pipeline. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4094: a missing authorization in FOX – Currency Switcher Professional for. Patched version and vendor advisory inside.
CVE-2026-40943 is a race condition in oxia. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40945 is a cwe-532: insertion of sensitive information into in oxia. This page lists verified fix commands and short-term mitigatio
CVE-2026-40950 - Buffer overflow in Secure Access. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-40960 is an always-incorrect control flow implementation in Luanti. This page lists verified fix commands and short-term mitigation
CVE-2026-40967 - CWE-94: Improper Control of Generation of Code in Spring AI. Runnable patch commands, mitigation, and verification on this
CVE-2026-40972 - CWE-208: Observable Timing Discrepancy in Spring Boot. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-40973 - CWE-377: Insecure Temporary File in Spring Boot. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-40978 - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Spring AI. Runnable patch c
CVE-2026-40981 authorization bypass through user-controlled key in Spring Cloud Config. Runnable upgrade commands and verification steps for
CVE-2026-4100 - CWE-862 Missing Authorization in Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions. Runnab
CVE-2026-41002 time-of-check time-of-use (toctou) race condition in Spring Cloud Config. Runnable upgrade commands and verification steps fo
CVE-2026-4101 is a improper authentication in IBM Verify Identity Access Container, fixed by the same patch as CVE-2026-1342.
CVE-2026-41015 is an OS command injection in radare2. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41035 is a handling of length parameter inconsistency in rsync. This page lists verified fix commands and short-term mitigations yo
CVE-2026-41036 is an OS command injection in Router QN-I-470. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-41037 is a restriction of excessive authentication attempts in Router QN-I-470. This page lists verified fix commands and short-ter
CVE-2026-41038 is a weak password requirements in Router QN-I-470. This page lists verified fix commands and short-term mitigations you can
CVE-2026-41039 is a missing authentication in Router QN-I-470. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-41040 - Inefficient regular expression complexity in GROWI. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41044 - CWE-20 Improper Input Validation in Apache ActiveMQ. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41054: an authentication bypass in Container suse/sle-micro-rancher/5.3:lat. Patched version and vendor advisory inside.
CVE-2026-41055 is a server-side request forgery in AVideo. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-41056 is a vulnerability in AVideo. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41057 is a cwe-346: origin validation error in AVideo. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-41058 is a path traversal in AVideo. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41059 is a cwe-288: authentication bypass using an alternate in oauth2-proxy. This page lists verified fix commands and short-term
CVE-2026-41060 is a server-side request forgery in AVideo. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-41066 - CWE-611: Improper Restriction of XML External Entity Reference in lxml. Runnable patch commands, mitigation, and verificati
CVE-2026-41068 - CWE-863: Incorrect Authorization in kyverno. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-4107 is a stored xss in Zohocorp ManageEngine Exchange Reporter Plus, fixed by the same patch as CVE-2026-3879.
CVE-2026-41074 is a cross-site request forgery (CSRF) in rt. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-41075 is a SQL injection in rt. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-41076 is an authentication bypass in rt. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4108 is a stored xss in Zohocorp ManageEngine Exchange Reporter Plus, fixed by the same patch as CVE-2026-3879.
CVE-2026-41082 is a path traversal: '../filedir' in opam. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-41086: an access control bypass in Windows Admin Center in Azure Portal. Patched version and vendor advisory inside.
CVE-2026-41088 is an arbitrary file read in Windows 10 Version 21H2. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-41094 is a code injection in Microsoft Data Formulator. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-41095 is an use-after-free in Windows Server 2012 R2. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-41101: an access control bypass in Microsoft Word for Android. Patched version and vendor advisory inside.
CVE-2026-41102: an access control bypass in Microsoft PowerPoint for Android. Patched version and vendor advisory inside.
CVE-2026-41105 server-side request forgery (ssrf) in Azure Monitor Action Group notification system. Runnable upgrade commands and verificat
CVE-2026-41107: an arbitrary file read in Microsoft Edge (Chromium-based). Patched version and vendor advisory inside.
CVE-2026-41109 is a vulnerability in Visual Studio Code. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-4111: Loop with Unreachable Exit Condition ('Infinite Loop') in Red Hat Enterprise Linux 10. Patch commands and verification.
CVE-2026-41113 is an OS command injection in qmail. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4112 is a SQL injection in SMA1000. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4113 is an observable response discrepancy in SMA1000. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-41133 is a cwe-613: insufficient session expiration in pyload. This page lists verified fix commands and short-term mitigations you
CVE-2026-41134 - CWE-94: Improper Control of Generation of Code ('Code Injection') in kiota. Runnable patch commands, mitigation, and verifi
CVE-2026-41135 is a denial of service in pcf. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41138 - CWE-94: Improper Control of Generation of Code ('Code Injection') in Flowise. Runnable patch commands, mitigation, and veri
CVE-2026-41139 improperly controlled modification of dynamically-determined object attributes in mathjs. Runnable upgrade commands and verif
CVE-2026-41142 is a integer overflow or wraparound in openexr. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-41143 improper neutralization of special elements used in an sql command ('sql injecti in yeswiki. Runnable upgrade commands and ve
CVE-2026-41145 - CWE-287: Improper Authentication in minio. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41146 - CWE-400: Uncontrolled Resource Consumption in facil.io. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41147 is a cross-site scripting (XSS) in nukeviet. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-4116 is a handling of unicode encoding in SMA1000. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-41163 is a improper privilege management in bubblewrap. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-41166 - CWE-284: Improper Access Control in openremote. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41170 - CWE-918: Server-Side Request Forgery (SSRF) in squidex. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41171 - CWE-918: Server-Side Request Forgery (SSRF) in squidex. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41172 - CWE-918: Server-Side Request Forgery (SSRF) in squidex. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41175 - CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in cms. Runnable patch commands
CVE-2026-41180 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in psitransfer. Runnable patch comma
CVE-2026-41189 is an incorrect authorization in freescout. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-41190 is an incorrect authorization in freescout. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-41191 is an incorrect authorization in freescout. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-41192 is a missing authorization in freescout. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41200 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in stig-manager. Runnable patc
CVE-2026-41205 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in mako. Runnable patch commands, mi
CVE-2026-41208 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in @paperclipai/server.
CVE-2026-41211 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in vite-plus. Runnable patch command
CVE-2026-41218 is an use-after-free in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-41220 - CWE-787 in Acronis DeviceLock DLP. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41225 is a vulnerability in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-41227 is a denial of service in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-41230 - CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') in froxlor. Runnable patch commands, mitigation, and v
CVE-2026-41231 - CWE-59: Improper Link Resolution Before File Access ('Link Following') in froxlor. Runnable patch commands, mitigation, and
CVE-2026-41241 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pretalx. Runnable patch com
CVE-2026-41246 - CWE-94: Improper Control of Generation of Code ('Code Injection') in contour. Runnable patch commands, mitigation, and veri
CVE-2026-41247 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in elFinder. Runnable pa
CVE-2026-41259 - CWE-841: Improper Enforcement of Behavioral Workflow in mastodon. Runnable patch commands, mitigation, and verification on
CVE-2026-41266 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Flowise. Runnable patch commands, mitigation, and ve
CVE-2026-41267 - CWE-639: Authorization Bypass Through User-Controlled Key in Flowise. Runnable patch commands, mitigation, and verification
CVE-2026-41268 - CWE-20: Improper Input Validation in Flowise. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41269 - CWE-434: Unrestricted Upload of File with Dangerous Type in Flowise. Runnable patch commands, mitigation, and verification
CVE-2026-41270 - CWE-284: Improper Access Control in Flowise. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41271 - CWE-918: Server-Side Request Forgery (SSRF) in Flowise. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41272 - CWE-918: Server-Side Request Forgery (SSRF) in Flowise. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41273 - CWE-306: Missing Authentication for Critical Function in Flowise. Runnable patch commands, mitigation, and verification on
CVE-2026-41275 - CWE-319: Cleartext Transmission of Sensitive Information in Flowise. Runnable patch commands, mitigation, and verification
CVE-2026-41276 - CWE-287: Improper Authentication in Flowise. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41277 - CWE-284: Improper Access Control in Flowise. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41278 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Flowise. Runnable patch commands, mitigation, and ve
CVE-2026-41279 - CWE-639: Authorization Bypass Through User-Controlled Key in Flowise. Runnable patch commands, mitigation, and verification
CVE-2026-41286 is a stack-based buffer overflow in WatchGuard Agent. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-41287 is a stack-based buffer overflow in WatchGuard Agent. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-41288 incorrect permission assignment for critical resource in WatchGuard Agent. Runnable upgrade commands and verification steps f
CVE-2026-41294 is a cwe-15: external control of system or in OpenClaw. This page lists verified fix commands and short-term mitigations you
CVE-2026-41295 is a cwe-829: inclusion of functionality from untrusted in OpenClaw. This page lists verified fix commands and short-term mit
CVE-2026-41296 is a vulnerability in OpenClaw. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41299 is a reliance on untrusted inputs in a in OpenClaw. This page lists verified fix commands and short-term mitigations you can
CVE-2026-41303 is an incorrect authorization in OpenClaw. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-41304 is a command injection in AVideo. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41309 - CWE-770: Allocation of Resources Without Limits or Throttling in opensource-socialnetwork. Runnable patch commands, mitigat
CVE-2026-41311 is a uncontrolled recursion in liquidjs. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-41316 - CWE-693: Protection Mechanism Failure in erb. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-4132 - CWE-73 External Control of File Name or Path in HTTP Headers. Runnable patch commands, mitigation, and verification on this
CVE-2026-41323 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in kyverno. Runnable patch commands, mitigation, and ve
CVE-2026-41324 - CWE-400: Uncontrolled Resource Consumption in basic-ftp. Runnable patch commands, mitigation, and verification on this page
CVE-2026-41325 - CWE-863: Incorrect Authorization in kirby. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41326 - CWE-61: UNIX Symbolic Link (Symlink) Following in kata-containers. Runnable patch commands, mitigation, and verification on
CVE-2026-41334 - CWE-636: Not Failing Securely (Failing Open) in OpenClaw. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-41336 - CWE-829: Inclusion of Functionality from Untrusted Control Sphere in OpenClaw. Runnable patch commands, mitigation, and ver
