19,785 CVEs published in 2026. 0 flagged on the CISA Known Exploited Vulnerabilities catalog. Every guide includes runnable Linux, Windows PowerShell, and Bash remediation commands.
19,785 fix guides from 2026CVE-2026-5264 is a heap buffer overflow in wolfSSL. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5272 is a heap buffer overflow in Google Chrome. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-5274 is a integer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5275 is a heap buffer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5277 is a integer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5278 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5279 is a object corruption in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5280 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5282 is a out of bounds read in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5284 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5285 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5286 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5287 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5292 is a out of bounds read in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5301: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in coolercontrol-ui. Patch comma
CVE-2026-5324 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Brizy – Page Builder. Runnabl
CVE-2026-5329 is an improper input validation in Velociraptor. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-5349: Trendnet TEW-657BRM setup.cgi add_apcdb stack-based overflow in TEW-657BRM. Patch commands and verification.
CVE-2026-5350 is a trendnet tew-657brm setup.cgi update_pcdb stack-based overflow in Trendnet TEW-657BRM, fixed by the same patch as CVE-202
CVE-2026-5364 - CWE-434 Unrestricted Upload of File with Dangerous Type in Drag and Drop File Upload for Contact Form 7. Runnable patch comm
CVE-2026-5367 - Improper Handling of Length Parameter Inconsistency in Fast Datapath for Red Hat Enterprise Linux 8. Runnable patch commands
CVE-2026-5371 missing authorization in MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy). Runnable upgrad
CVE-2026-5373 is a runzero platform superuser privilege escalation in Runzero Platform, fixed by the same patch as CVE-2026-5372.
CVE-2026-5394 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in pimcore. Runnable patch comma
CVE-2026-5395: an insecure direct object reference (IDOR) in Fluent Forms – Customizable Contact Form. Patched version and vendor advisory i
CVE-2026-5396: an insecure direct object reference (IDOR) in Fluent Forms – Customizable Contact Form. Patched version and vendor advisory i
CVE-2026-5397 is an uncontrolled search path element in PowerAttendant Standard Edition. This page lists verified fix commands and short-ter
CVE-2026-5398 - CWE-416: Use After Free in FreeBSD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5402 - CWE-122: Heap-based Buffer Overflow in Wireshark. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5403 - CWE-122: Heap-based Buffer Overflow in Wireshark. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5405 - CWE-122: Heap-based Buffer Overflow in Wireshark. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5425: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Widgets for Social Photo Feed. Patch
CVE-2026-5426 is an use of hard-coded cryptographic key in KnowledgeDeliver. This page lists verified fix commands and short-term mitigation
CVE-2026-5429: Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme in Kiro IDE. Patch commands and verification.
CVE-2026-5435 - CWE-787 Out-of-bounds write in glibc. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5436: MW WP Form <= 5.1.1 - Unauthenticated Arbitrary File Move via regenerate_upload_file_keys in MW WP Form. Patch commands and v
CVE-2026-5437 is an out-of-bounds read in DICOM Server. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5438 is an allocation of resources without limits in DICOM Server. This page lists verified fix commands and short-term mitigations
CVE-2026-5439 is an allocation of resources without limits in DICOM Server. This page lists verified fix commands and short-term mitigations
CVE-2026-5440 is an allocation of resources without limits in DICOM Server. This page lists verified fix commands and short-term mitigations
CVE-2026-5441 is an out-of-bounds read in DICOM Server. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5464 - CWE-862 Missing Authorization in ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin). Runnable pa
CVE-2026-5465: Authorization Bypass Through User-Controlled Key in Booking for Appointments and Events Calendar – Amelia. Patch commands and
CVE-2026-5466 is a verification of cryptographic signature in wolfSSL. This page lists verified fix commands and short-term mitigations you
CVE-2026-5477 is an integer overflow in wolfSSL. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5478 is a path traversal in Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder. This page lists verifie
CVE-2026-5479 is a validation of integrity check value in wolfSSL. This page lists verified fix commands and short-term mitigations you can
CVE-2026-5483 is an insertion of sensitive information into sent in Red Hat OpenShift AI (RHOAI). This page lists verified fix commands and
CVE-2026-5485: OS command injection in Amazon Athena ODBC driver on Linux in Amazon Athena ODBC driver. Patch commands and verification.
CVE-2026-5493 is an out-of-bounds write in Proteus. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5494 is an out-of-bounds write in Proteus. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5495 is an out-of-bounds write in Proteus. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5496 is a cwe-843: access of resource using incompatible in Proteus. This page lists verified fix commands and short-term mitigatio
CVE-2026-5500 is an improper input validation in wolfSSL. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-5501 is a certificate validation in wolfSSL. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5544: UTT HiPER 1250GW formRemoteControl stack-based overflow in HiPER 1250GW. Patch commands and verification.
CVE-2026-5548 is a tenda ac10 httpd fromsystoolchangepwd stack-based overflow in Tenda AC10, fixed by the same patch as CVE-2026-5547.
CVE-2026-5550 is a tenda ac10 httpd fromsystoolchangepwd stack-based overflow in Tenda AC10, fixed by the same patch as CVE-2026-5547.
CVE-2026-5566: UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow in HiPER 1250GW. Patch commands and verification.
CVE-2026-5567 is a tenda m3 destination setadvpolicydata buffer overflow in Tenda M3. CVSS 8.7 High. Patch commands, mitigations, and verifi
CVE-2026-5598 is a covert timing channel in BC-JAVA. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5599 is a api allows deletion of users of other instance in Pretix Venueless. CVSS 7.3 High. Patch commands, mitigations, and verif
CVE-2026-5604: Tenda CH22 Parameter CertLocalPrecreate formCertLocalPrecreate stack-based overflow in CH22. Patch commands and verification.
CVE-2026-5605 is a tenda ch22 wrlextraset formwrlextraset stack-based overflow in Tenda CH22, fixed by the same patch as CVE-2026-5604.
CVE-2026-5608 is a belkin f9k1122 formwlansetup stack-based overflow in Belkin F9K1122. CVSS 8.7 High. Patch commands, mitigations, and veri
CVE-2026-5609: Tenda i12 Parameter wifiSSIDset formwrlSSIDset stack-based overflow in i12. Patch commands and verification.
CVE-2026-5610 is a belkin f9k1015 formwisp5g stack-based overflow in Belkin F9K1015. CVSS 8.7 High. Patch commands, mitigations, and verific
CVE-2026-5611 is a belkin f9k1015 formcrossbandswitch stack-based overflow in Belkin F9K1015, fixed by the same patch as CVE-2026-5610.
CVE-2026-5612 is a belkin f9k1015 formwlencrypt stack-based overflow in Belkin F9K1015, fixed by the same patch as CVE-2026-5610.
CVE-2026-5613 is a belkin f9k1015 formreboot stack-based overflow in Belkin F9K1015, fixed by the same patch as CVE-2026-5610.
CVE-2026-5614 is a belkin f9k1015 formsetpassword stack-based overflow in Belkin F9K1015, fixed by the same patch as CVE-2026-5610.
CVE-2026-5617 is an authorization bypass through user-controlled key in Login as User – Switch User & WooCommerce Login as Customer. This pa
CVE-2026-5628 is a belkin f9k1015 setting formsetsystemsettings stack-based overflow in Belkin F9K1015, fixed by the same patch as CVE-2026-
CVE-2026-5629 is a belkin f9k1015 formsetfirewall stack-based overflow in Belkin F9K1015, fixed by the same patch as CVE-2026-5610.
CVE-2026-5656 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Wireshark. Runnable patch commands
CVE-2026-5684 is a tenda cx12l webexcptypemanfilter fromwebexcptypemanfilter stack-based overflow in Tenda CX12L, fixed by the same patch as
CVE-2026-5685 is a tenda cx12l addressnat fromaddressnat stack-based overflow in Tenda CX12L, fixed by the same patch as CVE-2026-5683.
CVE-2026-5686 is a tenda cx12l routestatic fromroutestatic stack-based overflow in Tenda CX12L, fixed by the same patch as CVE-2026-5683.
CVE-2026-5687 is a tenda cx12l natstaticsetting fromnatstaticsetting stack-based overflow in Tenda CX12L, fixed by the same patch as CVE-202
CVE-2026-5694 is a cross-site scripting in Quick Interest Slider. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-5707: Improper neutralization of special elements used in an OS command ('OS command injection') in Research and Engineering Studio
CVE-2026-5708: bundle sibling of CVE-2026-5707. Same patched build closes both.
CVE-2026-5709: bundle sibling of CVE-2026-5707. Same patched build closes both.
CVE-2026-5710 is a path traversal in Drag and Drop Multiple File Upload for Contact Form 7. This page lists verified fix commands and short-
CVE-2026-5712 - CWE-863: Incorrect Authorization in IdentityIQ. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5718 is an unrestricted file upload in Drag and Drop Multiple File Upload for Contact Form 7. This page lists verified fix commands
CVE-2026-5720 is a cwe-191: integer underflow (wrap or wraparound) in miniupnpd. This page lists verified fix commands and short-term mitiga
CVE-2026-5726 is a asda-soft stack-based buffer overflow in Deltaww ASDA-Soft. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-5732: bundle sibling of CVE-2026-5731. Same patched build closes both.
CVE-2026-5733 is a incorrect boundary conditions in the graphics: webgpu component in Mozilla Firefox, fixed by the same patch as CVE-2026-5
CVE-2026-5734 is a remote code execution in Mozilla Firefox, fixed by the same patch as CVE-2026-5731.
CVE-2026-5735 is a memory safety bugs fixed in firefox 149.0.2 and thunderbird 149.0.2 in Mozilla Firefox, fixed by the same patch as CVE-20
CVE-2026-5740 is an OS command injection in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-5747: Out-of-bounds Write in Firecracker virtio-pci Transport in Firecracker. Patch commands and verification.
CVE-2026-5749 - CWE-306 Missing authentication for critical function in Fullstep. Runnable patch commands, mitigation, and verification on t
CVE-2026-5750 - CWE-639 Authorization bypass through User-Controlled key in Fullstep. Runnable patch commands, mitigation, and verification
CVE-2026-5756 is a missing authentication in Central Office Services - Content Hosting Component. This page lists verified fix commands and
CVE-2026-5777 is a missing authentication in Atom 3X Projector. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-5780 - CWE-284 Improper Access Control in Minerva. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5781 - CWE-285 Improper Authorization in Minerva. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5783 is a cross-site scripting (XSS) in CityPLus. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-5784 improper neutralization of input during web page generation ('cross-site scripti in DivvyDrive. Runnable upgrade commands and
CVE-2026-5785 is a SQL injection in ManageEngine PAM360. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5786 is a improper access control in Endpoint Manager Mobile. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-5787 improper certificate validation in Endpoint Manager Mobile. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-5788 is a improper access control in Endpoint Manager Mobile. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-5789 is an unquoted search path or element in CivetWeb. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-5795: Sensitive information in resource not removed before reuse in Eclipse Jetty. Patch commands and verification.
CVE-2026-5798: an insecure direct object reference (IDOR) in Stel Order. Patched version and vendor advisory inside.
CVE-2026-5804 is an authentication bypass in Phones. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-5807 is an allocation of resources without limits in Vault. This page lists verified fix commands and short-term mitigations you ca
CVE-2026-5809 is an external control of file name or in wpForo Forum. This page lists verified fix commands and short-term mitigations you c
CVE-2026-5815: D-Link DIR-645 hedwig.cgi hedwigcgi_main stack-based overflow in DIR-645. Patch commands and verification.
CVE-2026-5816 - CWE-41: Improper Resolution of Path Equivalence in GitLab. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-5817 is a local privilege escalation in Docker Desktop. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-5830 is a tenda ac15 systoolchangepwd websgetvar stack-based overflow in Tenda AC15. CVSS 8.7 High. Patch commands, mitigations, an
CVE-2026-5843 is a local privilege escalation in Docker Desktop. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-5844: D-Link DIR-882 HNAP1 SetNetworkSettings prog.cgi sprintf os command injection in DIR-882. Patch commands and verification.
CVE-2026-5845 is an authorization bypass through user-controlled key in Enterprise Server. This page lists verified fix commands and short-t
CVE-2026-5858 is a heap buffer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5859 is a integer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5860 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5861 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5862 is a inappropriate implementation in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5863 is a inappropriate implementation in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5865 is a type confusion in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5866 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5868 is a heap buffer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5870 is a integer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5871 is a type confusion in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5872 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5873 is a out of bounds read and write in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5877 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5879 is a insufficient validation of untrusted input in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5884 is a insufficient validation of untrusted input in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5904 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5907 is a insufficient data validation in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5908 is a integer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5909 is a integer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5910 is a integer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5912 is a integer overflow in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5913 is a out of bounds read in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5914 is a type confusion in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5915 is a insufficient validation of untrusted input in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5921 is a server-side request forgery in Enterprise Server. This page lists verified fix commands and short-term mitigations you ca
CVE-2026-5928 is a buffer under-read in glibc. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5935 - CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Total Storage Service C
CVE-2026-5936 is a server-side request forgery in Foxit PDF Services API. This page lists verified fix commands and short-term mitigations y
CVE-2026-5940 - CWE-416 Use after free in Foxit PDF Editor. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5941 - CWE-20 Improper input validation in Foxit PDF Editor. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5943 - CWE-416 Use after free in Foxit PDF Editor. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5946 is an improper input validation in BIND 9. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-5947 is a race condition in BIND 9. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-5959: GL.iNet GL-RM1/GL-RM10/GL-RM10RC/GL-RM1PE Factory Reset improper authentication in GL-RM1. Patch commands and verification.
CVE-2026-5966 is a relative path traversal in ThreatSonar Anti-Ransomware. This page lists verified fix commands and short-term mitigations
CVE-2026-5967 is an OS command injection in ThreatSonar Anti-Ransomware. This page lists verified fix commands and short-term mitigations yo
CVE-2026-5979: D-Link DIR-605L POST Request formVirtualServ buffer overflow in DIR-605L. Patch commands and verification.
CVE-2026-5980 is a d-link dir-605l post request formsetmacfilter buffer overflow in D-link DIR-605L, fixed by the same patch as CVE-2026-597
CVE-2026-5981 is a d-link dir-605l post request formadvfirewall buffer overflow in D-link DIR-605L, fixed by the same patch as CVE-2026-5979
CVE-2026-5982 is a d-link dir-605l post request formadvnetwork buffer overflow in D-link DIR-605L, fixed by the same patch as CVE-2026-5979.
CVE-2026-5983 is a d-link dir-605l post request formsetddns buffer overflow in D-link DIR-605L, fixed by the same patch as CVE-2026-5979.
CVE-2026-5984 is a d-link dir-605l post request formsetlog buffer overflow in D-link DIR-605L, fixed by the same patch as CVE-2026-5979.
CVE-2026-5988: Tenda F451 AdvSetWrlsafeset formWrlsafeset stack-based overflow in F451. Patch commands and verification.
CVE-2026-5989 is a tenda f451 routestatic fromroutestatic stack-based overflow in Tenda F451, fixed by the same patch as CVE-2026-5988.
CVE-2026-5990 is a tenda f451 safeemailfilter fromsafeemailfilter stack-based overflow in Tenda F451, fixed by the same patch as CVE-2026-59
CVE-2026-5991 is a tenda f451 wrlextraset formwrlextraset stack-based overflow in Tenda F451, fixed by the same patch as CVE-2026-5988.
CVE-2026-5992 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6001 authorization bypass through user-controlled key in Bapsi̇s. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-6002 improper neutralization of script-related html tags in a web page (basic xss) in DivvyDrive. Runnable upgrade commands and ver
CVE-2026-6009: an unsafe deserialization in JasperReports Library Community Edition. Patched version and vendor advisory inside.
CVE-2026-6012 is a buffer overflow in DIR-513. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6013 is a buffer overflow in DIR-513. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6014 is a buffer overflow in DIR-513. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6015 is a stack buffer overflow in AC9. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6016 is a stack buffer overflow in AC9. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6022 - CWE-400 Uncontrolled Resource Consumption in Telerik UI for ASP.NET AJAX. Runnable patch commands, mitigation, and verificat
CVE-2026-6023 - CWE-502 Deserialization of Untrusted Data in Telerik UI for ASP.NET AJAX. Runnable patch commands, mitigation, and verificat
CVE-2026-6043 - CWE-1188 Initialization of a resource with an insecure default in Helix Core Server (P4D). Runnable patch commands, mitigati
CVE-2026-6066 is a cleartext transmission of sensitive information in Automate. This page lists verified fix commands and short-term mitigat
CVE-2026-6067 is an out-of-bounds write in NASM. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6069 is a stack buffer overflow in NASM. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6073 is a cross-site scripting (XSS) in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-6120 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6121 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6122 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6123 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6124 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6133 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6134 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6135 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6136 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6137 is a stack buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6157 is a buffer overflow in A800R. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6168 is a stack buffer overflow in A7000R. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6177: a cross-site scripting (XSS) in Custom Twitter Feeds – A Tweets Widget o. Patched version and vendor advisory inside.
CVE-2026-6186 is a buffer overflow in HiPER 1200GW. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6194 is a stack buffer overflow in A3002MU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6196 is a stack buffer overflow in F456. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6197 is a stack buffer overflow in F456. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6198 is a stack buffer overflow in F456. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6199 is a stack buffer overflow in F456. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6200 is a stack buffer overflow in F456. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6204 is an OS command injection in librenms. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6210 access of resource using incompatible type ('type confusion') in Qt. Runnable upgrade commands and verification steps for sysa
CVE-2026-6227 is a path traversal in BackWPup – WordPress Backup & Restore Plugin. This page lists verified fix commands and short-term miti
CVE-2026-6228: a local privilege escalation in Frontend Admin by DynamiApps. Patched version and vendor advisory inside.