CVE-2026-4134 is an uncontrolled search path element in Software Fix. This page lists verified fix commands and short-term mitigations you c
CVE-2026-41342 - CWE-346: Origin Validation Error in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41349 - CWE-862 Missing Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41352 - CWE-862 Missing Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41353 - CWE-472 External Control of Assumed-Immutable Web Parameter in OpenClaw. Runnable patch commands, mitigation, and verificat
CVE-2026-41359 - CWE-269 Improper Privilege Management in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41364 - CWE-59: Improper Link Resolution Before File Access ('Link Following') in OpenClaw. Runnable patch commands, mitigation, an
CVE-2026-41368 - CWE-668: Exposure of Resource to Wrong Sphere in OpenClaw. Runnable patch commands, mitigation, and verification on this pa
CVE-2026-41369 - CWE-668: Exposure of Resource to Wrong Sphere in OpenClaw. Runnable patch commands, mitigation, and verification on this pa
CVE-2026-4137 is an unsafe deserialization in mlflow/mlflow. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-41370 - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in OpenClaw. Runnable patch commands,
CVE-2026-41371 - CWE-863: Incorrect Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41375 - CWE-863: Incorrect Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41378 - CWE-862 Missing Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41379 - CWE-863: Incorrect Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41380 - CWE-807 Reliance on Untrusted Inputs in a Security Decision in OpenClaw. Runnable patch commands, mitigation, and verificat
CVE-2026-41384 - CWE-15: External Control of System or Configuration Setting in OpenClaw. Runnable patch commands, mitigation, and verificat
CVE-2026-41385 - CWE-312: Cleartext Storage of Sensitive Information in OpenClaw. Runnable patch commands, mitigation, and verification on t
CVE-2026-41387 - CWE-183: Permissive List of Allowed Inputs in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41390 - CWE-807 Reliance on Untrusted Inputs in a Security Decision in OpenClaw. Runnable patch commands, mitigation, and verificat
CVE-2026-41394 - CWE-862 Missing Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41395 - CWE-325: Missing Cryptographic Step in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41396 - CWE-829: Inclusion of Functionality from Untrusted Control Sphere in OpenClaw. Runnable patch commands, mitigation, and ver
CVE-2026-41397 - CWE-59: Improper Link Resolution Before File Access ('Link Following') in OpenClaw. Runnable patch commands, mitigation, an
CVE-2026-41399 - CWE-770: Allocation of Resources Without Limits or Throttling in OpenClaw. Runnable patch commands, mitigation, and verific
CVE-2026-41404 - CWE-863: Incorrect Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41405 - CWE-408: Incorrect Behavior Order: Early Amplification in OpenClaw. Runnable patch commands, mitigation, and verification o
CVE-2026-41414 - CWE-94: Improper Control of Generation of Code ('Code Injection') in skim. Runnable patch commands, mitigation, and verific
CVE-2026-41416 - CWE-190: Integer Overflow or Wraparound in pjproject. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41419 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in 4gaBoards. Runnable patch command
CVE-2026-41421 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in siyuan. Runnable patc
CVE-2026-41422 improper neutralization of special elements used in an sql command ('sql injecti in daptin. Runnable upgrade commands and ver
CVE-2026-41423 is a server-side request forgery (ssrf) in angular. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-41427 - CWE-863: Incorrect Authorization in better-auth. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41429 - CWE-121: Stack-based Buffer Overflow in arduino-esp32. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41431 improper verification of cryptographic signature in desktop. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-41432 insufficient verification of data authenticity in new-api. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-41433 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in opentelemetry-ebpf-instrumentatio
CVE-2026-41445 is an integer overflow in kissfft. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4145 is a vulnerability in Software Fix. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41454 - CWE-862 Missing Authorization in wekan. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41458 - CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in owntone-server. Runn
CVE-2026-41463 - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ProjeQtor. Runnable patch commands
CVE-2026-41464 - CWE-862 Missing Authorization in ProjeQtor. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41465 - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in ProjeQtor. Runnable patch commands
CVE-2026-4147 is a stack memory disclosure in filemd5 command in Mongodb Inc MongoDB Server. CVSS 7.1 High. Patch commands, mitigations, and
CVE-2026-41470 is an access control bypass in LIVE555. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-41471 authorization bypass through user-controlled key in easy-paypal-events-tickets. Runnable upgrade commands and verification st
CVE-2026-41473 - CWE-306 Missing Authentication for Critical Function in cyberpanel. Runnable patch commands, mitigation, and verification o
CVE-2026-41475 - CWE-125: Out-of-bounds Read in bacnet-stack. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41476 - CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in deskflow. Runnable patch commands, mitig
CVE-2026-41477 - CWE-306: Missing Authentication for Critical Function in deskflow. Runnable patch commands, mitigation, and verification on
CVE-2026-4148 is a cwe-416 use after free in Mongodb Inc MongoDB Server. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-41485 - CWE-617: Reachable Assertion in kyverno. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41486 improper control of generation of code ('code injection') in ray. Runnable upgrade commands and verification steps for sysadm
CVE-2026-41489 incorrect permission assignment for critical resource in pi-hole. Runnable upgrade commands and verification steps for sysadm
CVE-2026-41490 improper neutralization of special elements used in an sql command ('sql injecti in dagster. Runnable upgrade commands and ve
CVE-2026-41491 improper limitation of a pathname to a restricted directory ('path traversal') in dapr. Runnable upgrade commands and verific
CVE-2026-41496 improper neutralization of special elements used in an sql command ('sql injecti in PraisonAI. Runnable upgrade commands and
CVE-2026-4150 is an integer overflow in GIMP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41502 - CWE-125: Out-of-bounds Read in bacnet-stack. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41503 - CWE-125: Out-of-bounds Read in bacnet-stack. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41505 use of cryptographically weak pseudo-random number generator (prng) in relate. Runnable upgrade commands and verification ste
CVE-2026-4151 is an integer overflow in GIMP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4152 is a heap buffer overflow in GIMP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41520 exposure of sensitive information to an unauthorized actor in cilium. Runnable upgrade commands and verification steps for sy
CVE-2026-41524 improper neutralization of input during web page generation ('cross-site scripti in BraveCMS-2.0. Runnable upgrade commands a
CVE-2026-4153 is a heap buffer overflow in GIMP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4154 is an integer overflow in GIMP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4155 is a cwe-540: inclusion of sensitive information in in Home Flex. This page lists verified fix commands and short-term mitigat
CVE-2026-41554 improper neutralization of input during web page generation ('cross-site scripti in Bricks Builder. Runnable upgrade commands
CVE-2026-4156 is a stack buffer overflow in Home Flex. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41564 - CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) in CryptX. Runnable patch commands, mitigation, a
CVE-2026-4157 is an OS command injection in Home Flex. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41570 improper neutralization of crlf sequences ('crlf injection') in phpunit. Runnable upgrade commands and verification steps for
CVE-2026-41576 improper neutralization of input during web page generation ('cross-site scripti in BraveCMS-2.0. Runnable upgrade commands a
CVE-2026-4158 is an uncontrolled search path element in KeePassXC. This page lists verified fix commands and short-term mitigations you can
CVE-2026-41587 is a unrestricted upload of file with dangerous type in ci4ms. Patched version, runnable upgrade commands, and how to verify
CVE-2026-41602 - CWE-190 Integer Overflow or Wraparound in Apache Thrift. Runnable patch commands, mitigation, and verification on this page
CVE-2026-41603 - CWE-297 Improper Validation of Certificate with Host Mismatch in Apache Thrift. Runnable patch commands, mitigation, and ve
CVE-2026-41604 - CWE-125 Out-of-bounds Read in Apache Thrift. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41605 - CWE-190 Integer Overflow or Wraparound in Apache Thrift. Runnable patch commands, mitigation, and verification on this page
CVE-2026-41611: a cross-site scripting (XSS) in Visual Studio Code. Patched version and vendor advisory inside.
CVE-2026-41613 is a vulnerability in Visual Studio Code. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-4162 is a missing authorization in Gravity SMTP. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-41636 - CWE-674 Uncontrolled Recursion in Apache Thrift. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41640 improper neutralization of special elements used in an sql command ('sql injecti in nocobase. Runnable upgrade commands and v
CVE-2026-41641 improper neutralization of special elements used in an sql command ('sql injecti in nocobase. Runnable upgrade commands and v
CVE-2026-41642 is a null pointer dereference in gobgp. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-41643 is a improper validation of array index in gobgp. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-41644 generation of error message containing sensitive information in monetr. Runnable upgrade commands and verification steps for
CVE-2026-41649 - CWE-639: Authorization Bypass Through User-Controlled Key in outline. Runnable patch commands, mitigation, and verification
CVE-2026-41651 - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition in PackageKit. Runnable patch commands, mitigation, and verifica
CVE-2026-41653 improper neutralization of input during web page generation ('cross-site scripti in bentopdf. Runnable upgrade commands and v
CVE-2026-41660 is a incorrect authorization in admidio. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-41669 improper verification of cryptographic signature in admidio. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-4167 is a belkin f9k1122 formreboot stack-based overflow in Belkin F9K1122. CVSS 8.7 High. Patch commands, mitigations, and verific
CVE-2026-41670 is a improper input validation in admidio. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-41672 is a xml injection (aka blind xpath injection) in xmldom. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-41673 is a uncontrolled recursion in xmldom. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-41674 is a xml injection (aka blind xpath injection) in xmldom. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-41675 is a xml injection (aka blind xpath injection) in xmldom. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-41676 - CWE-787: Out-of-bounds Write in rust-openssl. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41678 - CWE-787: Out-of-bounds Write in rust-openssl. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41680 - CWE-400: Uncontrolled Resource Consumption in marked. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41681 - CWE-121: Stack-based Buffer Overflow in rust-openssl. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41683 improper neutralization of input during web page generation ('cross-site scripti in i18next-http-middleware. Runnable upgrade
CVE-2026-41688 is a server-side request forgery (ssrf) in Wallos. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-41690 improper limitation of a pathname to a restricted directory ('path traversal') in i18next-http-middleware. Runnable upgrade c
CVE-2026-41693 external control of file name or path in i18next-fs-backend. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-41702 is a race condition in Fusion. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-41705 improper neutralization of special elements used in an expression language state in Spring AI. Runnable upgrade commands and
CVE-2026-41712 is an information disclosure in Spring AI. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-41713 is a server-side template injection in Spring AI. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-4172: TRENDnet TEW-632BRP HTTP POST Request ping_response.cgi stack-based overflow in TEW-632BRP. Patch commands and verification.