CVE-2026-6229 - CWE-918 Server-Side Request Forgery (SSRF) in Royal Addons for Elementor – Addons and Templates Kit for Elementor. Runnable
CVE-2026-6248 is a path traversal in wpForo Forum. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6249 is an unrestricted file upload in Vvveb CMS. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-6261 unrestricted upload of file with dangerous type in Betheme. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-6265 - CWE-278 Insecure preserved inherited permissions in Cerberus FTP Server. Runnable patch commands, mitigation, and verificati
CVE-2026-6266 authentication bypass by primary weakness in Red Hat Ansible Automation Platform 2.5 for RHEL 8. Runnable upgrade commands and
CVE-2026-6272 - CWE-306: Missing Authentication for Critical Function in Eclipse KUKSA - Databroker. Runnable patch commands, mitigation, an
CVE-2026-6281 is an OS command injection in Personal Cloud T2s. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-6282 is a path traversal in Personal Cloud T2s. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-6290 is an incorrect authorization in Velociraptor. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-6297 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6299 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6300 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6301 is a type confusion in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6302 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6303 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6304 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6305 is a heap buffer overflow in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6306 is a heap buffer overflow in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6307 is a type confusion in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6308 is an out-of-bounds read in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6309 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6310 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6311 is an uninitialized use in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6314 is an out-of-bounds write in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6315 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6316 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6317 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6318 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6319 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6320 - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Salon Booking System – Free Version
CVE-2026-6321 improper limitation of a pathname to a restricted directory ('path traversal') in fast-uri. Runnable upgrade commands and veri
CVE-2026-6322 is a interpretation conflict in fast-uri. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-6328 is an improper input validation in XQUIC. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6346 is an information disclosure in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-6347 is an information disclosure in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-6351 is a neutralization of crlf sequences in MailAudit. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-6358 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6359 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6360 is an use-after-free in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6361 is a heap buffer overflow in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6363 is a type confusion in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6372 is a missing authorization in Accept Cryptocurrencies with Plisio. This page lists verified fix commands and short-term mitiga
CVE-2026-6375 - CWE-639 Authorization bypass through User-Controlled key in Online Booking System. Runnable patch commands, mitigation, and
CVE-2026-6376 - CWE-306 Missing authentication for critical function in Online Booking System. Runnable patch commands, mitigation, and veri
CVE-2026-6384 is a buffer copy without checking size of in Red Hat Enterprise Linux 6. This page lists verified fix commands and short-term
CVE-2026-6389 - CWE-269 Improper Privilege Management in Turbonomic prometurbo agent. Runnable patch commands, mitigation, and verification
CVE-2026-6403 is a path traversal in Quick Playground. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-6406 is an access control bypass in Docker Desktop. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-6409 is an improper input validation in Protobuf-php (Pecl). This page lists verified fix commands and short-term mitigations you c
CVE-2026-6411 is a security vulnerability in MAXHUB Pivot client application. Patched version, runnable upgrade commands, and how to verify
CVE-2026-6419 is a local privilege escalation in Wishlist Member. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-6421 is an uncontrolled search path element in MobaXterm Home Edition. This page lists verified fix commands and short-term mitigat
CVE-2026-6433 improper control of generation of code ('code injection') in Custom css-js-php. Runnable upgrade commands and verification ste
CVE-2026-6442 is a validation of syntactic correctness of input in Cortex Code CLI. This page lists verified fix commands and short-term mit
CVE-2026-6456 is an authentication bypass in Account Switcher. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-6473 is a vulnerability in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-6475 is a vulnerability in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-6476 is a SQL injection in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-6477 is a vulnerability in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-6479 is a denial of service in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-6482 is an inclusion of functionality from untrusted control in Insight Agent. This page lists verified fix commands and short-term
CVE-2026-6483 is an OS command injection in WL-WN530H4. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6506 is a missing authorization in InfusedWoo Pro. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-6507 is an out-of-bounds write in Red Hat Enterprise Linux 10. This page lists verified fix commands and short-term mitigations you
CVE-2026-6514: a server-side request forgery (SSRF) in InfusedWoo Pro. Patched version and vendor advisory inside.
CVE-2026-6518 is an unrestricted file upload in CMP – Coming Soon & Maintenance Plugin by NiteoThemes. This page lists verified fix commands
CVE-2026-6543 - CWE-94 Improper Control of Generation of Code ('Code Injection') in Langflow Desktop. Runnable patch commands, mitigation, a
CVE-2026-6553 is a cleartext storage of sensitive information in TYPO3 CMS. This page lists verified fix commands and short-term mitigations
CVE-2026-6560 is a buffer overflow in Magic B0. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6563 is a buffer overflow in Magic B1. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6581 is a buffer overflow in Magic B1. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6630 is a buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6631 is a buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6632 is a buffer overflow in F451. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6637 is a stack-based buffer overflow in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-6643 is a stack buffer overflow in ADM. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6659 use of cryptographically weak pseudo-random number generator (prng) in Crypt::PasswdMD5. Runnable upgrade commands and verific
CVE-2026-6664 is a integer overflow or wraparound in PgBouncer. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-6665 is a stack-based buffer overflow in PgBouncer. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-6690 improper neutralization of input during web page generation ('cross-site scripti in LifePress. Runnable upgrade commands and v
CVE-2026-6691 buffer copy without checking size of input in MongoDB C Driver. Runnable upgrade commands and verification steps for sysadmins
CVE-2026-6692 unrestricted upload of file with dangerous type in Slider Revolution. Runnable upgrade commands and verification steps for sys
CVE-2026-6735 improper neutralization of input during web page generation ('cross-site scripti in PHP. Runnable upgrade commands and verific
CVE-2026-6741 - CWE-269 Improper Privilege Management in LatePoint – Calendar Booking Plugin for Appointments and Events. Runnable patch com
CVE-2026-6746 is an use-after-free in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6747 is an use-after-free in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6749 is an use of uninitialized resource in Firefox. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-6750 is an improper privilege management in Firefox. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-6751 is an use of uninitialized variable in Firefox. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-6752 is a buffer overflow in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6753 is a buffer overflow in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6754 is an use-after-free in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6756 is an information disclosure in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6758 is an use-after-free in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6759 is an use-after-free in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6761 is an improper privilege management in Firefox. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-6766 is a check for unusual or exceptional conditions in Firefox. This page lists verified fix commands and short-term mitigations
CVE-2026-6769 is an improper privilege management in Firefox. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-6772 is a check for unusual or exceptional conditions in Firefox. This page lists verified fix commands and short-term mitigations
CVE-2026-6773 is an integer overflow in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6776 is a buffer overflow in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6780 is a denial of service in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6781 is a denial of service in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6782 is an information disclosure in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6784 is an out-of-bounds read in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6785 is an out-of-bounds read in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6786 is an use-after-free in Firefox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6787 is a use of hard-coded cryptographic key in WatchGuard Agent. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-6788 is a uncontrolled search path element in WatchGuard Agent. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-6819 is a default permissions in OpenHarness. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6823 is a default permissions in OpenHarness. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6832 is a path traversal in hermes-webui. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6833 - CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') in a+HRD. Runnable patch command
CVE-2026-6834 - CWE-862 Missing Authorization in a+HRD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-6846 - Heap-based Buffer Overflow in Red Hat Enterprise Linux 10. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-6849 - CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection') in Pardus OS My Computer.
CVE-2026-6855 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Red Hat Enterprise Linux AI (RHEL AI) 3. R
CVE-2026-6857 - Deserialization of Untrusted Data in Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14. Runnable patch commands, m
CVE-2026-6859 - Inclusion of Functionality from Untrusted Control Sphere in Red Hat Enterprise Linux AI (RHEL AI) 3. Runnable patch commands
CVE-2026-6865 improper limitation of a pathname to a restricted directory (“path traversal”) in EasyLogic T150 (formerly Saitel DR) Remote T
CVE-2026-6866 initialization of a resource with an insecure default in EcoStruxure™ Panel Server. Runnable upgrade commands and verification
CVE-2026-6888 is a vulnerability in SaaS Composer. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-6895 is a local privilege escalation in Wishlist Member. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-6897 is a local privilege escalation in Wishlist Member. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-6898 is a local privilege escalation in Wishlist Member. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-6902 is a code injection in P4 (Helix Core). Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-6903 - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in LabOne. Runnable patch commands, mi
CVE-2026-6912 - CWE-915 Improperly controlled modification of Dynamically-Determined object attributes in AWS Ops Wheel. Runnable patch comm
CVE-2026-6914 - CWE-191 Integer underflow (wrap or wraparound) in MongoDB Server. Runnable patch commands, mitigation, and verification on t
CVE-2026-6918 is a out-of-bounds read in Eclipse OpenJ9. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-6921 - Race in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-6929: a SQL injection in JoomSport – for Sports: Team & League. Patched version and vendor advisory inside.
CVE-2026-6947 - CWE-307 Improper restriction of excessive authentication attempts in DWM-222W. Runnable patch commands, mitigation, and veri
CVE-2026-6963 - CWE-862 Missing Authorization in WP Mail Gateway. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-6966 - CWE-347: Improper Verification of Cryptographic Signature in tough. Runnable patch commands, mitigation, and verification on
CVE-2026-6967 - CWE-345: Insufficient Verification of Data Authenticity in tough. Runnable patch commands, mitigation, and verification on t
CVE-2026-6968 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in tough. Runnable patch commands, mi
CVE-2026-6970 - CWE-842 Placement of user into incorrect group in authd. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-6988 - Buffer Overflow in HG10. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-6992 - OS Command Injection in MR9600. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7019 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7029 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7030 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7031 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7032 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7033 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7034 - Stack-based Buffer Overflow in FH1202. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7035 - Stack-based Buffer Overflow in FH1202. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7039 - Command Injection in ssh-mcp. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7040 - CWE-176 Improper Handling of Unicode Encoding in Text::Minify::XS. Runnable patch commands, mitigation, and verification on
CVE-2026-7049 - CWE-918 Server-Side Request Forgery (SSRF) in PixelYourSite Pro – Your smart PIXEL (TAG) Manager. Runnable patch commands, m
CVE-2026-7053 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7054 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7055 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7056 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7057 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7068 - Buffer Overflow in DIR-825. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7069 - Buffer Overflow in DIR-825. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7078 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7079 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7080 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7081 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7082 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7096 - OS Command Injection in HG3. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7097 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7098 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7099 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7100 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7101 - Buffer Overflow in F456. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7106 - CWE-269 Improper Privilege Management in Highland Software Custom Role Manager. Runnable patch commands, mitigation, and ver
CVE-2026-7111 - CWE-825 Expired Pointer Dereference in Text::CSV_XS. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7119 - OS Command Injection in HG3. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7151 - Stack-based Buffer Overflow in HG3. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7160 - Command Injection in HG3. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7164 - CWE-674: Uncontrolled Recursion in FreeBSD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7191 - CWE-94: Improper Control of Generation of Code ('Code Injection') in QnABot on AWS. Runnable patch commands, mitigation, and
CVE-2026-7218 - Buffer Overflow in N300RT. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7219 - Buffer Overflow in N300RT. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7246 - CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Click. Runnable patch commands
CVE-2026-7247 - Buffer Overflow in DI-8100. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7252 improper limitation of a pathname to a restricted directory ('path traversal') in WP-Optimize – Cache, Compress images, Minify
CVE-2026-7256 improper neutralization of special elements used in an os command ('os command i in WRE6505 v2 firmware. Runnable upgrade comm
CVE-2026-7270 - CWE-783: Operator Precedence Logic Error in FreeBSD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7279 - CWE-427 Uncontrolled Search Path Element in AVACAST. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7280 - CWE-428 Unquoted search path or element in AVACAST. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7287 buffer copy without checking size of input ('classic buffer overflow') in NWA1100-N firmware. Runnable upgrade commands and ve
CVE-2026-7288 - Buffer Overflow in DIR-825M. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7289 - Buffer Overflow in DIR-825M. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7307 is a vulnerability in Red Hat build of Keycloak 26.2. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-7320 - Information disclosure due to incorrect boundary conditions in Firefox. Runnable patch commands, mitigation, and verificatio
CVE-2026-7322 - Memory safety bugs fixed in Firefox. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7323 - Memory safety bugs fixed in Firefox. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7324 - Memory safety bugs fixed in Firefox. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7330 improper neutralization of input during web page generation ('cross-site scripti in Auto Affiliate Links. Runnable upgrade com
CVE-2026-7332 improper neutralization of input during web page generation ('cross-site scripti in LatePoint – Calendar Booking Plugin for Ap
CVE-2026-7334 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7335 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7336 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7337 - Type Confusion in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7338 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7339 - Heap buffer overflow in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7341 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7342 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7343 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7344 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7345 - Insufficient validation of untrusted input in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7346 - Inappropriate implementation in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7347 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7348 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7349 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7350 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7352 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7353 - Heap buffer overflow in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7354 - Out of bounds read and write in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7355 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7356 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7357 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7358 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7359 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7361 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7363 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7371 improper neutralization of input during web page generation ('cross-site scripti in Gv-Lpc2011/Lpc2211. Runnable upgrade comma
CVE-2026-7373 is a local privilege escalation in Metasploit Pro. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-7377 is a cross-site scripting (XSS) in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-7399 - CWE-639 Authorization bypass through User-Controlled key in PDKS. Runnable patch commands, mitigation, and verification on t
CVE-2026-7402 - CWE-799 Improper Control of Interaction Frequency in PDKS. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-7412 is a server-side request forgery (ssrf) in Eclipse BaSyx. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2026-7413 is a hidden functionality in Firmware. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7418 - Buffer Overflow in HiPER 1250GW. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7419 - Buffer Overflow in HiPER 1250GW. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7420 - Buffer Overflow in HiPER 1250GW. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7422 - CWE-290: Authentication Bypass by Spoofing in FreeRTOS-Plus-TCP. Runnable patch commands, mitigation, and verification on th
CVE-2026-7424 - CWE-191: Integer Underflow (Wrap or Wraparound) in FreeRTOS-Plus-TCP. Runnable patch commands, mitigation, and verification
CVE-2026-7432 concurrent execution using shared resource with improper synchronization ('race in Secure Access Client. Runnable upgrade comm
CVE-2026-7435 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SSCMS. Runnable patch command
CVE-2026-7460 is a cross-site scripting (XSS) in mailcow-dockerized. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-7461 - CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection') in Amazon ECS Agent. Runna
CVE-2026-7466 - CWE-94: Improper Control of Generation of Code ('Code Injection') in AgentFlow. Runnable patch commands, mitigation, and ver
CVE-2026-7467: a local privilege escalation in Read More & Accordion. Patched version and vendor advisory inside.
CVE-2026-7470 - Stack-based Buffer Overflow in 4G300. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7474 improper limitation of a pathname to a restricted directory (path traversal) in Nomad. Runnable upgrade commands and verificat
CVE-2026-7481 is a cross-site scripting (XSS) in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-7489 - CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') in CTMS. Runnable patch commands
CVE-2026-7490 - CWE-434 Unrestricted upload of file with dangerous type in CTMS. Runnable patch commands, mitigation, and verification on th
CVE-2026-7491 - CWE-639 Authorization bypass through User-Controlled key in School App. Runnable patch commands, mitigation, and verificatio
CVE-2026-7498 is a cross-site scripting (XSS) in DernekWeb. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-7503 - Buffer Overflow in for Plugin. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7504 is an open redirect in Red Hat build of Keycloak 26.2. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-7507: an authentication bypass in Red Hat build of Keycloak 26.2. Patched version and vendor advisory inside.
CVE-2026-7512 - Buffer Overflow in HiPER 1200GW. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7513 - Buffer Overflow in HiPER 1200GW. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7522: a vulnerability in Advanced Database Cleaner – Premium. Patched version and vendor advisory inside.
CVE-2026-7548 - Command Injection in NR1800X. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7551 - CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in OpenHarness. Runnable p
CVE-2026-7571 is a vulnerability in Red Hat build of Keycloak 26.4. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-7584 - CWE-502 Deserialization of Untrusted Data in LabOne Q. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7607 - Buffer Overflow in TEW-821DAP. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7613: a cross-site scripting (XSS) in Cost of Goods by PixelYourSite. Patched version and vendor advisory inside.
CVE-2026-7635: an unsafe deserialization in coreActivity: Activity Logging for WordP. Patched version and vendor advisory inside.