CVE-2026-41872: an authentication bypass in "Kura Sushi Official App" for Android. Patched version and vendor advisory inside.
CVE-2026-4188 is a d-link dir-619l boa formschedule stack-based overflow in D-link DIR-619L. CVSS 8.7 High. Patch commands, mitigations, and
CVE-2026-41882 - CWE-59 in IntelliJ IDEA. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41883 improper neutralization of special elements used in an expression language state in omnifaces. Runnable upgrade commands and
CVE-2026-41886 improper neutralization of input during web page generation ('cross-site scripti in locize. Runnable upgrade commands and ver
CVE-2026-41893 improper restriction of excessive authentication attempts in signalk-server. Runnable upgrade commands and verification steps
CVE-2026-41894 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in siyuan. Runnable patch commands,
CVE-2026-41895 is a XML external entity (XXE) in changedetection.io. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-41898 - CWE-126: Buffer Over-read in rust-openssl. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41900 improper neutralization of special elements used in an os command ('os command i in OpenLearnX. Runnable upgrade commands and
CVE-2026-41904 improper neutralization of input during web page generation ('cross-site scripti in freescout. Runnable upgrade commands and
CVE-2026-41905 is a server-side request forgery (ssrf) in freescout. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-41906 authorization bypass through user-controlled key in freescout. Runnable upgrade commands and verification steps for sysadmins
CVE-2026-41907 - CWE-823: Use of Out-of-range Pointer Offset in uuid. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41927 is a stack-based buffer overflow in WDR201A WiFi Extender. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-41934 is a incomplete list of disallowed inputs in Vvveb. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-41935 is a vulnerability in Vvveb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-41936 improper restriction of xml external entity reference in Vvveb. Runnable upgrade commands and verification steps for sysadmin
CVE-2026-41937 is an unrestricted file upload in Vvveb. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-41938 is a unrestricted upload of file with dangerous type in Vvveb. Patched version, runnable upgrade commands, and how to verify
CVE-2026-41949: an insecure direct object reference (IDOR) in dify. Patched version and vendor advisory inside.
CVE-2026-41951 improper limitation of a pathname to a restricted directory ('path traversal') in Growi. Runnable upgrade commands and verifi
CVE-2026-41952 - CWE-123 in Acronis DeviceLock DLP. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41953 is an OS command injection in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-41956 is a stack-based buffer overflow in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-41957 is an unsafe deserialization in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-41964 is a race condition in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42001 is a vulnerability in Authoritative. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42009 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-42010 null byte interaction error (poison null byte) in Red Hat Hardened Images. Runnable upgrade commands and verification steps f
CVE-2026-42011 improper certificate validation in Red Hat Hardened Images. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-42031 is a SQL injection in ckan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42033 - CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in axios. Runnable patc
CVE-2026-42035 - CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in axios. Runnable p
CVE-2026-42043 - CWE-183: Permissive List of Allowed Inputs in axios. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42046 is a heap-based buffer overflow in libcaca. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42047 exposure of sensitive information to an unauthorized actor in inngest-js. Runnable upgrade commands and verification steps fo
CVE-2026-42069 is a missing authorization in kirby. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42075 improper limitation of a pathname to a restricted directory ('path traversal') in evolver. Runnable upgrade commands and veri
CVE-2026-42079 improper neutralization of directives in dynamically evaluated code ('eval injec in PPTAgent. Runnable upgrade commands and v
CVE-2026-4208: Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email) in Extension "E-Mail MFA Provider". Patch commands and v
CVE-2026-42084 is a unverified password change in cosmos. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42096 is an access control bypass in Pro Cloud Server. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-42098 is a vulnerability in Enterprise Architect. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-42099 is a race condition in Pro Cloud Server. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-42100 is a path traversal in Pro Cloud Server. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4211: D-Link DNS-1550-04 local_backup_mgr.cgi Local_Backup_Info stack-based overflow in DNS-120. Patch commands and verification.
CVE-2026-4212 is a stack-based buffer overflow in D-link DNS-120. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-4213: D-Link DNS-1550-04 gui_mgr.cgi cgi_myfavorite_verify stack-based overflow in DNS-120. Patch commands and verification.
CVE-2026-42137 is a missing authorization in kirby. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4214: D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Setting stack-based overflow in DNS-120. Patch commands and verification.
CVE-2026-42141 is a server-side request forgery (SSRF) in xibo-cms. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-42151 exposure of sensitive information to an unauthorized actor in prometheus. Runnable upgrade commands and verification steps fo
CVE-2026-42154 is a uncontrolled resource consumption in prometheus. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-42156 is a code injection in flowsint. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42167 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ProFTPD. Runnable patch comm
CVE-2026-42171 - CWE-427 Uncontrolled Search Path Element in Nullsoft Scriptable Install System. Runnable patch commands, mitigation, and ve
CVE-2026-42189 allocation of resources without limits or throttling in russh. Runnable upgrade commands and verification steps for sysadmins
CVE-2026-42198 - CWE-770: Allocation of Resources Without Limits or Throttling in pgjdbc. Runnable patch commands, mitigation, and verificat
CVE-2026-42203 improper neutralization of special elements used in a template engine in litellm. Runnable upgrade commands and verification
CVE-2026-42205 is a improper access control in avo. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42212 is a uncontrolled resource consumption in SolidCAM-GPPL-IDE. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-42214 improper control of generation of code ('code injection') in NotepadNext. Runnable upgrade commands and verification steps fo
CVE-2026-42215 improper neutralization of special elements used in an os command ('os command i in GitPython. Runnable upgrade commands and
CVE-2026-42216 is a out-of-bounds read in openexr. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42221 is a missing authentication for critical function in nginx-ui. Patched version, runnable upgrade commands, and how to verify
CVE-2026-42222 is a missing authentication for critical function in nginx-ui. Patched version, runnable upgrade commands, and how to verify
CVE-2026-42224 improper neutralization of input during web page generation ('cross-site scripti in ipl-web. Runnable upgrade commands and ve
CVE-2026-42225 is a improper certificate validation in pjproject. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-42226 is a missing authorization in n8n. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42234 improper control of generation of code ('code injection') in n8n. Runnable upgrade commands and verification steps for sysadm
CVE-2026-42235 is a improper neutralization of alternate xss syntax in n8n. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-42236 allocation of resources without limits or throttling in n8n. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-42239 is a sensitive cookie without 'httponly' flag in budibase. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-42246 is a missing report of error condition in net-imap. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-42248 - CWE-494: Download of Code Without Integrity Check in Ollama. Runnable patch commands, mitigation, and verification on this
CVE-2026-42249 - CWE-494: Download of Code Without Integrity Check in Ollama. Runnable patch commands, mitigation, and verification on this
CVE-2026-42255 - CWE-684 Incorrect Provision of Specified Functionality in DnsServer. Runnable patch commands, mitigation, and verification
CVE-2026-4226: LB-LINK BL-WR9000 get_virtual_cfg sub_44E8D0 stack-based overflow in BL-WR9000. Patch commands and verification.
CVE-2026-42260: a server-side request forgery (SSRF) in open-webSearch. Patched version and vendor advisory inside.
CVE-2026-42261 is a improper input validation in PromptHub. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42264 improperly controlled modification of object prototype attributes ('prototype po in axios. Runnable upgrade commands and veri
CVE-2026-42266 is a vulnerability in jupyterlab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42268 is a vulnerability in ModSecurity. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4227: LB-LINK BL-WR9000 get_hidessid_cfg sub_44D844 buffer overflow in BL-WR9000. Patch commands and verification.
CVE-2026-42271 improper neutralization of special elements used in a command ('command injectio in litellm. Runnable upgrade commands and ve
CVE-2026-42272 is a interpretation conflict in heimdall. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42273 is a interpretation conflict in heimdall. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42274 is a path traversal: ' in heimdall. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42275 is a unix symbolic link (symlink) following in zrok. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-42278 is a improper access control in core. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42283 is an authentication bypass in devspace. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-42284 improper neutralization of argument delimiters in a command ('argument injection in GitPython. Runnable upgrade commands and
CVE-2026-42285 is a null pointer dereference in gobgp. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42286 is a cross-site request forgery (csrf) in emlog. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-42289 is a local privilege escalation in CRM. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-42290 is an OS command injection in protobuf.js. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-42294 allocation of resources without limits or throttling in argo-workflows. Runnable upgrade commands and verification steps for
CVE-2026-42295 is a insufficiently protected credentials in argo-workflows. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-42296 is a incorrect authorization in argo-workflows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42297 is a missing authorization in argo-workflows. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42301 is a improper input validation in pyp2spec. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42304 is a vulnerability in twisted. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42311 is a integer overflow or wraparound in Pillow. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42313 unintended proxy or intermediary ('confused deputy') in pyload. Runnable upgrade commands and verification steps for sysadmin
CVE-2026-42315 improper limitation of a pathname to a restricted directory ('path traversal') in pyload. Runnable upgrade commands and verif
CVE-2026-42327 is an improper input validation in rust-openssl. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-42334 is a vulnerability in mongoose. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42339 is a server-side request forgery (ssrf) in new-api. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-42345 is a server-side request forgery (ssrf) in FastGPT. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-42349 improper check for unusual or exceptional conditions in javascript. Runnable upgrade commands and verification steps for sysa
CVE-2026-42351 improper limitation of a pathname to a restricted directory ('path traversal') in pygeoapi. Runnable upgrade commands and ver
CVE-2026-42352 is a server-side request forgery (ssrf) in pygeoapi. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-42353 improper limitation of a pathname to a restricted directory ('path traversal') in i18next-http-middleware. Runnable upgrade c
CVE-2026-42365 is a predictable from observable state in Gv-Lpc2011/Lpc2211. Patched version, runnable upgrade commands, and how to verify t
CVE-2026-42366 improper neutralization of input during web page generation ('cross-site scripti in Gv-Lpc2011/Lpc2211. Runnable upgrade comm
CVE-2026-42372 is a use of hard-coded credentials in DIR-605L Firmware. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2026-42377 - CWE-862 Missing Authorization in SureForms Pro. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42379 - CWE-201 Insertion of Sensitive Information Into Sent Data in Templately. Runnable patch commands, mitigation, and verificat
CVE-2026-42383: a SQL injection in YITH WooCommerce Product Add-Ons. Patched version and vendor advisory inside.