CVE-2026-7641 - CWE-269 Improper Privilege Management in Import and export users and customers. Runnable patch commands, mitigation, and ver
CVE-2026-7647 - CWE-502 Deserialization of Untrusted Data in Profile Builder Pro. Runnable patch commands, mitigation, and verification on t
CVE-2026-7649 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ARMember – Membership Plugin,
CVE-2026-7674 is a buffer overflow in Lbt-T300-Hw1. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7675 is a buffer overflow in Lbt-T300-Hw1. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7684 - Buffer Overflow in BR-6428nC. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7685 - Buffer Overflow in BR-6208AC. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7717 is a buffer overflow in Wa300. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7748 is a buffer overflow in N300Rh. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7749 is a buffer overflow in N300Rh. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7750 is a buffer overflow in N300Rh. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7768 allocation of resources without limits or throttling in @fastify/accepts-serializer. Runnable upgrade commands and verificatio
CVE-2026-7776 allocation of resources without limits or throttling in Boundary. Runnable upgrade commands and verification steps for sysadmi
CVE-2026-7790 is a uncontrolled resource consumption in cowlib. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-7791 time-of-check time-of-use (toctou) race condition in Workspaces. Runnable upgrade commands and verification steps for sysadmin
CVE-2026-7807 improper limitation of a pathname to a restricted directory ('path traversal') in SmarterMail. Runnable upgrade commands and v
CVE-2026-7815 improper neutralization of special elements used in an sql command ('sql injecti in pgAdmin 4. Runnable upgrade commands and v
CVE-2026-7816 improper neutralization of special elements used in an sql command ('sql injecti in pgAdmin 4. Runnable upgrade commands and v
CVE-2026-7818 is a deserialization of untrusted data in pgAdmin 4. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-7819 is a unix symbolic link (symlink) following in pgAdmin 4. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2026-7821 improper certificate validation in Endpoint Manager Mobile. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-7832 is a symlink following in Advanced SystemCare. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7833 is a command injection in ipTIME C200. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7841 improper control of generation of code ('code injection') in ASManager. Runnable upgrade commands and verification steps for s
CVE-2026-7851 is a stack-based buffer overflow in Di-8100. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7855 is a buffer overflow in Di-8100. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7856 is a buffer overflow in Di-8100. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7857 is a buffer overflow in Di-8100. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7865 improper neutralization of argument delimiters in a command ('argument injection in Touchpanels (x60/x70). Runnable upgrade co
CVE-2026-7875 improper limitation of a pathname to a restricted directory ('path traversal') in NanoClaw. Runnable upgrade commands and veri
CVE-2026-7896 is a integer overflow in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7897 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7898 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7899 is a out-of-bounds read in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7900 is a heap buffer overflow in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7901 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7902 is a out-of-bounds read in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7903 is a integer overflow in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7905 is a insufficient validation of untrusted input in Chrome. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-7906 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7907 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7911 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7913 is a protection mechanism failure in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7914 is a type confusion in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7916 is a improper input validation in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7917 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7918 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7919 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7920 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7921 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7922 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7923 is a out of bounds write in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7925 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7926 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7927 is a type confusion in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7928 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7929 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7930 is a insufficient validation of untrusted input in Chrome. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-7938 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7940 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7948 is a race in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7951 is a out of bounds write in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7956 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7957 is a out of bounds write in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7963 is a protection mechanism failure in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7967 is a insufficient validation of untrusted input in Chrome. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-7970 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7973 is a integer overflow in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7974 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7975 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7976 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7978 is a protection mechanism failure in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7980 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7981 is a out of bounds read in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7984 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7985 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7987 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7988 is a type confusion in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7990 is a insufficient validation of untrusted input in Chrome. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-7991 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7992 is a insufficient validation of untrusted input in Chrome. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-7994 is a improper privilege management in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7995 is a out of bounds read in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7997 is a insufficient validation of untrusted input in Chrome. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-8000 is a insufficient validation of untrusted input in Chrome. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-8001 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8002 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8007 is a insufficient validation of untrusted input in Chrome. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-8016 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8018 is a protection mechanism failure in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8034 is a server-side request forgery (ssrf) in Enterprise Server. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-8051 improper neutralization of special elements used in an os command ('os command i in Virtual Traffic Manager. Runnable upgrade
CVE-2026-8053 is a out-of-bounds write in MongoDB Server. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8063 is a null pointer dereference in MongoDB Server. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8069 improper limitation of a pathname to a restricted directory ('path traversal') in PredatorSense V3. Runnable upgrade commands
CVE-2026-8073 is a path traversal in Kirki – Freeform Page Builder. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-8077 is a missing authorization in CashDro 3 Administration Panel. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-8090 is a use after free in Firefox. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8092 is a out-of-bounds read in Firefox. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8093 improper restriction of operations within the bounds of a memory buffer in Firefox. Runnable upgrade commands and verification
CVE-2026-8108 is a security vulnerability in Tellus. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8110 incorrect permission assignment for critical resource in Endpoint Manager. Runnable upgrade commands and verification steps fo
CVE-2026-8111 improper neutralization of special elements used in an sql command ('sql injecti in Endpoint Manager. Runnable upgrade command
CVE-2026-8135 is an unsafe deserialization in Concrete CMS. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-8137 is a buffer overflow in X5000R. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8138 is a stack-based buffer overflow in Cx12L. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8140: a cross-site request forgery (CSRF) in Concrete CMS. Patched version and vendor advisory inside.
CVE-2026-8148 is a incorrect privilege assignment in NAVER MYBOX Explorer. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-8159 is a inefficient regular expression complexity in multiparty. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-8161 is a uncaught exception in multiparty. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8162 is a improper handling of exceptional conditions in multiparty. Patched version, runnable upgrade commands, and how to verify
CVE-2026-8177 is a out-of-bounds read in XML::LibXML. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8178 use of externally-controlled input to select classes or code in Amazon Redshift JDBC Driver. Runnable upgrade commands and ver
CVE-2026-8197 is a cross-site scripting (XSS) in Concrete CMS. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-8199 is a path traversal in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8203 is a cross-site scripting (XSS) in Concrete CMS. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-8207 improper neutralization of special elements used in an sql command ('sql injecti in gibbon. Runnable upgrade commands and veri
CVE-2026-8208 improper control of filename for include/require statement in php program ('php in gibbon. Runnable upgrade commands and verif
CVE-2026-8234 is a stack-based buffer overflow in ipTIME A8004T. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-8260 is a buffer overflow in Dcs-935L. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8336 is an use-after-free in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8350 is an access control bypass in Concrete CMS. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-8370 is a path traversal in Automic Automation. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-8389 is a function call with incorrect argument type in Firefox. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-8390 is a use after free in Firefox. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8417: a cross-site request forgery (CSRF) in Concrete CMS. Patched version and vendor advisory inside.
CVE-2026-8421: a cross-site request forgery (CSRF) in Concrete CMS. Patched version and vendor advisory inside.
CVE-2026-8426: a cross-site request forgery (CSRF) in Concrete CMS. Patched version and vendor advisory inside.
CVE-2026-8428: a cross-site request forgery (CSRF) in Concrete CMS. Patched version and vendor advisory inside.
CVE-2026-8429 improper control of generation of code ('code injection') in Spip. Runnable upgrade commands and verification steps for sysadm
CVE-2026-8430 improper control of generation of code ('code injection') in Spip. Runnable upgrade commands and verification steps for sysadm
CVE-2026-8466 is a denial of service in cowboy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8468 is a denial of service in plug. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8469 is a denial of service in phoenix_storybook. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-8596 is an information disclosure in AWS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8597 is an unsafe deserialization in AWS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8602 is an authentication bypass in ScadaBR. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8603 is an OS command injection in ScadaBR. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8604 is a cross-site request forgery (CSRF) in ScadaBR. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-8621 is an authentication bypass in crabbox. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8629: an insecure direct object reference (IDOR) in crabbox. Patched version and vendor advisory inside.
CVE-2026-8632: an OS command injection in HP Linux Imaging and Printing Software. Patched version and vendor advisory inside.
CVE-2026-8654 is an OS command injection in IBM Db2 Connector. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-8657 is a vulnerability in jsondiffpatch. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8671 is an information disclosure in Avantra. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-8679: an insecure direct object reference (IDOR) in AudioIgniter Music Player. Patched version and vendor advisory inside.
CVE-2026-8686 is an out-of-bounds read in coreMQTT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8695 is an use-after-free in radare2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8696 is an use-after-free in radare2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8711 is a path traversal in NGINX JavaScript. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-8719: a local privilege escalation in AI Engine – The Chatbot. Patched version and vendor advisory inside.
CVE-2026-8726 is a SQL injection in Extension "News system". Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-8727: an unsafe deserialization in Extension "Site Crawler". Patched version and vendor advisory inside.
CVE-2026-8764 is a vulnerability in Magic B3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8775 is a vulnerability in BR-6428NS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8776 is a vulnerability in BR-6428NS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8813 is an access control bypass in exifreader. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-8827 is a SQL injection in Extension "Address List". Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-8843 is a denial of service in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-8851 is a SQL injection in SOGo Webmail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8912: a SQL injection in Contest Gallery – Upload & Vote Photos. Patched version and vendor advisory inside.
CVE-2026-8992 is an authentication bypass in Secure Access Client. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-9003 is a SQL injection in TPR7308. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-9010 is a SQL injection in Boost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-9011: a missing authorization in Ditty – Responsive News Tickers. Patched version and vendor advisory inside.
CVE-2026-9018: a local privilege escalation in Easy Elements for Elementor – Addons & W. Patched version and vendor advisory inside.
CVE-2026-9057: an access control bypass in Talend Administration Center. Patched version and vendor advisory inside.
CVE-2026-9064 is a denial of service in Red Hat Directory Server 11. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-9089 is a code injection in Automate. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-9133 is a vulnerability in RabbitMQ AWS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-9136 is an insecure direct object reference (IDOR) in misp. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-9144: a cross-site scripting (XSS) in AG1000-01A SMS Alert Gateway. Patched version and vendor advisory inside.
CVE-2026-9157 is an improper input validation in Web Fax. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-9255 is a missing authorization in Kiro CLI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-9256 is a path traversal in NGINX Plus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-9277 is an OS command injection in shell-quote. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-9284: a missing authorization in WooCommerce PayPal Payments. Patched version and vendor advisory inside.
CVE-2026-9291: an unsafe deserialization in Amazon Braket Python SDK. Patched version and vendor advisory inside.
CVE-2026-0005 is a information exposure in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0012 is a cwe-284 improper access control in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0014 is a improper input validation in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0015 is a improper input validation in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0024 is a missing authorization in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0027 is a use-after-free in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0049 is a denial of service in Google Android. CVSS 6.2 Medium. Patch commands, mitigations, and verification.
CVE-2026-0108 is a information disclosure in Google Android. CVSS 4 Medium. Patch commands, mitigations, and verification.
CVE-2026-0119 is a elevation of privilege in Google Android. CVSS 6.8 Medium. Patch commands, mitigations, and verification.
CVE-2026-0203 is a denial of service in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0205 - CWE-35 Path traversal: '.../...//' in SonicOS. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-0206 - CWE-121 Stack-based buffer overflow in SonicOS. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-0209 is an operator precedence logic error in FlashArray. This page lists verified fix commands and short-term mitigations you can
CVE-2026-0227 is a denial of service in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0229 is a denial of service in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0230: Cortex XDR Agent: Local Administrator can disable the agent on macOS in Cortex XDR Agent. Patch commands and verification.
CVE-2026-0231: Cortex XDR Broker VM: Sensitive Information Disclosure in Cortex XDR Broker VM. Patch commands and verification.
CVE-2026-0232 is a cwe-15: external control of system or in Cortex XDR Agent. This page lists verified fix commands and short-term mitigatio
CVE-2026-0235 is a denial of service in Prisma Browser. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0239 is a vulnerability in Chronosphere Chronocollector. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0240 is a vulnerability in Trust Protection Foundation. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0241 is a denial of service in Trust Protection Foundation. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0242 is a SQL injection in Trust Protection Foundation. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0243 is a denial of service in Prisma SD-WAN ION. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0244 is an authentication bypass in Prisma SD-WAN ION. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-0245 is an information disclosure in Prisma Access Agent. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0246 is a missing authorization in Prisma Access Agent. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0247 is an authentication bypass in Prisma Access Agent. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0248 is an authentication bypass in Prisma Access Agent. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0249 is an authentication bypass in GlobalProtect App. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-0250 is an OS command injection in GlobalProtect App. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0251 is a vulnerability in GlobalProtect App. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0256 is a cross-site scripting (XSS) in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0257 is a vulnerability in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0258 is a server-side request forgery (SSRF) in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0259: an arbitrary file read in WildFire WF-500 and WF-500-B. Patched version and vendor advisory inside.
CVE-2026-0261 is an OS command injection in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0262 is a denial of service in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0385: Microsoft Edge (Chromium-based) for Android Spoofing in Microsoft Edge for Android. Patch commands and verification.
CVE-2026-0390 is a cwe-807: reliance on untrusted inputs in in Microsoft Windows. This page lists verified fix commands and short-term mitig
CVE-2026-0391 is a vulnerability in Microsoft Edge (Chromium-based). Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0393 is a path traversal in Visualization. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0394 is a path traversal in OX Dovecot Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0398 is a vulnerability in Recursor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0399 is a stack buffer overflow in SonicWall SonicOS. This page lists the verified fix and inline mitigations.
CVE-2026-0400 is a cwe-134 use of externally-controlled format string in SonicWall SonicOS. This page lists the verified fix and inline miti
CVE-2026-0401 is a null pointer dereference in SonicWall SonicOS. This page lists the verified fix and inline mitigations.
CVE-2026-0402 is a out-of-bounds read in SonicWall SonicOS. This page lists the verified fix and inline mitigations.
CVE-2026-0404 is an OS command injection in RBRE960. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0405 is an authentication bypass in RBE970. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0406 is an improper input validation in XR1000v2. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0407 is an authentication bypass in EX5000. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0408 is a path traversal in EX5000. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0427 is a vulnerability in AMD Instinct™ MI210. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0438: a vulnerability in AMD Ryzen™ 7040 Series Mobile Processors. Patched version and vendor advisory inside.
CVE-2026-0483 is a vulnerability in LiveHelperChat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0484: a vulnerability in SAP NetWeaver Application Server ABAP an. Patched version and vendor advisory inside.
CVE-2026-0486 is a vulnerability in ABAP based SAP systems. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0489: CWE-79: Improper Neutralization of Input During Web Page Generation in SAP Business One (Job Service). Patch commands and ver
CVE-2026-0493: a vulnerability in SAP Fiori App (Intercompany Balance Reco. Patched version and vendor advisory inside.
CVE-2026-0494: a vulnerability in SAP Fiori App (Intercompany Balance Reco. Patched version and vendor advisory inside.
CVE-2026-0495: a vulnerability in SAP Fiori App (Intercompany Balance Reco. Patched version and vendor advisory inside.
CVE-2026-0496: an unrestricted file upload in SAP Fiori App (Intercompany Balance Reco. Patched version and vendor advisory inside.
CVE-2026-0497: a vulnerability in Business Server Pages Application (Produ. Patched version and vendor advisory inside.
CVE-2026-0499 is a vulnerability in SAP NetWeaver Enterprise Portal. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0502: a cross-site request forgery (CSRF) in SAP BusinessObjects Business Intelligenc. Patched version and vendor advisory inside.
CVE-2026-0503: a vulnerability in SAP ERP Central Component and SAP S/4HAN. Patched version and vendor advisory inside.
CVE-2026-0505 is a vulnerability in SAP Document Management System. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-0512 is a cross-site scripting in SAP Supplier Relationship Management (SICF Handler in SRM Catalog). This page lists verified fix
CVE-2026-0513: a vulnerability in SAP Supplier Relationship Management (SI. Patched version and vendor advisory inside.
CVE-2026-0514 is a vulnerability in SAP Business Connector. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0517 is a vulnerability in Secure Access. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0518 is a vulnerability in Secure Access. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0519 is a vulnerability in Secure Access. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0521 is a vulnerability in MAP+. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0528 is a denial of service in Metricbeat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0529 is a vulnerability in Packetbeat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0530 is an OS command injection in Kibana. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0531 is an OS command injection in Kibana. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0540 is a cross-site scripting in cure53 DOMPurify. This page lists the verified fix and inline mitigations.
CVE-2026-0541 is an arbitrary file read in AXIS OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0543 is an improper input validation in Kibana. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0544 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0546 is a SQL injection in Content Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0547: an unrestricted file upload in Online Course Registration. Patched version and vendor advisory inside.
CVE-2026-0548: a vulnerability in Tutor LMS – eLearning and online course . Patched version and vendor advisory inside.
CVE-2026-0549 is a vulnerability in Groups. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0550: a vulnerability in Points Management System For Gamificatio. Patched version and vendor advisory inside.
CVE-2026-0552: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Simple Shopping Cart. Patch commands
CVE-2026-0554 is a vulnerability in NotificationX – FOMO. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-0555 is a vulnerability in Premmerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0556 is a vulnerability in XO Event Calendar. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0557: a vulnerability in WP Data Access – App Builder for Tables. Patched version and vendor advisory inside.
CVE-2026-0559: a vulnerability in MasterStudy LMS WordPress Plugin – for O. Patched version and vendor advisory inside.
CVE-2026-0561 is a vulnerability in Shield: Blocks Bots. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0563: a vulnerability in WP Google Street View (with 360° virtual. Patched version and vendor advisory inside.
CVE-2026-0565 is a SQL injection in Content Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0566: an unrestricted file upload in Content Management System. Patched version and vendor advisory inside.
CVE-2026-0567 is a SQL injection in Content Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0568 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0569 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0570 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0571 is a path traversal in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0572 is a vulnerability in WebPurify Profanity Filter. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-0574 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0575: a SQL injection in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0576: a SQL injection in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0577: an unrestricted file upload in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0578: a SQL injection in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0579: a SQL injection in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0580 is a vulnerability in API Key Manager App. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0581 is an OS command injection in AC1206. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0582 is a SQL injection in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0583: a SQL injection in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0584: a SQL injection in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0585: a SQL injection in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0586: a vulnerability in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0587 is a vulnerability in Rainrock RockOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0588 is a vulnerability in Rainrock RockOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0589: an authentication bypass in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0590: a SQL injection in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0591: a SQL injection in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0592: a SQL injection in Online Product Reservation System. Patched version and vendor advisory inside.
CVE-2026-0593: a vulnerability in WP Go Maps (formerly WP Google Maps). Patched version and vendor advisory inside.
CVE-2026-0594 is a vulnerability in List Site Contributors. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0597 is a SQL injection in Supplier Management System. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-0598: a vulnerability in Red Hat Ansible Automation Platform 2.6. Patched version and vendor advisory inside.
CVE-2026-0600 is a vulnerability in Nexus Repository. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0601 is a vulnerability in Nexus Repository. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0602: Authentication Bypass Using an Alternate Path or Channel in GitLab in GitLab. Patch commands and verification.
CVE-2026-0604: a path traversal in FastDup – Fastest WordPress Migration & . Patched version and vendor advisory inside.
CVE-2026-0605 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0606 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0607 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0608 is a vulnerability in Head Meta Data. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0609 is a vulnerability in Logo Slider – Logo Carousel. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0619 is a denial of service in Silicon Labs Matter. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0620 is an authentication bypass in AXE75. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0626: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WPFunnels – Funnel Builder for WooCom
CVE-2026-0627: a vulnerability in AMP for WP – Accelerated Mobile Pages. Patched version and vendor advisory inside.
CVE-2026-0632 is a vulnerability in Fluent Forms Pro Add On Pack. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0635 is a vulnerability in Responsive Accordion Slider. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0636 is a neutralization of special elements used in in BC-JAVA. This page lists verified fix commands and short-term mitigations y
CVE-2026-0641 is an OS command injection in WA300. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0642: a vulnerability in House Rental and Property Listing. Patched version and vendor advisory inside.
CVE-2026-0643: an unrestricted file upload in House Rental and Property Listing. Patched version and vendor advisory inside.
CVE-2026-0649 is a vulnerability in invoiceninja. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0651 is a path traversal in Tapo C260 v1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0655 is a path traversal in TP-Link Systems Inc. Deco BE25 v1.0. This page lists the verified fix and inline mitigations.
CVE-2026-0663 is a vulnerability in M-Files Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0664: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Royal Addons for Elementor – Addons a
CVE-2026-0665 is an OS command injection in the product. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0672 is a vulnerability in CPython. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0674 is a vulnerability in Campaign Monitor for WordPress. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-0676 is a vulnerability in Zorka. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0678: a SQL injection in Shipping Rates by City for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-0679 is a vulnerability in Fortis for WooCommerce. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0680 is a vulnerability in Real Post Slider Lite. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0681: a vulnerability in Extended Random Number Generator. Patched version and vendor advisory inside.
CVE-2026-0683: a SQL injection in SupportCandy – Helpdesk & Customer Suppo. Patched version and vendor advisory inside.