CVE-2026-42402 - CWE-400 Uncontrolled Resource Consumption in Apache Neethi. Runnable patch commands, mitigation, and verification on this p
CVE-2026-42403 - CWE-400 Uncontrolled Resource Consumption in Apache Neethi. Runnable patch commands, mitigation, and verification on this p
CVE-2026-42406 is a local privilege escalation in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-42409 is a denial of service in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42422 - CWE-863: Incorrect Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42423 - CWE-636: Not Failing Securely (Failing Open) in OpenClaw. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-42426 - CWE-863: Incorrect Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42428 - CWE-353 Missing Support for Integrity Check in OpenClaw. Runnable patch commands, mitigation, and verification on this page
CVE-2026-42431 - CWE-863: Incorrect Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42432 - CWE-863: Incorrect Authorization in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42433 is a missing authorization in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42434 is a incorrect authorization in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42435 is a incomplete list of disallowed inputs in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-42437 allocation of resources without limits or throttling in OpenClaw. Runnable upgrade commands and verification steps for sysadm
CVE-2026-42440 memory allocation with excessive size value in Apache OpenNLP. Runnable upgrade commands and verification steps for sysadmins
CVE-2026-42449 is a server-side request forgery (ssrf) in n8n-mcp. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-42452 is a missing critical step in authentication in Termix. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-42453 improper neutralization of special elements used in a command ('command injectio in Termix. Runnable upgrade commands and ver
CVE-2026-42455 improper neutralization of input during web page generation ('cross-site scripti in linkwarden. Runnable upgrade commands and
CVE-2026-42461 is a missing authorization in arcane. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42463: an insecure direct object reference (IDOR) in SQLBot. Patched version and vendor advisory inside.
CVE-2026-42467 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42468 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42469 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42471 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-4248: an access control bypass in Ultimate Member – User Profile. Patched version and vendor advisory inside.
CVE-2026-42482 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42483 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42485 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42499 is a inefficient algorithmic complexity in net/mail. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-42501 improper verification of cryptographic signature in cmd/go. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-42503 binding to an unrestricted ip address in golang.org/x/tools/gopls. Runnable upgrade commands and verification steps for sysad
CVE-2026-42511 - CWE-149: Improper Neutralization of Quoting Syntax in FreeBSD. Runnable patch commands, mitigation, and verification on thi
CVE-2026-42512 - CWE-122: Heap-based Buffer Overflow in FreeBSD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42513 - CWE 287 Improper Authentication in e-Sushrut, Hospital Management Information System (HMIS). Runnable patch commands, mitig
CVE-2026-42514 - CWE-319 Cleartext transmission of sensitive information in e-Sushrut, Hospital Management Information System (HMIS). Runnab
CVE-2026-42515 - CWE-639 Authorization bypass through User-Controlled key in e-Sushrut, Hospital Management Information System (HMIS). Runna
CVE-2026-42516 - CWE-639 Authorization bypass through User-Controlled key in e-Sushrut, Hospital Management Information System (HMIS). Runna
CVE-2026-42517 - CWE-639 Authorization bypass through User-Controlled key in e-Sushrut, Hospital Management Information System (HMIS). Runna
CVE-2026-42518 - CWE-321 Use of hard-coded cryptographic key in e-Sushrut, Hospital Management Information System (HMIS). Runnable patch com
CVE-2026-42520 - Security Vulnerability in Jenkins Credentials Binding Plugin. Runnable patch commands, mitigation, and verification on this
CVE-2026-42524 - Security Vulnerability in Jenkins HTML Publisher Plugin. Runnable patch commands, mitigation, and verification on this page
CVE-2026-42544 is an improper input validation in granian. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-42548 is a cross-site scripting (XSS) in core. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4255 is a dll injection privilege escalation in Thermalright TR-VISION HOME. CVSS 8.4 High. Patch commands, mitigations, and verifi
CVE-2026-42550 is a SQL injection in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42551 is an interpretation conflict in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42552 is a path traversal in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42556 improper neutralization of input during web page generation ('cross-site scripti in postiz-app. Runnable upgrade commands and
CVE-2026-42557 is a cross-site scripting (XSS) in jupyterlab. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-42559 is a vulnerability in rust-sdk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42561 is a denial of service in python-multipart. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-42562 is a improper privilege management in plainpad. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42564 improper limitation of a pathname to a restricted directory ('path traversal') in jotty. Runnable upgrade commands and verifi
CVE-2026-42574 improper limitation of a pathname to a restricted directory ('path traversal') in apko. Runnable upgrade commands and verific
CVE-2026-42575 is a insufficient verification of data authenticity in apko. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-42577 is an OS command injection in netty. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42579 is an improper input validation in netty. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-4258 is a improper verification of cryptographic signature in the vendor sjcl. CVSS 7.5 High. Patch commands, mitigations, and veri
CVE-2026-42582 is a denial of service in netty. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42583 is a vulnerability in netty. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42584 is a vulnerability in netty. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42587 is a vulnerability in netty. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42590 is a vulnerability in gotenberg. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42591 is a server-side request forgery (SSRF) in gotenberg. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-42594 is a race condition in gotenberg. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42595 is a server-side request forgery (SSRF) in gotenberg. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-42602: a vulnerability in opentelemetry-collector-contrib. Patched version and vendor advisory inside.
CVE-2026-42603 improper control of generation of code ('code injection') in BLT. Runnable upgrade commands and verification steps for sysadm
CVE-2026-42605 improper limitation of a pathname to a restricted directory ('path traversal') in AzuraCast. Runnable upgrade commands and ve
CVE-2026-42606 weak password recovery mechanism for forgotten password in AzuraCast. Runnable upgrade commands and verification steps for sy
CVE-2026-42608 improper limitation of a pathname to a restricted directory ('path traversal') in grav. Runnable upgrade commands and verific
CVE-2026-42609 is a improper privilege management in grav. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4261 is a vulnerability in Expire Users. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42611 improper neutralization of input during web page generation ('cross-site scripti in grav. Runnable upgrade commands and verif
CVE-2026-42612 improper neutralization of input during web page generation ('cross-site scripti in grav. Runnable upgrade commands and verif
CVE-2026-42615 - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in CyberChef. Runnable p
CVE-2026-42646 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in TaxoPress. Runnable patch commands,
CVE-2026-42652 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in User Registration. Runnable patch c
CVE-2026-4266 is an unsafe deserialization in Fireware OS. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-4267: Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI in Query Monitor. Patch commands and verification.
CVE-2026-4269: Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit in Bedrock AgentCore Starter Toolkit. Patch commands
CVE-2026-4272: CVE-2026-4272 - Bluetooth Remote Execution of System Commands in Barcode Scanners. Patch commands and verification.
CVE-2026-42741: a SQL injection in Ninja Forms Views – Display & . Patched version and vendor advisory inside.
CVE-2026-42742 is a SQL injection in Views for WPForms. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4276 is a cwe-20 improper input validation in Librechat RAG API. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-42786 - CWE-770 Allocation of Resources Without Limits or Throttling in bandit. Runnable patch commands, mitigation, and verificati
CVE-2026-42793 allocation of resources without limits or throttling in absinthe. Runnable upgrade commands and verification steps for sysadm
CVE-2026-42799 - CWE-125 Out-of-bounds read in Kestrel. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42800 - CWE-476 NULL pointer dereference in Lapwing_Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-4282 is a improper isolation or compartmentalization in Red Hat build of Keycloak 26.2, fixed by the same patch as CVE-2026-3872.
CVE-2026-42825 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-42831 is a path traversal in Microsoft Office for Android. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-42832: an access control bypass in Microsoft Excel for Android. Patched version and vendor advisory inside.
CVE-2026-42834: a vulnerability in Windows Admin Center in Azure Portal. Patched version and vendor advisory inside.
CVE-2026-42843 is a incorrect authorization in grav-plugin-api. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-42844 is an unrestricted file upload in grav. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-42845 external control of file name or path in grav-plugin-form. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-42847 is a SQL injection in clipbucket-v5. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42855 is an authentication bypass in arduino-esp32. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-42856 missing authentication for critical function in Network-AI. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-42858 is a server-side request forgery (ssrf) in openedx-platform. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-42859 buffer copy without checking size of input ('classic buffer overflow') in neatvnc. Runnable upgrade commands and verification
CVE-2026-42860 is a server-side request forgery (ssrf) in edx-enterprise. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-42881 is a path traversal in STIGQter. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42893: an OS command injection in Microsoft Outlook for iOS. Patched version and vendor advisory inside.
CVE-2026-42896 is a vulnerability in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-42899 is a denial of service in .NET 10.0. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42920 is a denial of service in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42924 is an OS command injection in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42930 is a path traversal in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42944 is a memory corruption in Unbound. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42945 is a path traversal in NGINX Plus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4295: Arbitrary code execution via crafted project files in Kiro IDE in Kiro IDE. Patch commands and verification.
CVE-2026-42959 is a vulnerability in Unbound. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4296 is a regular expression in Enterprise Server. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-42994 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Bitwarden CLI. Runnab
CVE-2026-42997 is a incorrect resource transfer between spheres in Ironic. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-43001 - CWE-863 Incorrect Authorization in Keystone. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43003 - CWE-829 Inclusion of Functionality from Untrusted Control Sphere in ironic-python-agent. Runnable patch commands, mitigatio
CVE-2026-43006 - io_uring/rsrc: reject zero-length fixed buffer import in Linux. Runnable patch commands, mitigation, and verification on th
CVE-2026-43009 - bpf: Fix incorrect pruning due to atomic fetch precision tracking in Linux. Runnable patch commands, mitigation, and verifi
CVE-2026-43016 - bpf: sockmap: Fix use-after-free of sk->sk_socket in Linux. Runnable patch commands, mitigation, and verification on this p
CVE-2026-43018 - Bluetooth: hci_event: fix potential UAF in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43019 - Bluetooth: hci_conn: fix potential UAF in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-4302: a vulnerability in WowOptin: Next-Gen Popup Maker – Create . Patched version and vendor advisory inside.
CVE-2026-43023 - Bluetooth: SCO: fix race conditions in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43025 - netfilter: ctnetlink: ignore explicit helper on new expectations in Linux. Runnable patch commands, mitigation, and verific
CVE-2026-43028 - netfilter: x_tables: ensure names are nul-terminated in Linux. Runnable patch commands, mitigation, and verification on thi
CVE-2026-43029 - mptcp: fix soft lockup in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43030 - bpf: Fix regsafe() for pointers to packet in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43031 - net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets in Linux. Runnable patch commands, mitigation, and verific
CVE-2026-43033 - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption in Linux. Runnable patch commands, mitiga
CVE-2026-4304 improper neutralization of special elements used in an sql command ('sql injecti in WeePie Cookie Allow. Runnable upgrade comm
CVE-2026-43042 - mpls: add seqcount to protect the platform_label{, s} pair in Linux. Runnable patch commands, mitigation, and verification
CVE-2026-43044 - crypto: caam - fix DMA corruption on long hmac keys in Linux. Runnable patch commands, mitigation, and verification on this
CVE-2026-43047 - HID: multitouch: Check to ensure report responses match the request in Linux. Runnable patch commands, mitigation, and veri
CVE-2026-43048 - HID: core: Mitigate potential OOB by removing bogus memset() in Linux. Runnable patch commands, mitigation, and verificatio
CVE-2026-43051 - HID: wacom: fix out-of-bounds read in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43055 - scsi: target: file: Use kzalloc_flex for aio_cmd in Linux. Runnable patch commands, mitigation, and verification on this pa
CVE-2026-43056 - net: mana: fix use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43057 - net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback in Linux. Runnable patch commands, mitigation, and verific
CVE-2026-4306: a SQL injection in WP Job Portal – AI-Powered Recruitment S. Patched version and vendor advisory inside.
CVE-2026-43060 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43062 is a type confusion in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43063 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43070 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43074 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43075 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43076 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43078 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43084 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43091 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43093 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43099 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43101 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43106 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43110 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43111 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43112 is a out-of-bounds read in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43113 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43116 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43120 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43126 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43128 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43133 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43134 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43139 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4314: a vulnerability in The Ultimate WordPress Toolkit – WP Exte. Patched version and vendor advisory inside.
CVE-2026-4315 is a vulnerability in Fireware OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43150 is a memory corruption in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43153 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43158 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43164 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43166 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43172 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43176 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43178 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4318 is a utt hiper 810g formaplbconfig strcpy buffer overflow in Utt HiPER 810G. CVSS 8.7 High. Patch commands, mitigations, and v
CVE-2026-43180 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43184 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43187 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43190 is a out-of-bounds read in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43194 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43199 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43203 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43206 is a out-of-bounds write in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43207 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43211 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43212 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43213 is a null pointer dereference in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43214 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43215 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43222 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43226 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43230 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43232 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43233 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43236 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43237 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43239 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43245 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43248 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43249 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43253 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43254 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43256 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43258 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4326 is a missing authorization in Vertex Addons for Elementor. This page lists verified fix commands and short-term mitigations yo
CVE-2026-43263 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43274 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43278 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43279 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43280 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43283 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43284 is a write-what-where condition in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4329 is a vulnerability in Blackhole for Bad Bots. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-43290 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43291 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43296 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43303 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43307 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43321 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43322 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43324 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43329 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43330 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43332 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43334 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43336 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43339 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43345 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43347 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43350 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43352 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43353 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43362 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43365 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43366 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43368 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43370 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43373 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43374 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43377 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4338: ActivityPub Routing < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure in ActivityPub. Patch commands and ve
CVE-2026-43380 is a buffer overflow in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43385 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43391 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43403 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43405 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43408 is a race condition in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4342: ingress-nginx comment-based nginx configuration injection in ingress-nginx. Patch commands and verification.
CVE-2026-43433 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43434 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43437 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43438 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4344 is a cross-site scripting in Fusion. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-43441 is a null pointer dereference in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43442 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43447 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4345 is a cross-site scripting in Fusion. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-43452 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43454 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43456 is a type confusion in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43459 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43461 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43462 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43464 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43466 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43469 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4347: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MW WP Form. Patch commands and verification
CVE-2026-43476 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4348 improper neutralization of special elements used in an sql command ('sql injecti in BetterDocs Pro. Runnable upgrade commands
CVE-2026-43481 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43490 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4350: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Perfmatters. Patch commands and verificatio
CVE-2026-43500 is a out-of-bounds write in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4351 is a path traversal in Perfmatters. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-43510 is a incorrect privilege assignment in manage.get.gov. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-4352 is a SQL injection in JetEngine. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-43526 is a server-side request forgery (ssrf) in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-43528 improper removal of sensitive information before storage or transfer in OpenClaw. Runnable upgrade commands and verification
CVE-2026-43530 is a incorrect authorization in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43531 external control of system or configuration setting in OpenClaw. Runnable upgrade commands and verification steps for sysadmi
CVE-2026-43533 is a relative path traversal in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43535 is a incorrect privilege assignment in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-43567 is a missing authorization in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43568 is a missing authorization in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43569 inclusion of functionality from untrusted control sphere in OpenClaw. Runnable upgrade commands and verification steps for sy
CVE-2026-43571 inclusion of functionality from untrusted control sphere in OpenClaw. Runnable upgrade commands and verification steps for sy
CVE-2026-43577 is a missing authorization in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43584 is a incomplete list of disallowed inputs in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-43619 is a race condition in rsync. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43634 is a vulnerability in hestiacp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43639 is a missing authorization in server. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43640 incorrect implementation of authentication algorithm in server. Runnable upgrade commands and verification steps for sysadmin
CVE-2026-43646 exposure of sensitive information to an unauthorized actor in Apache Wicket. Runnable upgrade commands and verification steps
CVE-2026-43652 is a improper access control in macOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43654 exposure of sensitive system information to an unauthorized control sphere in iOS and iPadOS. Runnable upgrade commands and v
CVE-2026-43655 is a out-of-bounds read in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43656 is a out-of-bounds write in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43658 improper restriction of operations within the bounds of a memory buffer in Safari. Runnable upgrade commands and verification
CVE-2026-43660 is a protection mechanism failure in Safari. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43661 is a stack-based buffer overflow in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-43668 is a use after free in iOS and iPadOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4368 is a vulnerability in ADC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4369 is a cross-site scripting in Fusion. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4373: a path traversal in JetFormBuilder, Dynamic Blocks Form Bui. Patched version and vendor advisory inside.
CVE-2026-4374: Improper Restriction of XML External Entity Reference in Connext Professional. Patch commands and verification.
CVE-2026-43824 - CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer in Argo CD. Runnable patch commands, mitigatio
CVE-2026-43869 improper validation of certificate with host mismatch in Apache Thrift. Runnable upgrade commands and verification steps for
CVE-2026-43870 is a origin validation error in Apache Thrift. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43873 generation of error message containing sensitive information in AVideo. Runnable upgrade commands and verification steps for
CVE-2026-43874 improper control of generation of code ('code injection') in AVideo. Runnable upgrade commands and verification steps for sys
CVE-2026-4388 is a cross-site scripting in Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder. This page lists verified
CVE-2026-43884 is a server-side request forgery (ssrf) in AVideo. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-43885 exposure of sensitive information to an unauthorized actor in AVideo. Runnable upgrade commands and verification steps for sy
CVE-2026-43886 is a improper privilege management in outline. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43887 improper neutralization of input during web page generation ('cross-site scripti in outline. Runnable upgrade commands and ve
CVE-2026-43888 improper limitation of a pathname to a restricted directory ('path traversal') in outline. Runnable upgrade commands and veri
CVE-2026-43890 authorization bypass through user-controlled key in outline. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-43891 is an arbitrary file read in changedetection.io. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-43892 is a cross-site scripting (XSS) in antSword. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-43893 improper neutralization of argument delimiters in a command ('argument injection in exiftool-vendored.js. Runnable upgrade co
CVE-2026-43897 is a server-side request forgery (ssrf) in link-preview-js. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-43903 is an OS command injection in OpenImageIO. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-43904 is an OS command injection in OpenImageIO. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-43905 is a vulnerability in OpenImageIO. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43906 is a path traversal in OpenImageIO. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43907 is an out-of-bounds write in OpenImageIO. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-43908 is an out-of-bounds write in OpenImageIO. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-43909 is an out-of-bounds read in OpenImageIO. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-43912 is a improper authorization in vaultwarden. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43913 is a incorrect authorization in vaultwarden. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43914 improper restriction of excessive authentication attempts in vaultwarden. Runnable upgrade commands and verification steps fo
CVE-2026-43916 is an out-of-bounds read in pam_authnft. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-43929 is a vulnerability in ssrfcheck. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43937 is a SQL injection in YAFNET. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43938 is a cross-site scripting (XSS) in YAFNET. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-43939 is a cross-site scripting (XSS) in YAFNET. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-43940 improper limitation of a pathname to a restricted directory ('path traversal') in electerm. Runnable upgrade commands and ver
CVE-2026-43943 improper neutralization of special elements used in an os command ('os command i in electerm. Runnable upgrade commands and v
CVE-2026-4396: CWE-295 Improper certificate validation in Hub Reporting Service. Patch commands and verification.