CVE-2026-0684: an access control bypass in CP Image Store with Slideshow. Patched version and vendor advisory inside.
CVE-2026-0687 is a vulnerability in Meta-box GalleryMeta. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-0688: Webmention <= 5.6.2 - Authenticated (Subscriber+) Server-Side Request Forgery in Webmention. Patch commands and verification.
CVE-2026-0689 is a weak credential storage in Extreme Networks ExtremeCloud IQ - Site Engine. This page lists the verified fix and inline mi
CVE-2026-0690 is a vulnerability in FlatPM – Ad Manager. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0691: a vulnerability in CM E-Mail Blacklist – Simple email filte. Patched version and vendor advisory inside.
CVE-2026-0693: a vulnerability in Allow HTML in Category Descriptions. Patched version and vendor advisory inside.
CVE-2026-0694 is a vulnerability in SearchWiz. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0696 is a vulnerability in PSA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0697: a SQL injection in Intern Membership Management System. Patched version and vendor advisory inside.
CVE-2026-0698: a SQL injection in Intern Membership Management System. Patched version and vendor advisory inside.
CVE-2026-0699: a SQL injection in Intern Membership Management System. Patched version and vendor advisory inside.
CVE-2026-0700: a SQL injection in Intern Membership Management System. Patched version and vendor advisory inside.
CVE-2026-0701: a SQL injection in Intern Membership Management System. Patched version and vendor advisory inside.
CVE-2026-0703 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in NextMove Lite – Thank You Pag
CVE-2026-0704 is a path traversal in Octopus Deploy Octopus Server. This page lists the verified fix and inline mitigations.
CVE-2026-0705 is a vulnerability in Acronis Cloud Manager. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0707 is a vulnerability in Red Hat build of Keycloak 26.4. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-0711 - CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection') in DX3300-T0 firmware. Run
CVE-2026-0716 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0717 is an information disclosure in LottieFiles. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0718 is a missing authorization in Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX. This page lists verified
CVE-2026-0722 is a SQL injection in Shield: Blocks Bots. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0724 is a vulnerability in WPlyr Media Block. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0725 is a vulnerability in Integrate Dynamics 365 CRM. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-0727 is a vulnerability in Accordion and Accordion Slider. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-0728: a SQL injection in Intern Membership Management System. Patched version and vendor advisory inside.
CVE-2026-0729: a SQL injection in Intern Membership Management System. Patched version and vendor advisory inside.
CVE-2026-0730 is a vulnerability in Staff Leave Management System. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0731 is a vulnerability in WA1200. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0732 is an OS command injection in DI-8200G. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0733: a SQL injection in Online Course Registration System. Patched version and vendor advisory inside.
CVE-2026-0734 is a vulnerability in WP Allowed Hosts. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0735 is a vulnerability in User Language Switch. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-0736: a vulnerability in Chatbot for WordPress by Collect.chat ⚡️. Patched version and vendor advisory inside.
CVE-2026-0737: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WP Shortcodes Plugin, Shortcodes Ulti
CVE-2026-0738: bundle sibling of CVE-2026-0737. Same patched build closes both.
CVE-2026-0739 is a vulnerability in WMF Mobile Redirector. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0741: a vulnerability in Electric Studio Download Counter. Patched version and vendor advisory inside.
CVE-2026-0742 is a vulnerability in Smart Appointment & Booking. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0743 is a vulnerability in WP Content Permission. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0745 is a vulnerability in User Language Switch. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-0746 is a vulnerability in AI Engine – The Chatbot. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0748: an access control bypass in Internationalization (i18n) - i18n_node . Patched version and vendor advisory inside.
CVE-2026-0749 is a vulnerability in Drupal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0751: a vulnerability in Payment Page | Payment Form for Stripe. Patched version and vendor advisory inside.
CVE-2026-0767 is a vulnerability in Open WebUI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0788 is a vulnerability in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0789 is an information disclosure in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0790 is a path traversal in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0802 is an OS command injection in AXIS OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0803: a SQL injection in Online Course Registration System. Patched version and vendor advisory inside.
CVE-2026-0804 is a path traversal in AXIS OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0806 is a SQL injection in WP-ClanWars. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0808: a vulnerability in Spin Wheel – Interactive spinning wheel . Patched version and vendor advisory inside.
CVE-2026-0809 is a weak ksef token encoding in streamsoft prestiż in Streamsoft Prestiż. CVSS 6.3 Medium. Patch commands, mitigations, and v
CVE-2026-0811: Advanced CF7 DB <= 2.0.9 - Cross-Site Request Forgery to Form Entry Deletion in Advanced Contact form 7 DB. Patch commands an
CVE-2026-0812 is a vulnerability in LinkedIn SC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0813 is a vulnerability in Short Link. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0814 is a missing authorization in Vsourz1td Advanced Contact form 7 DB. CVSS 4.3 Medium. Patch commands, mitigations, and verifica
CVE-2026-0815 is a vulnerability in Category Image. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0816 is a SQL injection in All push notification for WP. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0820: a vulnerability in RepairBuddy – Repair Shop CRM & Booking . Patched version and vendor advisory inside.
CVE-2026-0821 is a path traversal in quickjs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0822 is a path traversal in quickjs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0824 is a vulnerability in ui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0825 is a vulnerability in Database for Contact Form 7. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0827 is a cwe-59: improper link resolution before file in Diagnostics. This page lists verified fix commands and short-term mitigat
CVE-2026-0831: an access control bypass in Templately – Elementor & Gutenberg Templ. Patched version and vendor advisory inside.
CVE-2026-0833: a vulnerability in Team Section Block – Shows Team Membe. Patched version and vendor advisory inside.
CVE-2026-0835: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') in Sterling B2B Integrator. Patch
CVE-2026-0842 is an authentication bypass in smART Sketcher. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0843 is a SQL injection in jjjfood. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0850: a SQL injection in Intern Membership Management System. Patched version and vendor advisory inside.
CVE-2026-0851 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0852 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0853 is a vulnerability in AP-RM864P. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0857: an information disclosure in Meona Client Launcher Component. Patched version and vendor advisory inside.
CVE-2026-0858: a vulnerability in net.sourceforge.plantuml:plantuml. Patched version and vendor advisory inside.
CVE-2026-0859 is an unsafe deserialization in TYPO3 CMS. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0862 is a vulnerability in Save as PDF Plugin by PDFCrowd. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-0865 is a vulnerability in CPython. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0867 is a vulnerability in Essential Widgets. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0868 is a cross-site scripting in EMC – Easily Embed Calendly Scheduling. This page lists verified fix commands and short-term miti
CVE-2026-0871 is a incorrect privilege assignment in Red Hat Red Hat build of Keycloak 26.4. This page lists the verified fix and inline mit
CVE-2026-0873 is a vulnerability in Cryptobox. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0894 is a cross-site scripting in Content Blocks (Custom Post Widget). This page lists verified fix commands and short-term mitigat
CVE-2026-0895 is an unsafe deserialization in Extension "Mailqueue". Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0909: a vulnerability in WP ULike – Like & Dislike Buttons for En. Patched version and vendor advisory inside.
CVE-2026-0913: a vulnerability in User Submitted Posts – Enable Users to S. Patched version and vendor advisory inside.
CVE-2026-0914 is a vulnerability in WP DSGVO Tools (GDPR). Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0916 is a vulnerability in Related Posts by Taxonomy. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0927: a vulnerability in KiviCare – Clinic & Patient Management S. Patched version and vendor advisory inside.
CVE-2026-0932: Server-Side request forgery (SSRF) in M-Files Server. Patch commands and verification.
CVE-2026-0936: a vulnerability in Process Visualization Interface (PVI). Patched version and vendor advisory inside.
CVE-2026-0939: a vulnerability in Rede Itaú for WooCommerce, Payment PIX. Patched version and vendor advisory inside.
CVE-2026-0942: an authentication bypass in Rede Itaú for WooCommerce, Payment PIX. Patched version and vendor advisory inside.
CVE-2026-0949: a vulnerability in Postgres Enterprise Manager (PEM). Patched version and vendor advisory inside.
CVE-2026-0950: an information disclosure in Spectra Gutenberg Blocks – Website Build. Patched version and vendor advisory inside.
CVE-2026-0959 is an OS command injection in Wireshark. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0960 is a denial of service in Wireshark. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0961 is an OS command injection in Wireshark. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0962 is an OS command injection in Wireshark. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0964 is a path traversal in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0966 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-0971 - CWE-613 Insufficient session expiration in GoAnywhere MFT. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-0972 - CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GoAnywhere MFT.
CVE-2026-0977: IBM CICS Transaction Gateway for Multiplatforms Information Disclosure in CICS Transaction Gateway for Multiplatforms. Patch
CVE-2026-0990 is a vulnerability in Red Hat Hardened Images. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0996: a vulnerability in Fluent Forms – Customizable Contact Form. Patched version and vendor advisory inside.
CVE-2026-0997 is an access control bypass in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0998 is a vulnerability in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0999 is a vulnerability in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1000: a vulnerability in MailerLite – WooCommerce integration. Patched version and vendor advisory inside.
CVE-2026-1001 is a vulnerability in Domoticz. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1002 is a vulnerability in Eclipse Vert.x. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1003: a vulnerability in GetGenie – AI Content Writer with Keywor. Patched version and vendor advisory inside.
CVE-2026-1004: a vulnerability in Essential Addons for Elementor – Popular. Patched version and vendor advisory inside.
CVE-2026-1011 is a vulnerability in Altium Live. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1014 is a vulnerability in InfoSphere Information Server. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1015 is a vulnerability in InfoSphere Information Server. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1020: a path traversal in Police Statistics Database System. Patched version and vendor advisory inside.
CVE-2026-1032 is a vulnerability in Conditional Menus. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1036: a vulnerability in Photo Gallery by 10Web – Mobile-Friendly. Patched version and vendor advisory inside.
CVE-2026-1042 is a vulnerability in WP Hello Bar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1043 is a vulnerability in PostmarkApp Email Integrator. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1044 is a vulnerability in Tennis Court Bookings. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1045 is a vulnerability in Viet contact. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1047 is a vulnerability in salavat counter Plugin. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1048 is a vulnerability in LigeroSmart. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1049 is a vulnerability in LigeroSmart. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1050 is a SQL injection in Digital-Infrastructure. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1051: a vulnerability in Newsletter – Send awesome emails from Wo. Patched version and vendor advisory inside.
CVE-2026-1053: a vulnerability in Ivory Search – WordPress Search Plugin. Patched version and vendor advisory inside.
CVE-2026-1054: a vulnerability in RegistrationMagic – Custom Registration . Patched version and vendor advisory inside.
CVE-2026-1055 is a vulnerability in TalkJS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1059 is a SQL injection in wms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1060: an information disclosure in WP Adminify – White Label WordPress. Patched version and vendor advisory inside.
CVE-2026-1061 is an unrestricted file upload in TMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1062 is a vulnerability in TMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1063 is an OS command injection in Bastillion. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1064 is an OS command injection in Bastillion. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1066 is an OS command injection in kodbox. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1068 is a cwe-295: improper certificate validation in Lenovo FileZ. CVSS 6 Medium. Patch commands, mitigations, and verification.
CVE-2026-1070 is a vulnerability in Alex User Counter. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1071: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Carta Online. Patch commands a
CVE-2026-1072 is a vulnerability in Keybase.io Verification. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1073: CWE-352 Cross-Site Request Forgery (CSRF) in Purchase Button For Affiliate Link. Patch commands and verification.
CVE-2026-1075 is a vulnerability in ZT Captcha. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1076 is a vulnerability in Star Review Manager. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1079: CWE-284: Improper Access Control in Pega Browser Extension (PBE). Patch commands and verification.
CVE-2026-1080 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1081 is a vulnerability in Set Bulk Post Categories. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1082 is a vulnerability in TITLE ANIMATOR. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1083: a vulnerability in Appointment Hour Booking – Booking Calen. Patched version and vendor advisory inside.
CVE-2026-1084 is a vulnerability in Cookie consent for developers. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1085 is a cwe-352 cross-site request forgery (csrf) in Optimizza True Ranker. CVSS 4.3 Medium. Patch commands, mitigations, and ver
CVE-2026-1086: CWE-352 Cross-Site Request Forgery (CSRF) in Font Pairing Preview For Landing Pages. Patch commands and verification.
CVE-2026-1087: The Guardian News Feed <= 1.2 - Cross-Site Request Forgery to Settings Update in The Guardian News Feed. Patch commands and v
CVE-2026-1088 is a vulnerability in Login Page Editor. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1089 - CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in GoAnywhere MFT.
CVE-2026-1093: a vulnerability in WPFAQBlock– FAQ & Accordion Plugin For G. Patched version and vendor advisory inside.
CVE-2026-1094 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1095 is a vulnerability in Canto Testimonials. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1096 is a vulnerability in Best-wp-google-map. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1097: a vulnerability in ThemeRuby Multi Authors – Assign Multipl. Patched version and vendor advisory inside.
CVE-2026-1098 is a vulnerability in CM CSS Columns. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1099 is a vulnerability in Administrative Shortcodes. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1101 is a improper validation of specified quantity in input in gitlab in GitLab, fixed by the same patch as CVE-2026-1092.
CVE-2026-1102 is an OS command injection in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1103 is a vulnerability in AIKTP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1105 is a SQL injection in EasyCMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1106 is an access control bypass in LMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1107 is an unrestricted file upload in EyouCMS. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1108 is a vulnerability in librtsp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1109 is a vulnerability in librtsp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1110 is a vulnerability in librtsp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1111 is a path traversal in PublicCMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1112 is an access control bypass in PublicCMS. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1118 is a SQL injection in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1119 is a SQL injection in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1120 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1121 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1122 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1123 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1124 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1125 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1126 is an unrestricted file upload in flow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1127 is a vulnerability in Timeline Event History. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1128 is a CSRF in Unknown WP eCommerce. This page lists the verified fix and inline mitigations.
CVE-2026-1129 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1130 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1131 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1132 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1133 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1134 is a vulnerability in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1135 is a vulnerability in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1136 is a vulnerability in BootDo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1141 is an access control bypass in News Portal. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1142 is a vulnerability in News Portal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1144 is an use-after-free in quickjs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1145 is a path traversal in quickjs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1146: a vulnerability in Patients Waiting Area Queue Management S. Patched version and vendor advisory inside.
CVE-2026-1147: a vulnerability in Patients Waiting Area Queue Management S. Patched version and vendor advisory inside.
CVE-2026-1148: a vulnerability in Patients Waiting Area Queue Management S. Patched version and vendor advisory inside.
CVE-2026-1149 is an OS command injection in LR350. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1150 is an OS command injection in LR350. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1151 is a vulnerability in mpay. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1152 is an unrestricted file upload in mpay. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1153 is a vulnerability in mpay. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1154 is a vulnerability in E-Learning System. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1159: a SQL injection in Online Frozen Foods Ordering System. Patched version and vendor advisory inside.
CVE-2026-1160 is a SQL injection in Directory Management System. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1161 is a vulnerability in hrms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1163 is a insufficient session expiration in parisneo/lollms in parisneo/lollms. CVSS 4.1 Medium. Patch commands, mitigations, and
CVE-2026-1164 is a vulnerability in Easy Voice Mail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1165 is a vulnerability in Popup Box – Create Countdown. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1166: a vulnerability in Hitachi Ops Center Administrator. Patched version and vendor advisory inside.
CVE-2026-1169 is a vulnerability in prime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1170 is an information disclosure in prime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1171 is a vulnerability in prime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1172 is a vulnerability in prime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1173 is a vulnerability in prime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1174 is a vulnerability in prime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1175 is a vulnerability in prime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1176 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1177 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1178 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1179 is a SQL injection in KSOA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1180 is a vulnerability in Red Hat build of Keycloak 26.4. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-1182: Improper Removal of Sensitive Information Before Storage or Transfer in GitLab in GitLab. Patch commands and verification.
CVE-2026-1183 is a vulnerability in TransP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1184 is an unsafe deserialization in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1185 is an arbitrary file read in AXIS OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1187 is a vulnerability in ZoomifyWP Free. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1188 is a vulnerability in Eclipse OMR. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1189 is a vulnerability in LeadBI Plugin for WordPress. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1191 is a vulnerability in JavaScript Notifier. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1192: an OS command injection in Online Store Management System ネット店舗管理シス. Patched version and vendor advisory inside.
CVE-2026-1193 is an access control bypass in MineAdmin. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1194 is an information disclosure in MineAdmin. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1200 is a vulnerability in rgaufman/live555. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1202 is an authentication bypass in CRMEB. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1203 is an authentication bypass in CRMEB. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1206: a vulnerability in Elementor Website Builder – more than ju. Patched version and vendor advisory inside.
CVE-2026-1208 is a vulnerability in Friendly Functions for Welcart. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-1210 is a vulnerability in Happy Addons for Elementor. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-1213 is a vulnerability in askbot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1215 is a vulnerability in MMA Call Tracking. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1217 is a cwe-862 missing authorization in Yoast Duplicate Post. CVSS 5.4 Medium. Patch commands, mitigations, and verification.
CVE-2026-1218 is a XML external entity (XXE) in Zhiyou ERP. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1219 is a vulnerability in MP3 Audio Player – Music Player. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-1223 is a path traversal in PrismX MX100 AP controller. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1224 is an OS command injection in Discover. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1228: a vulnerability in Timeline Block – Beautiful Timeline Buil. Patched version and vendor advisory inside.
CVE-2026-1230 is a use of incorrectly-resolved name or reference in gitlab in GitLab. CVSS 4.1 Medium. Patch commands, mitigations, and veri
CVE-2026-1231: a vulnerability in Beaver Builder Page Builder – Drag and D. Patched version and vendor advisory inside.
CVE-2026-1232: an authentication bypass in Privilege management for Windows. Patched version and vendor advisory inside.
CVE-2026-1236 is a cross-site scripting in smub Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More. This page li
CVE-2026-1243: IBM Content Navigator is affected by, a Cross-Site Scripting (XSS) in Content Navigator. Patch commands and verification.
CVE-2026-1244: a vulnerability in Forms Bridge – Infinite integrations. Patched version and vendor advisory inside.
CVE-2026-1246: a path traversal in ShortPixel Image Optimizer – Optimize Im. Patched version and vendor advisory inside.
CVE-2026-1247 is a vulnerability in Survey. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1249 is a vulnerability in MP3 Audio Player – Music Player. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-1251: a vulnerability in SupportCandy – Helpdesk & Customer Suppo. Patched version and vendor advisory inside.
CVE-2026-1252 is a vulnerability in Events Listing Widget. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1253: a vulnerability in Group Chat & Video Chat by AtomChat. Patched version and vendor advisory inside.
CVE-2026-1254: a vulnerability in Modula Image Gallery – Photo Grid & Vide. Patched version and vendor advisory inside.
CVE-2026-1258 is a SQL injection in Mail Mint – Email Marketing. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1262 is a vulnerability in InfoSphere Information Server. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1263 is a cross-site scripting in Webling. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-1265 is a log exposure of sensitive info in IBM InfoSphere Information Server. This page lists the verified fix and inline mitigati
CVE-2026-1266 is a vulnerability in Postalicious. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1267: IBM Planning Analytics Information Disclosure in Planning Analytics Local. Patch commands and verification.
CVE-2026-1268 is a vulnerability in Dynamic Widget Content. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1271 is a vulnerability in ProfileGrid – User Profiles. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1274 - CWE-840 Business Logic Errors in Guardium Data Protection. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-1275 is a vulnerability in Multi Post Carousel by Category. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-1276 is a ibm qradar siem cross-site scripting in IBM QRadar SIEM. CVSS 5.4 Medium. Patch commands, mitigations, and verification.
CVE-2026-1277: a vulnerability in URL Shortify – Simple and Easy URL Short. Patched version and vendor advisory inside.
CVE-2026-1278 is a vulnerability in Mandatory Field. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1279: a vulnerability in Employee Directory – Staff Directory and. Patched version and vendor advisory inside.
CVE-2026-1290 is an authentication bypass in Jamf Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1292 is a vulnerability in Trends. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1293: a vulnerability in Yoast SEO – Advanced SEO with real-time . Patched version and vendor advisory inside.
CVE-2026-1295: a vulnerability in Buy Now Plus, Payments with Stripe. Patched version and vendor advisory inside.
CVE-2026-1296: a vulnerability in Frontend Post Submission Manager Lite – . Patched version and vendor advisory inside.
CVE-2026-1298 is a vulnerability in Easy Replace Image. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1299 is a vulnerability in CPython. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1300 is a vulnerability in Responsive Header Plugin. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1301 is an OS command injection in Open62541. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1302 is a vulnerability in Meta-box GalleryMeta. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1303 is a vulnerability in MailChimp Campaigns. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1304: a vulnerability in Membership Plugin – Restrict Content. Patched version and vendor advisory inside.
CVE-2026-1305 is a authentication bypass in shoheitanaka Japanized for WooCommerce. This page lists the verified fix and inline mitigations.
CVE-2026-1307: an information disclosure in Ninja Forms – The Contact Form Builder T. Patched version and vendor advisory inside.
CVE-2026-1310 is a vulnerability in Simple calendar for Elementor. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1314 is a missing authorization in 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery. This page lists verifie
CVE-2026-1317: a SQL injection in WP Ultimate CSV Importer – Import CSV. Patched version and vendor advisory inside.
CVE-2026-1319: a vulnerability in Robin Image Optimizer – Unlimited Image . Patched version and vendor advisory inside.
CVE-2026-1322 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1323: Insecure Deserialization in extension "Mailqueue" (mailqueue) in Extension "Mailqueue". Patch commands and verification.
CVE-2026-1325: a vulnerability in Operation and Maintenance Security Manag. Patched version and vendor advisory inside.
CVE-2026-1326 is an OS command injection in NR1800X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1327 is an OS command injection in NR1800X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1332 is an authentication bypass in MeetingHub. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1336 is a missing authorization in ays-pro AI ChatBot with ChatGPT and Content Generator by AYS. This page lists the verified fix a
CVE-2026-1338: an insecure direct object reference (IDOR) in GitLab. Patched version and vendor advisory inside.
CVE-2026-1344: an arbitrary file read in Enforce Recovery Key Portal. Patched version and vendor advisory inside.
CVE-2026-1352 - CWE-1284 Improper Validation of Specified Quantity in Input in Db2. Runnable patch commands, mitigation, and verification on
CVE-2026-1354 - CWE-322 in Zero Motorcycles firmware. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1355 is a vulnerability in Enterprise Server. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1356: a vulnerability in Converter for Media – Optimize images | . Patched version and vendor advisory inside.
CVE-2026-1369 is a open redirect in Unknown Conditional CAPTCHA. This page lists the verified fix and inline mitigations.
CVE-2026-1370: a SQL injection in SIBS woocommerce payment gateway. Patched version and vendor advisory inside.
CVE-2026-1371: an information disclosure in Tutor LMS – eLearning and online course . Patched version and vendor advisory inside.
CVE-2026-1373 is a vulnerability in Easy Author Image. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1377 is a vulnerability in imwptip. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1378 is a vulnerability in WP Posts Re-order. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1379 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in HTTP Headers. Runnable patch
CVE-2026-1380 is a vulnerability in Bitcoin Donate Button. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1381: a vulnerability in Order Minimum/Maximum Amount Limits for . Patched version and vendor advisory inside.
CVE-2026-1386 is a vulnerability in Firecracker. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1387 is an OS command injection in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1389 is a vulnerability in Document Embedder – Embed PDFs. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-1390 is a vulnerability in Redirect countdown. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1391 is a vulnerability in Vzaar Media Management. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1392 is a vulnerability in SR WP Minify HTML. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1393: a vulnerability in Add Google Social Profiles to Knowledge . Patched version and vendor advisory inside.
CVE-2026-1394 is a vulnerability in WP Quick Contact Us. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1395 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Gutentools. Runnable patch co
CVE-2026-1396: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Magic Conversation For Gravity Forms.
CVE-2026-1397: a vulnerability in PQ Addons – Creative Elementor Widgets. Patched version and vendor advisory inside.
CVE-2026-1398 is a vulnerability in Change WP URL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1399 is a vulnerability in WP Google Ad Manager Plugin. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1401 is a vulnerability in Tune Library. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1404 is a vulnerability in Ultimate Member – User Profile. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-1406 is a vulnerability in BootDo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1410 is an authentication bypass in 777VR1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1411 is an access control bypass in 777VR1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1412: an OS command injection in Operation and Maintenance Security Manag. Patched version and vendor advisory inside.
CVE-2026-1413: an OS command injection in Operation and Maintenance Security Manag. Patched version and vendor advisory inside.
CVE-2026-1414: an OS command injection in Operation and Maintenance Security Manag. Patched version and vendor advisory inside.
CVE-2026-1415 is a vulnerability in GPAC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1416 is a vulnerability in GPAC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1417 is a vulnerability in GPAC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1418 is an OS command injection in GPAC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1419 is an OS command injection in DCS700l. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1421 is a vulnerability in Online Examination System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1422 is a SQL injection in Online Examination System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1423: an unrestricted file upload in Online Examination System. Patched version and vendor advisory inside.
CVE-2026-1424 is an unrestricted file upload in News Portal. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1425 is a stack-based buffer overflow in SmartDNS. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1429 is a vulnerability in Single Sign-On Portal System. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1431 is a vulnerability in Booking Calendar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1434 is a cross-site scripting in Politechnika Warszawska Omega-PSIR. This page lists the verified fix and inline mitigations.
CVE-2026-1437 is a vulnerability in Graylog Web Interface. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1438 is a vulnerability in Graylog Web Interface. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1439 is a vulnerability in Graylog Web Interface. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1440 is a vulnerability in Graylog Web Interface. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1441 is a vulnerability in Graylog Web Interface. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1443 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1444 is a vulnerability in Books_Manager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1445 is an unrestricted file upload in Books_Manager. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1446 is a vulnerability in ArcGIS Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1447 is a vulnerability in Mail Mint – Email Marketing. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1449 is a SQL injection in Smart Bus Management System. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1455: a vulnerability in Whatsiplus Scheduled Notification for Wo. Patched version and vendor advisory inside.
CVE-2026-1456 is an OS command injection in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1458 is an OS command injection in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1461 is a path traversal in Simple Membership. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1464 is a vulnerability in AppManager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1466 is a vulnerability in Jirafeau. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1467 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1468 is a CSRF in OpenSolution QuickCMS. This page lists the verified fix and inline mitigations.
CVE-2026-1469 is a vulnerability in PlanManager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1484: an OS command injection in Red Hat Enterprise Linux 10. Patched version and vendor advisory inside.
CVE-2026-1487 is a SQL injection in latepoint LatePoint – Calendar Booking Plugin for Appointments and Events. This page lists the verified
CVE-2026-1489: an OS command injection in Red Hat Enterprise Linux 10. Patched version and vendor advisory inside.
CVE-2026-1491: bundle sibling of CVE-2026-1342. Same patched build closes both.
CVE-2026-1493 - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in LEX Baza Dokumentów. R
CVE-2026-1495 is a vulnerability in PI to CONNECT Agent. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1502 is a neutralization of crlf sequences in CPython. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-1503 is a vulnerability in Plugin Name: login_register. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1508: Court Reservation < 1.10.9 - Event Deletion via CSRF in Court Reservation. Patch commands and verification.
CVE-2026-1509 is a code injection in Avada (Fusion) Builder. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-1512: a vulnerability in Essential Addons for Elementor – Popular. Patched version and vendor advisory inside.
CVE-2026-1516 is a improper control of generation of code ('code injection') in gitlab in GitLab, fixed by the same patch as CVE-2026-1092.
CVE-2026-1517 is a SQL injection in iomad. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1520 is a vulnerability in rethinkdb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1521 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1522 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1525: CWE-444 Inconsistent interpretation of HTTP requests ('HTTP Request/Response smuggling') in undici. Patch commands and verifi
CVE-2026-1527 is a undici is vulnerable to crlf injection via upgrade option in undici. CVSS 4.6 Medium. Patch commands, mitigations, and ve
CVE-2026-1532 is a path traversal in DCS-700L. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1533 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1534 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1535 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1536 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1537: a vulnerability in LatePoint – Calendar Booking Plugin for . Patched version and vendor advisory inside.
CVE-2026-1539 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1541 is an authorization bypass through user-controlled key in Avada (Fusion) Builder. This page lists verified fix commands and sh
CVE-2026-1542 is a unsafe deserialization in Unknown Super Stage WP. This page lists the verified fix and inline mitigations.
CVE-2026-1543: a cross-site scripting (XSS) in Avada (Fusion) Builder. Patched version and vendor advisory inside.
CVE-2026-1544 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1545 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1546 is a SQL injection in jshERP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1547 is an OS command injection in A7000R. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1548 is an OS command injection in A7000R. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1549 is a path traversal in jshERP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1550: an access control bypass in Hospital Management System. Patched version and vendor advisory inside.
CVE-2026-1551 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1552 is a SQL injection in SEMCMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1556: an information disclosure in Drupal File (Field) Paths. Patched version and vendor advisory inside.
CVE-2026-1558 is a cwe-639 authorization bypass through user-controlled key in brechtvds WP Recipe Maker. This page lists the verified fix a
CVE-2026-1559 is a cross-site scripting in Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress. T
CVE-2026-1561: a vulnerability in WebSphere Application Server Liberty. Patched version and vendor advisory inside.
CVE-2026-1564 is a cwe-80: improper neutralization of script related in Pega Infinity. This page lists verified fix commands and short-term
CVE-2026-1569: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Wueen. Patch commands and veri
CVE-2026-1570: a vulnerability in Simple Bible Verse via Shortcode. Patched version and vendor advisory inside.
CVE-2026-1571 is a vulnerability in Archer C60 v3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1572 is a cross-site scripting in Livemesh Addons by Elementor. This page lists verified fix commands and short-term mitigations yo
CVE-2026-1573 is a vulnerability in OMIGO. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1574: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in MyQtip – easy qTip2. Patch com
CVE-2026-1575 is a vulnerability in Schema Shortcode. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1577 - IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries in Db2. Runnable
CVE-2026-1578 is a vulnerability in HP App. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1586 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1587 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1588 is a path traversal in jshERP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1589 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1590 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1591 is a vulnerability in pdfonline.foxit.com. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1592 is a vulnerability in pdfonline.foxit.com. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1593 is a SQL injection in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1594 is a SQL injection in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1595 is a SQL injection in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1596 is an OS command injection in DWR-M961. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1597 is an access control bypass in SalesERP. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1598: a vulnerability in Bhojon All-In-One Restaurant Management . Patched version and vendor advisory inside.
CVE-2026-1599: a vulnerability in Bhojon All-In-One Restaurant Management . Patched version and vendor advisory inside.
CVE-2026-1600: a vulnerability in Bhojon All-In-One Restaurant Management . Patched version and vendor advisory inside.
CVE-2026-1601 is an OS command injection in A7000R. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1602 is a SQL injection in Endpoint Manager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1607 is a cross-site scripting in Surbma | Booking.com Shortcode. This page lists verified fix commands and short-term mitigations
CVE-2026-1608 is a vulnerability in Video Onclick. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1611 is a vulnerability in Wikiloops Track Player. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1612: a hard-coded credentials in Robolinho Update Software. Patched version and vendor advisory inside.
CVE-2026-1613 is a vulnerability in Wonka Slide. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1614 is a cross-site scripting in eaglethemes Rise Blocks – A Complete Gutenberg Page Builder. This page lists the verified fix and
CVE-2026-1622 is a vulnerability in Enterprise Edition. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1623 is an OS command injection in A7000R. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1624 is an OS command injection in DWR-M961. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1625 is an OS command injection in DWR-M961. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1626 is a broken cryptography in SICK AG SICK LMS1000. This page lists the verified fix and inline mitigations.
CVE-2026-1627 is a broken cryptography in SICK AG SICK LMS1000. This page lists the verified fix and inline mitigations.
CVE-2026-1628 is a inclusion of functionality from untrusted control sphere in Mattermost Mattermost. This page lists the verified fix and i
CVE-2026-1629: Permalink Preview Information Disclosure After Permission Revocation in Mattermost. Patch commands and verification.
CVE-2026-1630 is a cross-site scripting (XSS) in WEBCON BPS. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1634 is a vulnerability in Subitem AL Slider. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1636 is an uncontrolled search path element in Service Bridge. This page lists verified fix commands and short-term mitigations you
CVE-2026-1638 is an OS command injection in AC21. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1639: a SQL injection in Taskbuilder – Project Management & Task . Patched version and vendor advisory inside.
CVE-2026-1640: a vulnerability in Taskbuilder – Project Management & Task . Patched version and vendor advisory inside.
CVE-2026-1642 is a vulnerability in NGINX Open Source. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1643 is a vulnerability in MP-Ukagaka. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1644 is a CSRF in glowlogix WP Frontend Profile. This page lists the verified fix and inline mitigations.
CVE-2026-1646 is a vulnerability in Advance Block Extend. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1647 is a vulnerability in Comment Genius. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1649 is a vulnerability in Community Events. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1650 is a cwe-862 missing authorization in MDJM Event Management. CVSS 5.3 Medium. Patch commands, mitigations, and verification.
CVE-2026-1651 is a SQL injection in icegram Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for Wo
CVE-2026-1652 is a cwe-122: heap-based buffer overflow in Lenovo Smart Connect. CVSS 6.9 Medium. Patch commands, mitigations, and verificati
CVE-2026-1653 is a cwe-369: divide by zero in Lenovo Smart Connect. CVSS 6.8 Medium. Patch commands, mitigations, and verification.
CVE-2026-1654 is a vulnerability in Peter’s Date Countdown. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1655 is a vulnerability in EventPrime – Events Calendar. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1656: a vulnerability in Business Directory Plugin – Easy Listing. Patched version and vendor advisory inside.
CVE-2026-1657 is a vulnerability in EventPrime – Events Calendar. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1658 is a vulnerability in Directory Services. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1660 - CWE-770: Allocation of Resources Without Limits or Throttling in GitLab. Runnable patch commands, mitigation, and verificati
CVE-2026-1663 is a missing authorization in gitlab in GitLab. CVSS 4.3 Medium. Patch commands, mitigations, and verification.
CVE-2026-1664 is a vulnerability in the product. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1665 is an OS command injection in nvm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1666 is a vulnerability in Download Manager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1671 is a vulnerability in Activity Log for WordPress. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-1672: Cross-Site Request Forgery (CSRF) in BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net. Pa
CVE-2026-1673: Cross-Site Request Forgery (CSRF) in BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net. Pa
CVE-2026-1674 is a missing authorization in saadiqbal Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form
CVE-2026-1675: an insecure default configuration in Advanced Country Blocker. Patched version and vendor advisory inside.
CVE-2026-1677 selection of less-secure algorithm during negotiation ('algorithm downgrade') in Zephyr. Runnable upgrade commands and verific
CVE-2026-1681 is a vulnerability in Zephyr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1682 is a vulnerability in SMF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1683 is a vulnerability in SMF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1684 is a vulnerability in SMF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1685 is a vulnerability in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1687 is an OS command injection in HG10. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1688 is a SQL injection in Directory Management System. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1689 is an OS command injection in HG10. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1690 is an OS command injection in HG10. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1691 is an unsafe deserialization in bolo-solo. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1692 is a cwe-1385 missing origin validation in websockets in arcinfo PcVue. This page lists the verified fix and inline mitigation
CVE-2026-1693 is a cwe-1390 weak authentication in arcinfo PcVue. This page lists the verified fix and inline mitigations.
CVE-2026-1695 is a cross-site scripting in arcinfo PcVue. This page lists the verified fix and inline mitigations.
CVE-2026-1697 is a cwe-614 sensitive cookie in https session without 'secure' attribute in arcinfo PcVue. This page lists the verified fix a
CVE-2026-1698 is a cwe-644 improper neutralization of http headers for scripting syntax in arcinfo PcVue. This page lists the verified fix a
CVE-2026-1700: a vulnerability in House Rental and Property Listing. Patched version and vendor advisory inside.
CVE-2026-1701 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1702: an access control bypass in Pet Grooming Management Software. Patched version and vendor advisory inside.
CVE-2026-1704: CWE-639 Authorization Bypass Through User-Controlled Key in Appointment Booking Calendar, Simply Schedule Appointments Bookin
CVE-2026-1705 is a vulnerability in DSL-6641K. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1706 is a cross-site scripting in plugins360 All-in-One Video Gallery. This page lists the verified fix and inline mitigations.