CVE-2026-43967 is a inefficient algorithmic complexity in absinthe. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-43970 is a denial of service in cowlib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43983 is an access control bypass in pocket-id. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-43989 is an improper input validation in junoclaw. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-4399: Multiple vulnerabilities in 1millionbot Millie chatbot in Millie chat. Patch commands and verification.
CVE-2026-43990 is an OS command injection in junoclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-43991 is an OS command injection in junoclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-43993 is a server-side request forgery (SSRF) in junoclaw. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-43998 is a vulnerability in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4400: Multiple vulnerabilities in 1millionbot Millie chatbot in Millie chat. Patch commands and verification.
CVE-2026-44001 is a denial of service in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44004 is a denial of service in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44010 is a missing authorization in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44011 is a cross-site scripting (XSS) in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-44012 is a missing authorization in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44015 is a server-side request forgery (SSRF) in nginx-ui. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-44028 is a uncontrolled recursion in Nix. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44047 is a SQL injection in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44048 is a stack-based buffer overflow in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-44049 is an OS command injection in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-44051 is a vulnerability in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44052 is an information disclosure in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-44053 is a weak cryptography in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44055 is an OS command injection in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-44060 is a vulnerability in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44062 is an OS command injection in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-44064 is an out-of-bounds read in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44066 is an out-of-bounds read in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44068 is a path traversal in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44088 is an unrestricted file upload in SzafirHost. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-44110 is a incorrect authorization in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44112 time-of-check time-of-use (toctou) race condition in OpenClaw. Runnable upgrade commands and verification steps for sysadmins
CVE-2026-44113 time-of-check time-of-use (toctou) race condition in OpenClaw. Runnable upgrade commands and verification steps for sysadmins
CVE-2026-44114 is a incomplete list of disallowed inputs in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-44115 is a incomplete list of disallowed inputs in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-44118 is a authentication bypass by spoofing in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-44127 external control of file name or path in Secure Email Gateway. Runnable upgrade commands and verification steps for sysadmins
CVE-2026-44129 improper neutralization of special elements used in a template engine in Secure Email Gateway. Runnable upgrade commands and
CVE-2026-4416 is an unsafe deserialization in Performance Library. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-44167 is a vulnerability in phpseclib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44184 is a vulnerability in Cleanuparr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44224 is a improper privilege management in wiki. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44232 is a incomplete filtering of special elements in dssrf-js. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-4424 is a out-of-bounds read in Red Hat Enterprise Linux 10. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-44240 is a uncontrolled resource consumption in basic-ftp. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-44241 is a uncontrolled resource consumption in micronaut-core. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-44243 improper limitation of a pathname to a restricted directory ('path traversal') in GitPython. Runnable upgrade commands and ve
CVE-2026-44244 improper control of generation of code ('code injection') in GitPython. Runnable upgrade commands and verification steps for
CVE-2026-44246 is a security vulnerability in nnUNet. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44260 is a incorrect authorization in efw4.X. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4428 is a crl distribution point scope check logic error in aws-lc in AWS-LC. CVSS 7.4 High. Patch commands, mitigations, and verif
CVE-2026-44289 is a vulnerability in protobuf.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44290 is a vulnerability in protobuf.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44291 is a code injection in protobuf.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44293 is a code injection in protobuf.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44295 is a code injection in protobuf.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44296 is a uncontrolled resource consumption in deskflow. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-44302 loop with unreachable exit condition ('infinite loop') in Snappier. Runnable upgrade commands and verification steps for sysa
CVE-2026-44304 improper neutralization of special elements used in an ldap query ('ldap injecti in lemur. Runnable upgrade commands and veri
CVE-2026-44307 improper limitation of a pathname to a restricted directory ('path traversal') in mako. Runnable upgrade commands and verific
CVE-2026-44331 improper neutralization of special elements used in an sql command ('sql injecti in ProFTPD. Runnable upgrade commands and ve
CVE-2026-44334 improper control of generation of code ('code injection') in PraisonAI. Runnable upgrade commands and verification steps for
CVE-2026-44335 is a server-side request forgery (ssrf) in PraisonAI. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-44338 missing authentication for critical function in PraisonAI. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-44339 use of externally-controlled input to select classes or code ('unsafe reflection in PraisonAI. Runnable upgrade commands and
CVE-2026-4434 is a cwe-295 improper certificate validation in Devolutions Server. CVSS 8.1 High. Patch commands, mitigations, and verificati
CVE-2026-44340 improper limitation of a pathname to a restricted directory ('path traversal') in PraisonAI. Runnable upgrade commands and ve
CVE-2026-44349 improper neutralization of special elements used in an sql command ('sql injecti in daptin. Runnable upgrade commands and ver
CVE-2026-4436 is a missing authentication in GPL Odorizers GPL750 (XL7 Prime). This page lists verified fix commands and short-term mitigati
CVE-2026-44369 is a cross-site scripting (XSS) in cvat. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4437: gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response in glibc. Patch commands and verification.
CVE-2026-44375 is an OS command injection in Nerdbank.MessagePack. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-44380 is an access control bypass in MISP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4439 is a out of bounds memory access in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-4440 is a out of bounds read and write in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44400 authorization bypass through user-controlled key in MailEnable Enterprise Premium. Runnable upgrade commands and verification
CVE-2026-44403 improper control of generation of code ('code injection') in Wing FTP Server. Runnable upgrade commands and verification step
CVE-2026-4441 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44411 is a access of uninitialized pointer in Solid Edge SE2026. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-44412 is a stack-based buffer overflow in Solid Edge SE2026. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-44413 is a security vulnerability in TeamCity. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44418 is a SQL injection in ecclesiacrm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4442 is a heap buffer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-4443 is a heap buffer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44431 is an information disclosure in urllib3. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-44432 is a vulnerability in urllib3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4444 is a stack buffer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44446 is a SQL injection in erpnext. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44447 is a SQL injection in erpnext. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4445 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-4446 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44467 is a vulnerability in claude-code. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4447 is a inappropriate implementation in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44470 is a vulnerability in claude-code. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44471 is a vulnerability in gitoxide. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44478 is an access control bypass in hoppscotch. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-4448 is a heap buffer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-4449 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44499 allocation of resources without limits or throttling in zebra. Runnable upgrade commands and verification steps for sysadmins
CVE-2026-4450 is a out of bounds write in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44503 is an open redirect in kiota-java. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44504 is an access control bypass in aegra. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4451 is a insufficient validation of untrusted input in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification
CVE-2026-44511 is a vulnerability in koi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44513 is a code injection in diffusers. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44516 is an information disclosure in valtimo. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4452 is a integer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44522 is an improper input validation in note-mark. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-4454 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44548 is a cross-site request forgery (csrf) in CRM. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44549 is a cross-site scripting (XSS) in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-4455 is a heap buffer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44552 is a vulnerability in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44553 is a vulnerability in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44554 is a missing authorization in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-44555 is a missing authorization in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-44556 is an access control bypass in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-4456 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44565 is a path traversal in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44566 is a path traversal in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44567 is an access control bypass in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-44569 is a missing authorization in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-4457 is a type confusion in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44570: an insecure direct object reference (IDOR) in open-webui. Patched version and vendor advisory inside.
CVE-2026-44573 is an access control bypass in next.js. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-44574 is an authentication bypass in next.js. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-44575 is an authentication bypass in next.js. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-44578 is a server-side request forgery (SSRF) in next.js. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-44579 is a denial of service in next.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4458 is a use after free in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44586 is a cross-site scripting (XSS) in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-4459 is a out of bounds read and write in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-4460 is a out of bounds read in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-4461 is a inappropriate implementation in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44612: a vulnerability in Bytello Share (Windows Edition) installe. Patched version and vendor advisory inside.
CVE-2026-4462 is a out of bounds read in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-4463 is a heap buffer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44633 is an access control bypass in livehelperchat. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-44636 is a path traversal in libsixel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44637 is a vulnerability in libsixel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4464 is a integer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-44641 is a path traversal in apm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44647 is a path traversal in onedev. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44671 is a vulnerability in zitadel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44673 is a vulnerability in libyang. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44678: an insecure direct object reference (IDOR) in tuist. Patched version and vendor advisory inside.
CVE-2026-44694 time-of-check time-of-use (toctou) race condition in n8n-mcp. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-44700 is an authentication bypass in ex_webrtc. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-44714 is an authentication bypass in bitcoinj. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-44721 is a cross-site scripting (XSS) in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-44738 exposure of sensitive information to an unauthorized actor in grav. Runnable upgrade commands and verification steps for sysa
CVE-2026-44742 improper neutralization of input during web page generation (xss or 'cross-site in Postorius. Runnable upgrade commands and v
CVE-2026-4475: Yi Technology YI Home Camera ipc hard-coded credentials in YI Home Camera. Patch commands and verification.
CVE-2026-44826 is an access control bypass in Vvveb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44827 is a code injection in diffusers. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4483 is a cwe-782: exposed ioctl with insufficient access control in Moxa MxGeneralIo. CVSS 7 High. Patch commands, mitigations, an
CVE-2026-4484: a vulnerability in Masteriyo LMS – Online Course Builder fo. Patched version and vendor advisory inside.