CVE-2026-1710 is a improper authorization in WooPayments: Integrated WooCommerce Payments. CVSS 6.5 Medium. Patch commands, mitigations, and
CVE-2026-1711 is a cross-site scripting in Pega Infinity. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-1712 is a vulnerability in Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1713 is a cwe-305 authentication bypass by primary weakness in IBM MQ. This page lists the verified fix and inline mitigations.
CVE-2026-1715: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Vantage. Patch commands and ver
CVE-2026-1716: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Vantage. Patch commands and ver
CVE-2026-1717: CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Vantage. Patch commands and ver
CVE-2026-1721 is a vulnerability in the product. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1722: a vulnerability in WCFM Marketplace – Multivendor Marketpla. Patched version and vendor advisory inside.
CVE-2026-1724 is an authentication bypass in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1725 is a resource exhaustion in GitLab GitLab. This page lists the verified fix and inline mitigations.
CVE-2026-1726 - CWE-269 Improper Privilege Management in Guardium Key Lifecycle Manager. Runnable patch commands, mitigation, and verificati
CVE-2026-1732: Improper Removal of Sensitive Information Before Storage or Transfer in GitLab in GitLab. Patch commands and verification.
CVE-2026-1733 is an access control bypass in CRMEB. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1734 is a vulnerability in CRMEB. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1736 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1737 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1738 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1739 is a vulnerability in pcf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1740 is an authentication bypass in ipTIME A8004T. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1742 is an unrestricted file upload in ipTIME A8004T. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1744 is a vulnerability in DSL-6641K. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1745: a vulnerability in Medical Certificate Generator App. Patched version and vendor advisory inside.
CVE-2026-1746 is a SQL injection in JeecgBoot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1747 is a authentication bypass using an alternate path or channel in GitLab GitLab. This page lists the verified fix and inline mi
CVE-2026-1748: a vulnerability in Invoct – PDF Invoices & Billing for WooC. Patched version and vendor advisory inside.
CVE-2026-1749 is a improper access control in HikCentral Professional. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-1752 is a incorrect authorization in gitlab in GitLab, fixed by the same patch as CVE-2026-1092.
CVE-2026-1753: Gutena Forms < 1.6.1 - Contributor+ Arbitrary Limited Options Update in Gutena Forms. Patch commands and verification.
CVE-2026-1754 is a vulnerability in personal-authors-category. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1755 is a vulnerability in Menu Icons by ThemeIsle. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1757 is a vulnerability in Red Hat Hardened Images. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1760 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1763 is a vulnerability in Enervista. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1768 is a incorrect authorization in Devolutions Devolutions Server. This page lists the verified fix and inline mitigations.
CVE-2026-1769 is a vulnerability in CentreWare. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1770 is a code injection in CrafterCMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1772 is a cwe-280 improper handling of insufficient permissions or privileges in Hitachi Energy RTU500 series CMU firmware. This pa
CVE-2026-1776: Camaleon CMS AWS Uploader Authenticated Path Traversal Arbitrary File Read in Camaleon CMS. Patch commands and verification.
CVE-2026-1778 is a code injection in SageMaker Python SDK. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1780: [CR]Paid Link Manager <= 0.5 - Reflected Cross-Site Scripting in [CR]Paid Link Manager. Patch commands and verification.
CVE-2026-1781: CWE-862 Missing Authorization in MC4WP: Mailchimp for WordPress. Patch commands and verification.
CVE-2026-1782 is an improper input validation in MetForm Pro. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-1785 is a vulnerability in Code Snippets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1786 is a vulnerability in Twitter posts to Blog. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1787 is a missing authorization in thimpress LearnPress – Backup & Migration Tool. This page lists the verified fix and inline miti
CVE-2026-1788 is an OS command injection in Xquic Server. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1789 - CWE-807: Reliance on Untrusted Inputs in a Security Decision in imagePRESS Series. Runnable patch commands, mitigation, and
CVE-2026-1792 is a vulnerability in Geo Widget. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1793 is a path traversal in Element Pack – Widgets. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1795 is a vulnerability in Address Bar Ads. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1796 is a vulnerability in StyleBidet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1797: Missing Authorization in TrueBooker – Appointment Booking and Scheduler System. Patch commands and verification.
CVE-2026-1801 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1802 is an OS command injection in ZHOME A0101. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1804 is a vulnerability in WDES Responsive Popup. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1805: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in DA Media GigList. Patch comman
CVE-2026-1806: a vulnerability in Tour & Activity Operator Plugin for Tour. Patched version and vendor advisory inside.
CVE-2026-1807: a vulnerability in InteractiveCalculator for WordPress. Patched version and vendor advisory inside.
CVE-2026-1808: a vulnerability in Orange Comfort+ accessibility toolbar fo. Patched version and vendor advisory inside.
CVE-2026-1809 is a vulnerability in HTML Shortcodes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1810 is a path traversal in bolo-solo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1811 is a path traversal in bolo-solo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1812 is a path traversal in bolo-solo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1813 is an unrestricted file upload in bolo-solo. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1814 is a vulnerability in InsightVM/Nexpose. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1815 is a vulnerability in Mobile Application. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1816 is a vulnerability in Mobile Application. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1820: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Media Library Alt Text Editor.
CVE-2026-1821 is a vulnerability in Microtango. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1822 is a vulnerability in WP NG Weather. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1823: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Consensus Embed. Patch command
CVE-2026-1824: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Infomaniak Connect for OpenID.
CVE-2026-1825: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Show YouTube video. Patch comm
CVE-2026-1826: a vulnerability in OpenPOS Lite – Point of Sale for WooComm. Patched version and vendor advisory inside.
CVE-2026-1827 is a vulnerability in IDE Micro code-editor. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1833: a vulnerability in WaMate Confirm – Order Confirmation. Patched version and vendor advisory inside.
CVE-2026-1834: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Ibtana – WordPress Website Builder. Patch co
CVE-2026-1835 is a vulnerability in BootDo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1838 is a cross-site scripting in Hostel. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-1839 is a deserialization of untrusted data in huggingface/transformers. CVSS 6.5 Medium. Patch commands, mitigations, and verifica
CVE-2026-1842 is a cwe-613 insufficient session expiration in SoftIron HyperCloud. This page lists the verified fix and inline mitigations.
CVE-2026-1845 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Real Estate Pro. Runnable pat
CVE-2026-1851 is a vulnerability in iVysilani Shortcode. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1852 is a cross-site request forgery in Product Pricing Table by WooBeWoo. This page lists verified fix commands and short-term mit
CVE-2026-1853 is a vulnerability in BuddyHolis ListSearch. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1854 is a vulnerability in Post Flagger. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1857: a vulnerability in Kadence Blocks, Page Builder Toolkit fo. Patched version and vendor advisory inside.
CVE-2026-1858 - CWE-20 Improper input validation in wget2. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1860: a vulnerability in Kali Forms, Contact Form & Drag-and-Dro. Patched version and vendor advisory inside.
CVE-2026-1865: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in User Registration & Membership – Free
CVE-2026-1867: WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure in Guest posting / Frontend Posting / Front Edi
CVE-2026-1870: CWE-862 Missing Authorization in Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor. Patch commands and ver
CVE-2026-1877: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Auto Post Scheduler. Patch commands a
CVE-2026-1878: CWE-494 Download of Code Without Integrity Check in Driver( Keyboard & Mouse ). Patch commands and verification.
CVE-2026-1879 is a unrestricted upload in Harvard University IQSS Dataverse. CVSS 5.3 Medium. Patch commands, mitigations, and verification.
CVE-2026-1880 is a time-of-check time-of-use (toctou) race condition in DriverHub. This page lists verified fix commands and short-term miti
CVE-2026-1881: an insecure direct object reference (IDOR) in Broadstreet. Patched version and vendor advisory inside.
CVE-2026-1883: CWE-639 Authorization Bypass Through User-Controlled Key in Wicked Folders – Folder Organizer for Pages, Posts, and Custom Po
CVE-2026-1884 is a vulnerability in ZenTao. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1885 is a vulnerability in Slideshow Wp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1886: a vulnerability in Go Night Pro | WordPress Dark Mode Plugi. Patched version and vendor advisory inside.
CVE-2026-1888 is a vulnerability in Docus – YouTube Video Playlist. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-1889 is a vulnerability in Outgrow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1891 is a vulnerability in Simple Football Scoreboard. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-1893 is a vulnerability in Orbisius Random Name Generator. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-1894 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1895 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1896 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1897 is a vulnerability in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1898 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1899 is a vulnerability in Any Post Slider. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1900: Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update in Link Whisper Free. Patch commands and verificati
CVE-2026-1901 is a vulnerability in QuestionPro Surveys. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1902: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Hammas Calendar. Patch command
CVE-2026-1903 is a vulnerability in Ravelry Designs Widget. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1904 is a vulnerability in Simple Wp colorfull Accordion. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1905 is a vulnerability in Sphere Manager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1906: a vulnerability in PDF Invoices & Packing Slips for WooComm. Patched version and vendor advisory inside.
CVE-2026-1908 is a vulnerability in Integration with Hubspot Forms. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-1909 is a vulnerability in WaveSurfer-WP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1910: a vulnerability in UpMenu – Online ordering for restaurants. Patched version and vendor advisory inside.
CVE-2026-1911 is a vulnerability in Twitter Feeds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1912 is a vulnerability in Citations tools. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1913 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Gallagher Website Design. Run
CVE-2026-1914 is a vulnerability in FuseDesk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1915 is a vulnerability in Simple Plyr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1919: Booktics <= 1.0.16 - Missing Authorization to Get Items via REST API endpoints in Booktics – Booking Calendar for Appointment
CVE-2026-1920: Booktics <= 1.0.16 - Missing Authorization to Addon Plugin Installation in Booktics – Booking Calendar for Appointments and S
CVE-2026-1921 improper limitation of a pathname to a restricted directory ('path traversal') in Loco Translate. Runnable upgrade commands an
CVE-2026-1922: a vulnerability in The Events Calendar Shortcode & Block. Patched version and vendor advisory inside.
CVE-2026-1923 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Social Rocket – Social Sharin
CVE-2026-1924 is a cross-site request forgery in Aruba HiSpeed Cache. This page lists verified fix commands and short-term mitigations you c
CVE-2026-1925: a vulnerability in EmailKit – Email Customizer for WooComme. Patched version and vendor advisory inside.
CVE-2026-1926 is a cwe-862 missing authorization in Wpswings Subscriptions for WooCommerce. CVSS 5.3 Medium. Patch commands, mitigations, an
CVE-2026-1927: a vulnerability in Greenshift – animation and page builder . Patched version and vendor advisory inside.
CVE-2026-1930 - CWE-862 Missing Authorization in Emailchef. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1932: a vulnerability in Appointment Booking Calendar Plugin – Bo. Patched version and vendor advisory inside.
CVE-2026-1934: a missing authorization in Motors – Car Dealership & Classified Lis. Patched version and vendor advisory inside.
CVE-2026-1935 is a vulnerability in Company Posts for LinkedIn. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-1938: a vulnerability in YayMail – WooCommerce Email Customizer. Patched version and vendor advisory inside.
CVE-2026-1939 is a vulnerability in Percent to Infograph. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1940 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1941: a vulnerability in WP Event Aggregator: Import Eventbrite e. Patched version and vendor advisory inside.
CVE-2026-1942: a vulnerability in Blog2Social: Social Media Auto Post & Sc. Patched version and vendor advisory inside.
CVE-2026-1943: a vulnerability in YayMail – WooCommerce Email Customizer. Patched version and vendor advisory inside.
CVE-2026-1944 is a vulnerability in CallbackKiller service widget. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1948: CWE-862 Missing Authorization in NEX-Forms – Ultimate Forms Plugin for WordPress. Patch commands and verification.
CVE-2026-1959 is a vulnerability in Loggro Pymes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1960 is a vulnerability in Loggro Pymes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1962 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1963 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1964 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1965 is a bad reuse of http negotiate connection in curl. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2026-1970 is a vulnerability in BR-6258n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1971 is a vulnerability in BR-6288ACL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1972 is a vulnerability in BR-6208AC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1973 is a vulnerability in Free5GC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1974 is a vulnerability in Free5GC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1975 is a vulnerability in Free5GC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1976 is a vulnerability in Free5GC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1977 is a code injection in mcp-vegalite-server. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1978 is a path traversal in NanoCMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1979 is an use-after-free in mruby. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1980 is a information exposure in iqonicdesign WPBookit. This page lists the verified fix and inline mitigations.
CVE-2026-1981 is a missing authorization in winstonai HUMN-1 AI Website Scanner & Human Certification by Winston AI. This page lists the ver
CVE-2026-1983 is a vulnerability in SEATT: Simple Event Attendance. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-1985 is a vulnerability in Press3D. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1986: a vulnerability in FloristPress for Woo – Customize your eC. Patched version and vendor advisory inside.
CVE-2026-1987 is a vulnerability in Scheduler Widget. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1990 is a vulnerability in oatpp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1991 is a vulnerability in libuvc. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1996: a denial of service in HP OfficeJet Pro 8710 All-in-One Printer. Patched version and vendor advisory inside.
CVE-2026-1997: a vulnerability in HP OfficeJet Pro 8730 All-in-One Printer. Patched version and vendor advisory inside.
CVE-2026-1998 is a memory corruption in micropython. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2000 is an OS command injection in DCME-320. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20001 is a SQL injection in Cisco Cisco Secure Firewall Management Center (FMC). This page lists the verified fix and inline mitiga
CVE-2026-20003 is a SQL injection in Cisco Cisco Secure Firewall Management Center (FMC). This page lists the verified fix and inline mitiga
CVE-2026-20005 is a missing report of error condition in Cisco Cisco Secure Firewall Threat Defense (FTD) Software. This page lists the veri
CVE-2026-20006 is a error handling in Cisco Cisco Secure Firewall Threat Defense (FTD) Software. This page lists the verified fix and inline
CVE-2026-20007 is a improper access control in Cisco Cisco Secure Firewall Threat Defense (FTD) Software. This page lists the verified fix a
CVE-2026-20008 is a OS command injection in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page lists the veri
CVE-2026-20009 is a improper neutralization of special elements in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. T
CVE-2026-20013 is a missing release of memory after effective lifetime in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft
CVE-2026-20015 is a missing release of memory after effective lifetime in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft
CVE-2026-20016 is a improper neutralization of argument delimiters in a command ('argument injection') in Cisco Cisco Secure Firewall Threat
CVE-2026-20017 is a execution with unnecessary privileges in Cisco Cisco Secure Firewall Threat Defense (FTD) Software. This page lists the
CVE-2026-20018 is a path traversal: 'dir/../../filename' in Cisco Cisco Secure Firewall Management Center (FMC). This page lists the verifie
CVE-2026-2002 is a vulnerability in Forminator Forms – Contact Form. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-20020 is a improper input validation in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page lists the
CVE-2026-20021 is a missing release of memory after effective lifetime in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft
CVE-2026-20022 is a use of out-of-range pointer offset in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page
CVE-2026-20023 is a out-of-bounds write in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page lists the verif
CVE-2026-20024 is a buffer overflow in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page lists the verified
CVE-2026-20025 is a integer overflow in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page lists the verified
CVE-2026-20026: a vulnerability in Cisco Secure Firewall Threat Defense (FT. Patched version and vendor advisory inside.
CVE-2026-20027: an information disclosure in Cisco Secure Firewall Threat Defense (FT. Patched version and vendor advisory inside.
CVE-2026-20029: a XML external entity (XXE) in Cisco Identity Services Engine Software. Patched version and vendor advisory inside.
CVE-2026-2003 is an authentication bypass in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-20031 is a uncaught exception in Cisco Cisco Secure Endpoint. This page lists the verified fix and inline mitigations.
CVE-2026-20036 is a OS command injection in Cisco Cisco Unified Computing System (Managed). This page lists the verified fix and inline miti
CVE-2026-20037 is a execution with unnecessary privileges in Cisco Cisco Unified Computing System (Managed). This page lists the verified fi
CVE-2026-20041: Cisco Nexus Dashboard Server Side Request Forgery in Cisco Nexus Dashboard. Patch commands and verification.
CVE-2026-20042 is a cisco nexus dashboard configuration rest api unauthorized access in Cisco Nexus Dashboard, fixed by the same patch as CV
CVE-2026-20044 is a privilege escalation in Cisco Cisco Secure Firewall Management Center (FMC). This page lists the verified fix and inline
CVE-2026-20047: a vulnerability in Cisco Identity Services Engine Software. Patched version and vendor advisory inside.
CVE-2026-20050 is a improper resource shutdown or release in Cisco Cisco Secure Firewall Threat Defense (FTD) Software. This page lists the
CVE-2026-20052 is a access of memory location after end of buffer in Cisco Cisco Secure Firewall Threat Defense (FTD) Software. This page li
CVE-2026-20053 is a heap buffer overflow in Cisco Cisco Cyber Vision. This page lists the verified fix and inline mitigations.
CVE-2026-20054 is a loop with unreachable exit condition ('infinite loop') in Cisco Cisco Cyber Vision. This page lists the verified fix and
CVE-2026-20055: a vulnerability in Cisco Packaged Contact Center Enterprise. Patched version and vendor advisory inside.
CVE-2026-20056 is a code injection in Cisco Secure Web Appliance. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-20057 is a divide by zero in Cisco Cisco Cyber Vision. This page lists the verified fix and inline mitigations.
CVE-2026-20058 is a access of memory location before start of buffer in Cisco Cisco Secure Firewall Threat Defense (FTD) Software. This page
CVE-2026-20059 is a cross-site scripting in Cisco Unity Connection. This page lists verified fix commands and short-term mitigations you can
CVE-2026-20060 is an url redirection to untrusted site in Cisco Unity Connection. This page lists verified fix commands and short-term mitig
CVE-2026-20061 is a SQL injection in Cisco Unity Connection. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-20063 is a improper neutralization of argument delimiters in a command ('argument injection') in Cisco Cisco Secure Firewall Threat
CVE-2026-20064 is a null pointer dereference in Cisco Cisco Secure Firewall Threat Defense (FTD) Software. This page lists the verified fix
CVE-2026-20065 is a improper locking in Cisco Cisco Secure Firewall Threat Defense (FTD) Software. This page lists the verified fix and inli
CVE-2026-20066 is a denial of service via resource consumption in Cisco Cisco Secure Firewall Threat Defense (FTD) Software. This page lists
CVE-2026-20067 is a out-of-bounds write in Cisco Cisco Cyber Vision. This page lists the verified fix and inline mitigations.