CVE-2026-44852 improper following of a certificate's chain of trust in HPE Aruba Networking Wireless Operating System (AOS). Runnable upgrad
CVE-2026-44853 improper neutralization of special elements used in a command ('command injectio in HPE Aruba Networking Wireless Operating S
CVE-2026-44854 improper neutralization of special elements used in a command ('command injectio in HPE Aruba Networking Wireless Operating S
CVE-2026-44855 stack-based buffer overflow in HPE Aruba Networking Wireless Operating System (AOS). Runnable upgrade commands and verificati
CVE-2026-44856 stack-based buffer overflow in HPE Aruba Networking Wireless Operating System (AOS). Runnable upgrade commands and verificati
CVE-2026-44857 stack-based buffer overflow in HPE Aruba Networking Wireless Operating System (AOS). Runnable upgrade commands and verificati
CVE-2026-44858 stack-based buffer overflow in HPE Aruba Networking Wireless Operating System (AOS). Runnable upgrade commands and verificati
CVE-2026-44859 stack-based buffer overflow in HPE Aruba Networking Wireless Operating System (AOS). Runnable upgrade commands and verificati
CVE-2026-4486: D-Link DIR-513 Web Service formEasySetPassword stack-based overflow in DIR-513. Patch commands and verification.
CVE-2026-44860 improper neutralization of special elements used in an sql command ('sql injecti in HPE Aruba Networking Wireless Operating S
CVE-2026-44861 improper neutralization of special elements used in an sql command ('sql injecti in HPE Aruba Networking Wireless Operating S
CVE-2026-44862 improper neutralization of special elements used in an sql command ('sql injecti in HPE Aruba Networking Wireless Operating S
CVE-2026-44863 improper neutralization of special elements used in an sql command ('sql injecti in HPE Aruba Networking Wireless Operating S
CVE-2026-44864 improper neutralization of special elements used in an sql command ('sql injecti in HPE Aruba Networking Wireless Operating S
CVE-2026-44865 improper neutralization of special elements used in a command ('command injectio in HPE Aruba Networking Wireless Operating S
CVE-2026-44866 improper neutralization of special elements used in a command ('command injectio in HPE Aruba Networking Wireless Operating S
CVE-2026-44867 improper neutralization of special elements used in a command ('command injectio in HPE Aruba Networking Wireless Operating S
CVE-2026-44868 improper neutralization of special elements used in a command ('command injectio in HPE Aruba Networking Wireless Operating S
CVE-2026-44869 improper neutralization of special elements used in a command ('command injectio in HPE Aruba Networking Wireless Operating S
CVE-2026-4487: UTT HiPER 1200GW websHostFilter strcpy buffer overflow in HiPER 1200GW. Patch commands and verification.
CVE-2026-44870 improper neutralization of special elements used in a command ('command injectio in HPE Aruba Networking Wireless Operating S
CVE-2026-44871 improper neutralization of special elements used in a command ('command injectio in HPE Aruba Networking Wireless Operating S
CVE-2026-44872 improper neutralization of special elements used in a command ('command injectio in HPE Aruba Networking Wireless Operating S
CVE-2026-4488 is a utt hiper 1250gw setsysadm strcpy buffer overflow in Utt HiPER 1250GW. CVSS 8.7 High. Patch commands, mitigations, and ve
CVE-2026-4489 is a stack-based buffer overflow in Tenda A18 Pro. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-4490: Tenda A18 Pro openSchedWifi setSchedWifi stack-based overflow in A18 Pro. Patch commands and verification.
CVE-2026-4491: Tenda A18 Pro SetIpMacBind fromSetIpMacBind stack-based overflow in A18 Pro. Patch commands and verification.
CVE-2026-4492: Tenda A18 Pro formSetQosBand set_qosMib_list stack-based overflow in A18 Pro. Patch commands and verification.
CVE-2026-4493 is a stack-based buffer overflow in Tenda A18 Pro. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-44933 is a path traversal in SUSE Linux Enterprise. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-4498 is a execution with unnecessary privileges in Elastic Kibana. CVSS 7.7 High. Patch commands, mitigations, and verification.
CVE-2026-45004 is a uncontrolled search path element in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-45006 is a incomplete list of disallowed inputs in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-4503 - CWE-639 Authorization Bypass Through User-Controlled Key in Langflow Desktop. Runnable patch commands, mitigation, and verif
CVE-2026-45033 is a vulnerability in copilot-cli. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45036 is an OS command injection in tabby. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45037 is a vulnerability in tabby. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45038 is a vulnerability in tabby. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45055 is an improper input validation in v6. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45109 is an authentication bypass in next.js. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-45180 cleartext transmission of sensitive information in Catalyst::Plugin::Statsd. Runnable upgrade commands and verification steps
CVE-2026-4519: webbrowser.open() allows leading dashes in URLs in CPython. Patch commands and verification.
CVE-2026-45206 is a vulnerability in TrendAI Apex One. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-45207 is a vulnerability in TrendAI Apex One. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-45208 is a race condition in TrendAI Apex One. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-45211 improper neutralization of special elements used in an sql command ('sql injecti in APIExperts Square for WooCommerce. Runnab
CVE-2026-45213 improper neutralization of special elements used in an sql command ('sql injecti in Bear. Runnable upgrade commands and verif
CVE-2026-45214 improper neutralization of special elements used in an sql command ('sql injecti in Xpro Elementor Addons. Runnable upgrade c
CVE-2026-45218 improper neutralization of special elements used in an sql command ('sql injecti in WP Travel. Runnable upgrade commands and
CVE-2026-45223 is a authentication bypass by spoofing in crabbox. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-45225 improper limitation of a pathname to a restricted directory ('path traversal') in heym. Runnable upgrade commands and verific
CVE-2026-45226 is a incorrect authorization in heym. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-45227 is a protection mechanism failure in heym. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-45229 is a vulnerability in quark-auto-save. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45230 is a path traversal in DumbAssets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45242 is a missing authorization in summarize. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4525 is a cwe-201: insertion of sensitive information into in Vault. This page lists verified fix commands and short-term mitigatio
CVE-2026-4529 is a stack-based buffer overflow in DHP-1320. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-45301 is an access control bypass in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-45303 is a cross-site scripting (XSS) in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-45314 is a cross-site scripting (XSS) in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-45315 is a cross-site scripting (XSS) in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-45331: a server-side request forgery (SSRF) in open-webui. Patched version and vendor advisory inside.
CVE-2026-45338: a server-side request forgery (SSRF) in open-webui. Patched version and vendor advisory inside.
CVE-2026-4534 is a stack-based buffer overflow in FH451. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-45349: an insecure direct object reference (IDOR) in open-webui. Patched version and vendor advisory inside.
CVE-2026-4535 is a stack-based buffer overflow in FH451. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-45350 is a missing authorization in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-45369 is an OS command injection in python-utcp. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-45370 is an information disclosure in python-utcp. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-45371 is an access control bypass in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45395 is a local privilege escalation in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-45398: an insecure direct object reference (IDOR) in open-webui. Patched version and vendor advisory inside.
CVE-2026-45399 is a missing authorization in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-45400: a server-side request forgery (SSRF) in open-webui. Patched version and vendor advisory inside.
CVE-2026-45401: a server-side request forgery (SSRF) in open-webui. Patched version and vendor advisory inside.
CVE-2026-45402: an insecure direct object reference (IDOR) in open-webui. Patched version and vendor advisory inside.
CVE-2026-45430 cross-site request forgery (csrf) in backdrop-contrib/salesforce. Runnable upgrade commands and verification steps for sysadm
CVE-2026-4545 is a vulnerability in Notepad2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4546 is a vulnerability in Notepad2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45495: a vulnerability in Microsoft Edge (Chromium-based). Patched version and vendor advisory inside.
CVE-2026-4551 is a stack-based buffer overflow in F453. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4552 is a stack-based buffer overflow in F453. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4553 is a stack-based buffer overflow in F453. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-45539 is a vulnerability in apm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4555 is a stack-based buffer overflow in DIR-513. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-4558 is an OS command injection in MR9600. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45584: a path traversal in Microsoft Malware Protection Engine. Patched version and vendor advisory inside.
CVE-2026-4565 is a vulnerability in AC21. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45659: an unsafe deserialization in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-4566 is a stack-based buffer overflow in F9K1122. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-45665 is a cross-site scripting (XSS) in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-45671: an insecure direct object reference (IDOR) in open-webui. Patched version and vendor advisory inside.
CVE-2026-45672 is an access control bypass in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-45675 is a local privilege escalation in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-45708 is a code injection in v6. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45800 is a SQL injection in Vvveb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4598 is a denial of service in jsrsasign. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4600 is an authentication bypass in jsrsasign. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4601 is a path traversal in jsrsasign. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4602 is a vulnerability in jsrsasign. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4609: a missing authorization in ProfileGrid – User Profiles. Patched version and vendor advisory inside.
CVE-2026-4611 is an OS command injection in X6000R. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4620 is an OS command injection in Aterm WX1500HP. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-4622 is an OS command injection in Aterm WG2600HS. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-4627 is an OS command injection in DIR-825. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-46333 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4634 is a excessive platform resource consumption within a loop in Red Hat build of Keycloak 26.2, fixed by the same patch as CVE-2
CVE-2026-46359 is a SQL injection in phpmyfaq. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4636: bundle sibling of CVE-2026-3872. Same patched build closes both.
CVE-2026-46366 is an access control bypass in phpmyfaq. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-46367 is a cross-site scripting (XSS) in phpmyfaq. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-4639 is an access control bypass in Vitals ESP. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-4640 is an authentication bypass in Vitals ESP. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-46407: an insecure direct object reference (IDOR) in Vvveb. Patched version and vendor advisory inside.
CVE-2026-46408: an insecure direct object reference (IDOR) in Vvveb. Patched version and vendor advisory inside.
CVE-2026-46419 is a path traversal in webauthn-server-core. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-46445 is a SQL injection in SOGo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-46446 is a SQL injection in SOGo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-46508 is an OS command injection in turborepo. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4659 is a path traversal in Unlimited Elements For Elementor. This page lists verified fix commands and short-term mitigations you
CVE-2026-4660 is an information disclosure in Tooling. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4662 is a SQL injection in JetEngine. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4667 is an execution with unnecessary privileges in OMEN Gaming Hub. This page lists verified fix commands and short-term mitigatio
CVE-2026-46727 is a race condition in Ruby. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-46728 is a vulnerability in U-Boot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4682 is a stack buffer overflow in HP DeskJet 2800e All-in-One Printer series. This page lists verified fix commands and short-term
CVE-2026-47092 is an OS command injection in claude-hud. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-47100: a missing authorization in Funnel Builder for WooCommerce Checkout. Patched version and vendor advisory inside.