CVE-2026-20068 is a uncaught exception in Cisco Cisco Cyber Vision. This page lists the verified fix and inline mitigations.
CVE-2026-20069 is a inconsistent interpretation of http requests ('http request/response smuggling') in Cisco Cisco Secure Firewall Adaptive
CVE-2026-20070 is a improper neutralization of script-related html tags in a web page (basic xss) in Cisco Cisco Secure Firewall Adaptive Se
CVE-2026-20073 is a improper access control in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page lists the v
CVE-2026-20075: a vulnerability in Cisco Evolved Programmable Network Manag. Patched version and vendor advisory inside.
CVE-2026-20076: a vulnerability in Cisco Identity Services Engine Software. Patched version and vendor advisory inside.
CVE-2026-20078 is a relative path traversal in Cisco Unity Connection. This page lists verified fix commands and short-term mitigations you
CVE-2026-2008 is a code injection in fermat-mcp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20080: a vulnerability in Cisco Ultra-Reliable Wireless Backhaul. Patched version and vendor advisory inside.
CVE-2026-20081 is a relative path traversal in Cisco Unity Connection. This page lists verified fix commands and short-term mitigations you
CVE-2026-20083 is a denial of service in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20085: Cisco Integrated Management Controller Cross-Site Scripting in Cisco Enterprise NFV Infrastructure Software. Patch commands
CVE-2026-20087: bundle sibling of CVE-2026-20085. Same patched build closes both.
CVE-2026-20088: bundle sibling of CVE-2026-20085. Same patched build closes both.
CVE-2026-20089: bundle sibling of CVE-2026-20085. Same patched build closes both.
CVE-2026-2009: an access control bypass in Gas Agency Management System. Patched version and vendor advisory inside.
CVE-2026-20090: bundle sibling of CVE-2026-20085. Same patched build closes both.
CVE-2026-20091 is a cross-site scripting in Cisco Cisco Firepower Extensible Operating System (FXOS). This page lists the verified fix and i
CVE-2026-20092: an arbitrary file read in Cisco Intersight Virtual Appliance. Patched version and vendor advisory inside.
CVE-2026-20095: bundle sibling of CVE-2026-20085. Same patched build closes both.
CVE-2026-20096: bundle sibling of CVE-2026-20085. Same patched build closes both.
CVE-2026-20097: Cisco Integrated Management Controller Remote Code Execution in Cisco Unified Computing System (Standalone). Patch commands
CVE-2026-20099 is a OS command injection in Cisco Cisco Firepower Extensible Operating System (FXOS). This page lists the verified fix and i
CVE-2026-20102 is a cross-site scripting in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page lists the veri
CVE-2026-20104 is a vulnerability in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-20106 is a missing release of memory after effective lifetime in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft
CVE-2026-20107 is a insufficient granularity of access control in Cisco Cisco Application Policy Infrastructure Controller (APIC). This page
CVE-2026-20108 is a vulnerability in Cisco Catalyst SD-WAN Manager. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-20109: a vulnerability in Cisco Packaged Contact Center Enterprise. Patched version and vendor advisory inside.
CVE-2026-2011 is a SQL injection in Student Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20110 is a denial of service in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20111: a hard-coded credentials in Cisco Prime Infrastructure. Patched version and vendor advisory inside.
CVE-2026-20112 is a vulnerability in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-20113 is a vulnerability in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-20114 is a vulnerability in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-20115 is a vulnerability in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-20116: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities in Cisco Unified Contact Center Express. Patch c
CVE-2026-20117: Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities in Cisco Unified Contact Center Express. Patch c
CVE-2026-20118 is a improper cleanup on thrown exception in Cisco IOS XR Software. CVSS 6.8 Medium. Patch commands, mitigations, and verific
CVE-2026-2012 is a SQL injection in Student Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20123: a vulnerability in Cisco Evolved Programmable Network Manag. Patched version and vendor advisory inside.
CVE-2026-2013 is a SQL injection in Student Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20132 is a cross-site scripting in Cisco Identity Services Engine Software. This page lists verified fix commands and short-term mi
CVE-2026-20136 is an encoding or escaping of output in Cisco Identity Services Engine Software. This page lists verified fix commands and sh
CVE-2026-20138 is a vulnerability in Splunk Enterprise. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-20139 is a vulnerability in Splunk Enterprise. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2014 is a SQL injection in Student Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20141 is an information disclosure in Splunk Enterprise. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-20142 is a vulnerability in Splunk Enterprise. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-20144 is a vulnerability in Splunk Enterprise. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-20148 is a path traversal in Cisco ISE Passive Identity Connector. This page lists verified fix commands and short-term mitigations
CVE-2026-20149 is a cross-site scripting in Cisco Cisco Webex Meetings. This page lists the verified fix and inline mitigations.
CVE-2026-2015 is an access control bypass in i-Educar. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-20152 is an authentication bypass by primary weakness in Cisco Secure Web Appliance. This page lists verified fix commands and shor
CVE-2026-2016 is a stack-based buffer overflow in libfastcommon. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-20161 is a link resolution before file access in Cisco ThousandEyes Enterprise Agent. This page lists verified fix commands and sho
CVE-2026-20162: Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise in Splunk Enterprise. Patch commands and verif
CVE-2026-20164: The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information i
CVE-2026-20165: Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive
CVE-2026-20166: The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information i
CVE-2026-20168 error handling in Cisco IoT Field Network Director (IoT-FND). Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-20169 improper neutralization of special elements used in a command ('command injectio in Cisco IoT Field Network Director (IoT-FND
CVE-2026-20170 is a neutralization of script-related html tags in in Cisco Webex Contact Center. This page lists verified fix commands and s
CVE-2026-20171 is a denial of service in Cisco NX-OS Software. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20172 reliance on file name or extension of externally-supplied file in Cisco Enterprise Chat and Email. Runnable upgrade commands
CVE-2026-20174 is a cisco nexus dashboard insights arbitrary file write in Cisco Nexus Dashboard, fixed by the same patch as CVE-2026-20041.
CVE-2026-2018 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20189 is a missing authorization in Cisco Prime Infrastructure. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-20193 missing authorization in Cisco Identity Services Engine Software. Runnable upgrade commands and verification steps for sysadm
CVE-2026-20195 observable response discrepancy in Cisco Identity Services Engine Software. Runnable upgrade commands and verification steps
CVE-2026-20199: a vulnerability in Cisco ThousandEyes Enterprise Agent. Patched version and vendor advisory inside.
CVE-2026-20202 is a the software does not properly handle in Splunk Cloud Platform. This page lists verified fix commands and short-term mit
CVE-2026-20203 is a the software does not restrict or in Splunk Cloud Platform. This page lists verified fix commands and short-term mitigat
CVE-2026-20206: an OS command injection in Cisco ThousandEyes Enterprise Agent. Patched version and vendor advisory inside.
CVE-2026-20209: a cross-site scripting (XSS) in Cisco Catalyst SD-WAN Manager. Patched version and vendor advisory inside.
CVE-2026-20210: a cross-site scripting (XSS) in Cisco Catalyst SD-WAN Manager. Patched version and vendor advisory inside.
CVE-2026-20219 authorization bypass through user-controlled key in Cisco Webex Meetings. Runnable upgrade commands and verification steps fo
CVE-2026-2022: a vulnerability in Smart Forms – when you need more than ju. Patched version and vendor advisory inside.
CVE-2026-2023 is a vulnerability in WP Plugin Info Card. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-20238 is an access control bypass in Splunk AI Toolkit. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2026 is a denial of service in Agent. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2027: a vulnerability in AMP Enhancer – Compatibility Layer for O. Patched version and vendor advisory inside.
CVE-2026-2028 - CWE-639 Authorization Bypass Through User-Controlled Key in MaxiBlocks Builder | 17, 000+ Design Assets, Patterns, Icons & S
CVE-2026-2029 is a cross-site scripting in livemesh Livemesh Addons for Beaver Builder. This page lists the verified fix and inline mitigati
CVE-2026-2035 is an OS command injection in OPNsense. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20424 is a out-of-bounds read in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20425 is a out-of-bounds write in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20426 is a out-of-bounds write in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20427 is a out-of-bounds write in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20428 is a out-of-bounds write in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20429 is a out-of-bounds read in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20431: Allocation of Resources Without Limits or Throttling in MediaTek chipset. Patch commands and verification.
CVE-2026-20435 is a weak credential storage in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20436 is a buffer overflow in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20437 is a use-after-free in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20438 is a cwe-367 time-of-check time-of-use (toctou) race condition in MediaTek, Inc. MediaTek chipset. This page lists the verifi
CVE-2026-20439 is a use-after-free in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20440 is a cwe-1285 specified index, position, or offset in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and i
CVE-2026-20441 is a out-of-bounds write in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20442 is a use-after-free in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20443 is a use-after-free in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20444 is a out-of-bounds write in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20445 is a cwe-367 time-of-check time-of-use (toctou) race condition in MediaTek, Inc. MediaTek chipset. This page lists the verifi
CVE-2026-20446 is a out-of-bounds write in Mediatek, Inc. MediaTek chipset, fixed by the same patch as CVE-2026-20431.
CVE-2026-20447 is a out-of-bounds read in MediaTek chipset. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-20448 improper handling of insufficient permissions or privileges in MediaTek chipset. Runnable upgrade commands and verification s
CVE-2026-20449 is a classic buffer overflow in MediaTek chipset. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-20450 is a reachable assertion in MediaTek chipset. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-20451 access of resource using incompatible type ('type confusion') in MediaTek chipset. Runnable upgrade commands and verification
CVE-2026-2054 is an information disclosure in DIR-605L. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2055 is an information disclosure in DIR-605L. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2056 is an information disclosure in DIR-605L. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2057: a SQL injection in Medical Center Portal Management System. Patched version and vendor advisory inside.
CVE-2026-2058 is a SQL injection in CloudClassroom-PHP-Project. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-2059: a SQL injection in Medical Center Portal Management System. Patched version and vendor advisory inside.
CVE-2026-2060: a SQL injection in Simple Blood Donor Management System. Patched version and vendor advisory inside.
CVE-2026-2061 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2062 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2063 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2064 is a vulnerability in i-Educar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20643: Processing maliciously crafted web content may bypass Same Origin Policy in Safari. Patch commands and verification.
CVE-2026-2065 is an authentication bypass in smART Pixelator. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2069 is a stack-based buffer overflow in llama.cpp. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20696 is a missing authorization in macOS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-20704 is a vulnerability in WRC-X1500GS-B. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20709: Escalation of Privilege in Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Cel
CVE-2026-20711 is a vulnerability in Cybozu Garoon. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20717: a vulnerability in Intel(R) QAT software drivers for Window. Patched version and vendor advisory inside.
CVE-2026-20718: a vulnerability in Intel(R) NPU Driver software installers. Patched version and vendor advisory inside.
CVE-2026-20719 is a denial of service in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20726 is a cwe-125: out-of-bounds read in Canva Affinity. CVSS 6.1 Medium. Patch commands, mitigations, and verification.
CVE-2026-2073 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20733 is a weak credential storage in CloudCharge cloudcharge.se. This page lists the verified fix and inline mitigations.
CVE-2026-2074 is a XML external entity (XXE) in O2OA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2075 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-20754 is a denial of service in Intel(R) NPU Drivers. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2076 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2077 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-20771: a vulnerability in Intel(R) QAT software drivers for Window. Patched version and vendor advisory inside.
CVE-2026-20772: a vulnerability in Intel(R) Connectivity Performance Suite . Patched version and vendor advisory inside.
CVE-2026-2078 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-20782: a vulnerability in Intel(R) QAT software drivers for Window. Patched version and vendor advisory inside.
CVE-2026-2079 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-20791 is a weak credential storage in Chargemap chargemap.com. This page lists the verified fix and inline mitigations.
CVE-2026-20793: a vulnerability in Intel(R) QAT software drivers for Window. Patched version and vendor advisory inside.
CVE-2026-20797 is a stack buffer overflow in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-20801 is a cwe-319 cleartext transmission of sensitive information in Gallagher NxWitness VMS and Hanwha VMS Integrations. This pag
CVE-2026-20806 is a cwe-843: access of resource using incompatible in Microsoft Windows. This page lists verified fix commands and short-ter
CVE-2026-2081 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20812: an improper input validation in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20818 is a vulnerability in Windows Server 2016. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-20819 is a path traversal in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2082 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20821: an information disclosure in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20823: an information disclosure in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20824: an authentication bypass in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20825: an access control bypass in Windows 10 Version 1809. Patched version and vendor advisory inside.
CVE-2026-20827: an information disclosure in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20828 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20829 is a path traversal in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2083 is a SQL injection in Social Networking Site. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-20833: a vulnerability in Windows Server 2008 R2 Service Pack 1. Patched version and vendor advisory inside.
CVE-2026-20834 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20835 is a path traversal in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20838 is a vulnerability in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20839: an access control bypass in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20847: an information disclosure in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20851 is a path traversal in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20862: an information disclosure in Windows 10 Version 1809. Patched version and vendor advisory inside.
CVE-2026-2087 is a SQL injection in Online Class Record System. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20872 is an arbitrary file read in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-20876 is a path traversal in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2088: a SQL injection in Beauty Parlour Management System. Patched version and vendor advisory inside.
CVE-2026-20881: a vulnerability in Intel(R) QAT software drivers for Window. Patched version and vendor advisory inside.
CVE-2026-2089 is a SQL injection in Online Class Record System. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20894: a vulnerability in Multiple Network Cameras TRIFORA 3 serie. Patched version and vendor advisory inside.
CVE-2026-2090 is a SQL injection in Online Class Record System. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20905: a vulnerability in Intel(R) QAT software drivers for Window. Patched version and vendor advisory inside.
CVE-2026-20914: a vulnerability in Intel(R) QAT software drivers for Window. Patched version and vendor advisory inside.
CVE-2026-20925 is an arbitrary file read in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-20927 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20928 is a cwe-212: improper removal of sensitive information in Microsoft Windows. This page lists verified fix commands and short
CVE-2026-20932: an information disclosure in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20935 is a path traversal in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20936 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20937: an information disclosure in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20939: an information disclosure in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20945 is a cross-site scripting in Microsoft SharePoint Enterprise Server 2016. This page lists verified fix commands and short-ter
CVE-2026-20958: a vulnerability in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-20959: a vulnerability in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-20962 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20968 is an use-after-free in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20970: an access control bypass in Samsung Mobile Devices. Patched version and vendor advisory inside.
CVE-2026-20972 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20973 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20974 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20976 is a vulnerability in Galaxy Store. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20977: an access control bypass in Samsung Mobile Devices. Patched version and vendor advisory inside.
CVE-2026-20978 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2098 is a vulnerability in AgentFlow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20981 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20982 is a path traversal in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20984 is a vulnerability in Galaxy Wearable. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20986 is a path traversal in Chinese Samsung Members. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20988: Improper Verification of Intent by Broadcast Receiver in Samsung Mobile Devices. Patch commands and verification.
CVE-2026-20989: Improper Verification of Cryptographic Signature in Samsung Mobile Devices. Patch commands and verification.
CVE-2026-2099 is a vulnerability in AgentFlow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20991 is a cwe-269 improper privilege management in Samsung Mobile Devices. CVSS 6.7 Medium. Patch commands, mitigations, and verif
CVE-2026-20992 is a improper authorization in Samsung Mobile Devices. CVSS 4.8 Medium. Patch commands, mitigations, and verification.
CVE-2026-20993: Improper Export of Android Application Components in Samsung Assistant. Patch commands and verification.
CVE-2026-20994: CWE-601 URL Redirection to Untrusted Site ('Open Redirect') in Samsung Account. Patch commands and verification.
CVE-2026-20995: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in Smart Switch. Patch commands and verification.
CVE-2026-20997: CWE-347 Improper Verification of Cryptographic Signature in Smart Switch. Patch commands and verification.
CVE-2026-2100 is a vulnerability in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-21001 is a path traversal in Samsung Mobile Galaxy Store. CVSS 5.9 Medium. Patch commands, mitigations, and verification.
CVE-2026-21002: Improper Verification of Cryptographic Signature in Galaxy Store. Patch commands and verification.
CVE-2026-21003 is an improper input validation in Samsung Mobile Devices. This page lists verified fix commands and short-term mitigations y
CVE-2026-21004 is a cwe-287 improper authentication in Samsung Mobile Smart Switch. CVSS 6.9 Medium. Patch commands, mitigations, and verifi
CVE-2026-21006 is an access control in Samsung Mobile Devices. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-21007 is a cwe-754: improper check for unusual or in Samsung Mobile Devices. This page lists verified fix commands and short-term m
CVE-2026-21008 is an information disclosure in Samsung Mobile Devices. This page lists verified fix commands and short-term mitigations you
CVE-2026-21009 is a cwe-754: improper check for unusual or in Samsung Mobile Devices. This page lists verified fix commands and short-term m
CVE-2026-21010 is an improper input validation in Samsung Mobile Devices. This page lists verified fix commands and short-term mitigations y
CVE-2026-21011 is a cwe-266: incorrect privilege assignment in Samsung Mobile Devices. This page lists verified fix commands and short-term
CVE-2026-21012 is a cwe-73: external control of file name in Samsung Mobile Devices. This page lists verified fix commands and short-term mi
CVE-2026-21013 is a cwe-276: incorrect default permission in Galaxy Wearable. This page lists verified fix commands and short-term mitigatio
CVE-2026-21014 is a cwe-284: improper access control in Samsung Camera. This page lists verified fix commands and short-term mitigations you
CVE-2026-21015 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21016 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21018 is an out-of-bounds write in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-21020 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21021 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21022 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21023 - CWE-345: Insufficient Verification of Data Authenticity in Samsung Mobile Devices. Runnable patch commands, mitigation, and
CVE-2026-21024: a local privilege escalation in Samsung System Support Service. Patched version and vendor advisory inside.
CVE-2026-2104 is a authorization bypass through user-controlled key in gitlab in GitLab, fixed by the same patch as CVE-2026-1092.