CVE-2026-47101 is an access control bypass in litellm. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-47102 is an access control bypass in litellm. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-47107 is a vulnerability in windmill. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-47114 is a vulnerability in iina. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4731 is a vulnerability in ART. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-47310 is an use-after-free in Escargot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-47311 is a path traversal in Escargot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-47314 is an OS command injection in Escargot. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-4732 is a path traversal in furnace. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4735 is an unsafe deserialization in chunjun. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-47356 is a server-side request forgery (SSRF) in Terrascan. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-47357 is a server-side request forgery (SSRF) in Terrascan. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-47358 is a server-side request forgery (SSRF) in Terrascan. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-4736 is a path traversal in Echo-Mate. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4737 is an use-after-free in Echo-Mate. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4740: Improper Certificate Validation in Multicluster Engine for Kubernetes. Patch commands and verification.
CVE-2026-4741 is a path traversal in JoyConDroid. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4748 is a pf silently ignores certain rules in FreeBSD. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-4756 is an OS command injection in Android-ImageMagick7. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-4758: a path traversal in WP Job Portal – AI-Powered Recruitment S. Patched version and vendor advisory inside.
CVE-2026-4760 is a vulnerability in Panorama Suite. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4775 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-47783 is a vulnerability in memcached. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-47784 is a vulnerability in memcached. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4786 is a command injection in CPython. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4788: Multiple Vulnerabilities affect IBM Tivoli Netcool Impact in Tivoli Netcool Impact. Patch commands and verification.
CVE-2026-4798 is a SQL injection in Avada (Fusion) Builder. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-4800: lodash vulnerable to Code Injection via `_.template` imports key names in lodash. Patch commands and verification.
CVE-2026-4802 improper neutralization of special elements used in an os command ('os command i in Red Hat Enterprise Linux 10. Runnable upgr
CVE-2026-4803 improper neutralization of input during web page generation ('cross-site scripti in Royal Addons for Elementor – Addons and Te
CVE-2026-4808: Unrestricted Upload of File with Dangerous Type in Gerador de Certificados – DevApps. Patch commands and verification.
CVE-2026-4815 is a SQL injection in Support Board. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4821 is an OS command injection in Enterprise Server. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-4822 is an OS command injection in Iperius Backup. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-48231 is a SQL injection in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48232 is a SQL injection in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48233 is a SQL injection in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48234 is a SQL injection in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48235 is a SQL injection in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48236 is a SQL injection in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48237 is a SQL injection in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48238 is a SQL injection in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48239 is a SQL injection in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4824 is a vulnerability in Iperius Backup. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48240 is a SQL injection in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48246 is an authentication bypass in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-48247 is an authentication bypass in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-48248 is an authentication bypass in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-48249 is an authentication bypass in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-4827 is a insufficient entropy in Easergy MiCOM C264. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4828 is a cwe-1390 in Devolutions Server. CVSS 8.2 High. Patch commands, mitigations, and verification.
CVE-2026-4834 is a SQL injection in WP ERP Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4840 is an OS command injection in Power 15AX. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4857 is an incorrect authorization in IdentityIQ. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-4858 is a path traversal in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4861 is a stack-based buffer overflow in WL-NU516U1. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-4862 is a vulnerability in HiPER 1250GW. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4867 is a vulnerability in path-to-regexp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4890 is a loop with unreachable termination in dnsmasq. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-4892 is a heap-based buffer overflow in dnsmasq. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4896: Authorization Bypass Through User-Controlled Key in WCFM – Frontend Manager for WooCommerce. Patch commands and verification.
CVE-2026-4902 is a stack-based buffer overflow in AC5. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-4903 is a stack-based buffer overflow in AC5. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-4904 is a stack-based buffer overflow in AC5. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-4905 is a stack-based buffer overflow in AC5. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-4906 is a stack-based buffer overflow in AC5. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-4922 - CWE-352: Cross-Site Request Forgery (CSRF) in GitLab. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-4924 is a cwe-1390 in Devolutions Server, fixed by the same patch as CVE-2026-4828.
CVE-2026-4926 is a vulnerability in path-to-regexp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4935 improper neutralization of special elements used in an sql command ('sql injecti in OttoKit: All-in-One Automation Platform. R
CVE-2026-4946 is an OS command injection in Ghidra. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4947: Insecure Direct Object Reference (IDOR) Leading to Signature Forgery in Foxit eSign in na1.foxitesign.foxit.com. Patch comman
CVE-2026-4960 is a stack-based buffer overflow in AC6. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-4961 is a stack-based buffer overflow in AC6. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-4962 is a vulnerability in UltraVNC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4974 is a stack-based buffer overflow in AC7. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-4975 is a stack-based buffer overflow in AC15. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-4976 is a vulnerability in LR350. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4982 is an improper input validation in Venueless. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-4984 is a vulnerability in botpress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4987: an improper input validation in SureForms – Contact Form. Patched version and vendor advisory inside.
CVE-2026-5004 is a stack-based buffer overflow in WL-WN579X3-C. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-5021 is a stack-based buffer overflow in F453. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-5024 is a stack-based buffer overflow in DIR-513. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-5026 is a vulnerability in langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-5027 is a path traversal in langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-5029 missing authentication for critical function in Code Runner MCP Server. Runnable upgrade commands and verification steps for s
CVE-2026-5032: W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header in W3 Total Cache. Patch commands and
CVE-2026-5036 is a stack-based buffer overflow in 4G06. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-5042 is a stack-based buffer overflow in F9K1122. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-5043 is a stack-based buffer overflow in F9K1122. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-5044 is a stack-based buffer overflow in F9K1122. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-5045 is a stack-based buffer overflow in FH1201. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-5046 is a stack-based buffer overflow in FH1201. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-5050 is a verification of cryptographic signature in Payment Gateway for Redsys & WooCommerce Lite. This page lists verified fix co
CVE-2026-5053 is a cwe-73: external control of file name in NoMachine. This page lists verified fix commands and short-term mitigations you
CVE-2026-5054 is a cwe-73: external control of file name in NoMachine. This page lists verified fix commands and short-term mitigations you
CVE-2026-5055 is an uncontrolled search path element in NoMachine. This page lists verified fix commands and short-term mitigations you can
CVE-2026-5063 improper neutralization of input during web page generation ('cross-site scripti in NEX-Forms – Ultimate Forms Plugin for Word
CVE-2026-5086 is an observable timing discrepancy in Crypt::SecretBuffer. This page lists verified fix commands and short-term mitigations y
CVE-2026-5087: Use of Cryptographically Weak Pseudo-Random Number Generator in PAGI::Middleware::Session::Store::Cookie. Patch commands and
CVE-2026-5088 is an use of cryptographically weak pseudo-random number in Apache::API::Password. This page lists verified fix commands and s
CVE-2026-5089 is a buffer underwrite ('buffer underflow') in YAML::Syck. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-5100 improper neutralization of special elements used in an sql command ('sql injecti in AWP Classifieds. Runnable upgrade commands
CVE-2026-5109 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Gravity Forms. Runnable patch
CVE-2026-5110 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Gravity Forms. Runnable patch
CVE-2026-5111 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Gravity Forms. Runnable patch
CVE-2026-5112 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Gravity Forms. Runnable patch
CVE-2026-5113 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Gravity Forms. Runnable patch
CVE-2026-5121: a vulnerability in Red Hat Enterprise Linux 7 Extended Life. Patched version and vendor advisory inside.
CVE-2026-5127 deserialization of untrusted data in User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Re
CVE-2026-5130 is a vulnerability in Debugger & Troubleshooter. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-5140 - CWE-93 Improper neutralization of CRLF sequences ('CRLF injection') in Pardus Update. Runnable patch commands, mitigation, a
CVE-2026-5141 - CWE-269 Improper Privilege Management in Pardus Software Center. Runnable patch commands, mitigation, and verification on th
CVE-2026-5144 is an improper privilege management in BuddyPress Groupblog. This page lists verified fix commands and short-term mitigations
CVE-2026-5152 is a stack-based buffer overflow in CH22. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-5154 is a stack-based buffer overflow in CH22. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-5155 is a stack-based buffer overflow in CH22. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-5156 is a stack-based buffer overflow in CH22. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-5161 - CWE-59 Improper link resolution before file access ('link following') in Pardus About. Runnable patch commands, mitigation,
CVE-2026-5172 is a out-of-bounds write in dnsmasq. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-5173 is a exposed dangerous method or function in gitlab in GitLab, fixed by the same patch as CVE-2026-1092.
CVE-2026-5174 - CWE-20 Improper input validation in MOVEit Automation. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5190: AWS C Event Stream Streaming Decoder Stack Buffer Overflow in aws-c-event-stream. Patch commands and verification.
CVE-2026-5192 improper limitation of a pathname to a restricted directory ('path traversal') in Forminator Forms – Contact Form, Payment For
CVE-2026-5200: a missing authorization in AcyMailing – An Ultimate Newsletter Plug. Patched version and vendor advisory inside.
CVE-2026-5201 is a path traversal in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-5204 is a stack-based buffer overflow in CH22. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-5208: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in coolercontrold. Patch c
CVE-2026-5211 is a stack-based buffer overflow in DNS-120. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-5212 is a stack-based buffer overflow in DNS-120. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-5213 is a stack-based buffer overflow in DNS-120. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-5214 is a stack-based buffer overflow in DNS-120. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-5217 is a cross-site scripting in Optimole – Optimize Images in Real Time. This page lists verified fix commands and short-term mit
CVE-2026-5231 is a cross-site scripting in WP Statistics – Simple, privacy-friendly Google Analytics alternative. This page lists verified f
CVE-2026-5262 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab. Runnable patch comma
CVE-2026-5263 is a certificate validation in wolfSSL. This page lists verified fix commands and short-term mitigations you can run today.