CVE-2026-2105 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2106 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2107 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2108 is a vulnerability in COCO Annotator. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2109 is an access control bypass in COCO Annotator. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2110 is a vulnerability in SwiftBuy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2111 is a path traversal in JeecgBoot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2112 is a vulnerability in Dam Spam. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2113 is an unsafe deserialization in tpadmin. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2114 is a SQL injection in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2115 is a SQL injection in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2116 is a SQL injection in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2117 is a SQL injection in Society Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2121 is a vulnerability in Weaver Show Posts. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2122 is a SQL injection in Panel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21222 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21258: an improper input validation in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-2126: an access control bypass in User Submitted Posts – Enable Users to S. Patched version and vendor advisory inside.
CVE-2026-21261: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-21265 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2127 is a vulnerability in SiteOrigin Widgets Bundle. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21278 is a path traversal in InDesign Desktop. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21282 is a adobe commerce | improper input validation (cwe-20) in Adobe Commerce. CVSS 5.3 Medium. Patch commands, mitigations, and
CVE-2026-21285 is a adobe commerce | incorrect authorization (cwe-863) in Adobe Commerce. CVSS 4.3 Medium. Patch commands, mitigations, and
CVE-2026-21286 is a adobe commerce | incorrect authorization (cwe-863) in Adobe Commerce. CVSS 5.3 Medium. Patch commands, mitigations, and
CVE-2026-21288 is a vulnerability in Illustrator. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21291: Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Commerce. Patch commands and verification.
CVE-2026-21292: Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Commerce. Patch commands and verification.
CVE-2026-21293: Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) in Adobe Commerce. Patch commands and verification.
CVE-2026-21294: Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) in Adobe Commerce. Patch commands and verification.
CVE-2026-21296 is a adobe commerce | incorrect authorization (cwe-863) in Adobe Commerce. CVSS 4.3 Medium. Patch commands, mitigations, and
CVE-2026-21297 is a adobe commerce | incorrect authorization (cwe-863) in Adobe Commerce. CVSS 4.3 Medium. Patch commands, mitigations, and
CVE-2026-2130 is an OS command injection in mcp-maigret. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-21300 is a vulnerability in Substance3D - Modeler. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21301 is a vulnerability in Substance3D - Modeler. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21302 is a path traversal in Substance3D - Modeler. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21303 is a path traversal in Substance3D - Modeler. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21308 is a path traversal in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2131 is an OS command injection in HarmonyOS-mcp-server. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-21310 is a adobe commerce | improper input validation (cwe-20) in Adobe Commerce. CVSS 5.3 Medium. Patch commands, mitigations, and
CVE-2026-21313 is a path traversal in Audition. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21314 is a path traversal in Audition. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21315 is a path traversal in Audition. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21316 is an OS command injection in Audition. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21317 is a path traversal in Audition. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21319 is a path traversal in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2132 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2133 is an unrestricted file upload in Online Music Site. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-21331 is a cross-site scripting in Adobe Connect. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-21332 is a path traversal in InDesign Desktop. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21336 is a vulnerability in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21337 is a path traversal in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21338 is a vulnerability in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21339 is a path traversal in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2134 is a SQL injection in Hospital Management System. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-21340 is a path traversal in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21348 is a path traversal in Substance3D - Modeler. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2135 is an OS command injection in HiPER 810. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21350 is a vulnerability in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21354 is a vulnerability in DNG SDK. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21355 is a path traversal in DNG SDK. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21358 is a path traversal in InDesign Desktop. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21359 is a adobe commerce | incorrect authorization (cwe-863) in Adobe Commerce. CVSS 4.7 Medium. Patch commands, mitigations, and
CVE-2026-2136 is a SQL injection in Online Food Ordering System. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-21360: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) in Adobe Commerce. Patch commands an
CVE-2026-21363: Substance3D - Painter | NULL Pointer Dereference (CWE-476) in Substance3D - Painter. Patch commands and verification.
CVE-2026-21364: Substance3D - Painter | NULL Pointer Dereference (CWE-476) in Substance3D - Painter. Patch commands and verification.
CVE-2026-21365: Substance3D - Painter | Out-of-bounds Read (CWE-125) in Substance3D - Painter. Patch commands and verification.
CVE-2026-21386 is a private channel enumeration via /mute slash command in Mattermost. CVSS 4.3 Medium. Patch commands, mitigations, and ver
CVE-2026-21393: a vulnerability in Movable Type (Software Edition). Patched version and vendor advisory inside.
CVE-2026-21409 is a vulnerability in RICOH Streamline NX. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-2141 is an access control bypass in WukongCRM. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21419: a vulnerability in Display and Peripheral Manager (Windows). Patched version and vendor advisory inside.
CVE-2026-21421 is a execution with unnecessary privileges in Dell PowerScale OneFS. This page lists the verified fix and inline mitigations.
CVE-2026-21423 is a incorrect default permissions in Dell PowerScale OneFS. This page lists the verified fix and inline mitigations.
CVE-2026-21424 is a execution with unnecessary privileges in Dell PowerScale OneFS. This page lists the verified fix and inline mitigations.
CVE-2026-21425 is a incorrect privilege assignment in Dell PowerScale OneFS. This page lists the verified fix and inline mitigations.
CVE-2026-21426 is a execution with unnecessary privileges in Dell PowerScale OneFS. This page lists the verified fix and inline mitigations.
CVE-2026-21432 is a vulnerability in emlog. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21434 is an OS command injection in webtransport-go. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21435 is a vulnerability in webtransport-go. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21436 is a path traversal in eopkg. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21438 is a vulnerability in webtransport-go. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21444 is a vulnerability in libtpms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2145 is a vulnerability in nginxWebUI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21451 is a vulnerability in bagisto. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2146 is an unrestricted file upload in yshopmall. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2147 is an information disclosure in AC21. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2148 is an information disclosure in AC21. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21483 is a vulnerability in listmonk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21484 is a vulnerability in anything-llm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21487 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21488 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21489 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2149: a vulnerability in Patients Waiting Area Queue Management S. Patched version and vendor advisory inside.
CVE-2026-21490 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21491 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21492 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21493 is a vulnerability in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21494 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21495 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21496 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21497 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21498 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21499 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-2150: a vulnerability in Patients Waiting Area Queue Management S. Patched version and vendor advisory inside.
CVE-2026-21500 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21501 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21502 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21503 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21504 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21505 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21506 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21512 is a vulnerability in Azure DevOps Server 2022. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21517 is a vulnerability in Windows App for Mac. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21522: an OS command injection in Microsoft ACI Confidential Containers. Patched version and vendor advisory inside.
CVE-2026-21527: a vulnerability in Microsoft Exchange Server 2016 Cumulativ. Patched version and vendor advisory inside.
CVE-2026-21528 is a vulnerability in Azure IoT Explorer. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-21529 is a vulnerability in Azure HDInsight. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2153 is a vulnerability in doorman. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21530 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2154: a vulnerability in Patients Waiting Area Queue Management S. Patched version and vendor advisory inside.
CVE-2026-2156: a vulnerability in Online Student Management System. Patched version and vendor advisory inside.
CVE-2026-2158 is a SQL injection in Student Web Portal. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2159: a vulnerability in Simple Responsive Tourism Website. Patched version and vendor advisory inside.
CVE-2026-2160: a vulnerability in Simple Responsive Tourism Website. Patched version and vendor advisory inside.
CVE-2026-2161 is a SQL injection in Directory Management System. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2162 is a SQL injection in News Portal Project. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-21625: an unrestricted file upload in EasyDiscuss extension for Joomla. Patched version and vendor advisory inside.
CVE-2026-21629: Joomla! Core - [20260301] - ACL hardening in com_ajax in Joomla! CMS. Patch commands and verification.
CVE-2026-2163 is an OS command injection in DIR-600. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21630: bundle sibling of CVE-2026-21629. Same patched build closes both.
CVE-2026-21631: bundle sibling of CVE-2026-21629. Same patched build closes both.
CVE-2026-21632: bundle sibling of CVE-2026-21629. Same patched build closes both.
CVE-2026-21634 is a vulnerability in UniFi Protect Application. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-21635 is a vulnerability in UniFi Connect EV Station Lite. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-21636 is a vulnerability in node. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21637 is a vulnerability in node. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2164 is an unrestricted file upload in E-commerce. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21642 is a vulnerability in Revive Adserver. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2165 is an authentication bypass in E-commerce. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-2166 is a SQL injection in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21660 is a plaintext credential storage in Johnson Controls Frick Controls Quantum HD. This page lists the verified fix and inline
CVE-2026-21663 is a vulnerability in Revive Adserver. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21664 is a vulnerability in Revive Adserver. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2167 is an OS command injection in WA300. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2168 is an OS command injection in DWR-M921. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21680 is a vulnerability in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21689 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-2169 is an OS command injection in DWR-M921. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21690 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21691 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21694 is an access control bypass in titra. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21695 is a vulnerability in titra. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21709 is a command injection in Backup and Replication. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-2171: a SQL injection in Online Student Management System. Patched version and vendor advisory inside.
CVE-2026-21711 is a vulnerability in node. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21712 is a vulnerability in node. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21713 is a vulnerability in node. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21714 is a vulnerability in node. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21717 is a vulnerability in node. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2172: a SQL injection in Online Application System for Admission. Patched version and vendor advisory inside.
CVE-2026-21722 is a vulnerability in grafana/grafana. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21724 is a vulnerability in Grafana OSS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21726 is a path traversal in Loki. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-2173 is a SQL injection in Online Examination System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21730 is a cross-site scripting (XSS) in Verba. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-21736: CWE-280: Improper Handling of Insufficient Permissions or Privileges in Graphics DDK. Patch commands and verification.
CVE-2026-2174: an authentication bypass in Contact Management System. Patched version and vendor advisory inside.
CVE-2026-21742 is an information disclosure in FortiSOAR PaaS. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-21743 is an access control bypass in FortiAuthenticator. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2176 is a SQL injection in Contact Management System. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21767: HCL BigFix Platform is affected by insufficient authentication in BigFix Platform. Patch commands and verification.
CVE-2026-2177 is a vulnerability in Prison Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2178 is an OS command injection in xcode-mcp-server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21783 is a vulnerability in Traveler. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21788: HCL Connections is vulnerable to cross-site scripting (XSS) in Connections. Patch commands and verification.
CVE-2026-21789 is an access control bypass in Connections. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2179 is a SQL injection in Hospital Management System. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-21790 is a vulnerability in Traveler. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2183: an unrestricted file upload in Certificate Generation System. Patched version and vendor advisory inside.
CVE-2026-21836 is a missing authorization in DominoIQ. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2184: an OS command injection in Certificate Generation System. Patched version and vendor advisory inside.
CVE-2026-21851 is a path traversal in MONAI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21852 is a path traversal in claude-code. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21859 is a vulnerability in mailpit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21860 is a vulnerability in werkzeug. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21864 is a improper input validation in valkey-io valkey-bloom. This page lists the verified fix and inline mitigations.
CVE-2026-21865 is a vulnerability in discourse. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21866 is a cross-site scripting in langgenius dify. This page lists the verified fix and inline mitigations.
CVE-2026-21870 is a stack-based buffer overflow in bacnet-stack. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-21871 is a vulnerability in nicegui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21872 is a vulnerability in nicegui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21874 is an OS command injection in nicegui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21879 is a vulnerability in kanboard. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21880 is a vulnerability in kanboard. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21883 is a vulnerability in bokeh. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21885 is a vulnerability in v2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21886: OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities in opencti. Patch commands and verification.
CVE-2026-2189 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21892 is a SQL injection in parsl. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21894 is an authentication bypass in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21896 is an access control bypass in kirby. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21899 is a path traversal in CryptoLib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2190 is a SQL injection in School Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21903 is a stack-based buffer overflow in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21904 is a cross-site scripting in Junos Space. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-21907 is a vulnerability in Junos Space. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21909 is a vulnerability in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21910 is a denial of service in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21911 is a vulnerability in Junos OS Evolved. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21912 is a vulnerability in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21915 is a permissive list of allowed input in JSI LWC. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-21919 is a synchronization in Junos OS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-21921 is an use-after-free in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21922: a vulnerability in Oracle Planning and Budgeting Cloud Serv. Patched version and vendor advisory inside.
CVE-2026-21923: a vulnerability in Oracle Life Sciences Central Designer. Patched version and vendor advisory inside.
CVE-2026-21924: a vulnerability in Oracle Utilities Application Framework. Patched version and vendor advisory inside.
CVE-2026-21925 is a vulnerability in Oracle Java SE. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21927 is a vulnerability in Oracle Solaris. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21928 is a vulnerability in Oracle Solaris. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21929 is a vulnerability in MySQL Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2193 is an OS command injection in DI-7100G C1. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-21931: a vulnerability in Oracle APEX Sample Applications. Patched version and vendor advisory inside.
CVE-2026-21933 is a vulnerability in Oracle Java SE. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21934: a vulnerability in PeopleSoft Enterprise PeopleTools. Patched version and vendor advisory inside.
CVE-2026-21935 is a vulnerability in Oracle Solaris. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21936 is a vulnerability in MySQL Cluster. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21937 is a vulnerability in MySQL Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21938: a vulnerability in PeopleSoft Enterprise PeopleTools. Patched version and vendor advisory inside.
CVE-2026-2194 is an OS command injection in DI-7100G C1. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-21941 is a vulnerability in MySQL Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21942 is a vulnerability in Oracle Solaris. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21943 is a vulnerability in Oracle Scripting. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21944: a vulnerability in Oracle Agile Product Lifecycle Managemen. Patched version and vendor advisory inside.
CVE-2026-21946 is a vulnerability in JD Edwards EnterpriseOne Tools. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-21948 is a vulnerability in MySQL Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21949 is a vulnerability in MySQL Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2195 is a SQL injection in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21950 is a vulnerability in MySQL Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21951: a vulnerability in PeopleSoft Enterprise PeopleTools. Patched version and vendor advisory inside.
CVE-2026-21952 is a vulnerability in MySQL Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21959 is a vulnerability in Oracle Workflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2196 is a SQL injection in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21960 is a vulnerability in Oracle Applications DBA. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21961: a vulnerability in PeopleSoft Enterprise HCM Human Resource. Patched version and vendor advisory inside.
CVE-2026-21963 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21964 is a vulnerability in MySQL Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21966: a vulnerability in Oracle Hospitality OPERA 5 Property Serv. Patched version and vendor advisory inside.
CVE-2026-21968 is a vulnerability in MySQL Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2197 is a SQL injection in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21970: a vulnerability in Oracle Life Sciences Central Designer. Patched version and vendor advisory inside.
CVE-2026-21971: a vulnerability in PeopleSoft Enterprise SCM Purchasing. Patched version and vendor advisory inside.
CVE-2026-21972 is a vulnerability in Oracle Configurator. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21974: a vulnerability in Oracle Life Sciences Central Designer. Patched version and vendor advisory inside.
CVE-2026-21975 is a vulnerability in Oracle Database Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21978: a vulnerability in Oracle FLEXCUBE Universal Banking. Patched version and vendor advisory inside.
CVE-2026-21979: a vulnerability in Oracle Planning and Budgeting Cloud Serv. Patched version and vendor advisory inside.
CVE-2026-2198 is a SQL injection in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21980: a vulnerability in Oracle Life Sciences Central Coding. Patched version and vendor advisory inside.
CVE-2026-21981 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21985 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2199 is a SQL injection in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21991: A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. in Oracle Linux. Patch com
CVE-2026-21998 - Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise M
CVE-2026-21999 - Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database
CVE-2026-2200 is a vulnerability in JFinalCMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22002 - Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise M
CVE-2026-22003 - Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Or
CVE-2026-22004 - Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise M
CVE-2026-22005 - Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise M
CVE-2026-22006 - Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enter
CVE-2026-22009 - Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise My
CVE-2026-2201 is a vulnerability in studentmanager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22013 - Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise
CVE-2026-22015 - Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise My
CVE-2026-22017 - Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise My
CVE-2026-22019 - Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enter
CVE-2026-22021 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE
CVE-2026-22024 is a vulnerability in CryptoLib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22025 is a vulnerability in CryptoLib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22027 is a path traversal in CryptoLib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22030 is a vulnerability in react-router. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22032 is a vulnerability in directus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22036 is an OS command injection in undici. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22040 is a use-after-free in nanomq nanomq. This page lists the verified fix and inline mitigations.
CVE-2026-22042 is an access control bypass in rustfs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22043 is a vulnerability in rustfs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22044 is a SQL injection in glpi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22045 is an OS command injection in traefik. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2205 is an information disclosure in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22050 is a vulnerability in ONTAP 9. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22052 is a information disclosure via error message in NETAPP ONTAP 9. This page lists the verified fix and inline mitigations.
CVE-2026-2206 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2207 is an information disclosure in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22077 - Sensitive Information Disclosure Vulnerability Caused by Trusted Domain Bypass in OPPO Wallet APP. Runnable patch commands,
CVE-2026-2208 is a vulnerability in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2209 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2211 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2212 is a SQL injection in Online Music Site. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2213 is an unrestricted file upload in Online Music Site. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-2214 is a vulnerability in for Plugin. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2215 is a code injection in WeRSS we-mp-rss. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22154 is a cross-site scripting in FortiSOAR PaaS. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-22155 is an information disclosure in FortiSOAR PaaS. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-2216 is a path traversal in WeRSS we-mp-rss. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2217 is a SQL injection in Event Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22170 is a cwe-863: incorrect authorization in OpenClaw. CVSS 6.3 Medium. Patch commands, mitigations, and verification.
CVE-2026-22174: OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe in OpenClaw. Patch commands and verification.
CVE-2026-22176: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) in OpenClaw. Patch comma
CVE-2026-22177: OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars in OpenClaw. Patch commands and verification.
CVE-2026-22178 is a cwe-1333 in OpenClaw. CVSS 6.9 Medium. Patch commands, mitigations, and verification.
CVE-2026-2218 is an OS command injection in DCS-933L. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22180: CWE-59: Improper Link Resolution Before File Access ('Link Following') in OpenClaw. Patch commands and verification.
CVE-2026-22181 is a cwe-918 server-side request forgery (ssrf) in OpenClaw. CVSS 6.1 Medium. Patch commands, mitigations, and verification.
CVE-2026-22183: wpDiscuz before 7.6.47 - Stored Cross-Site Scripting in Inline Comment Preview in wpDiscuz. Patch commands and verification.
CVE-2026-22184 is an OS command injection in zlib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22185 is a path traversal in OpenLDAP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22186 is a XML external entity (XXE) in Bio-Formats. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22187 is an unsafe deserialization in Bio-Formats. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22188 is a vulnerability in Panda3D. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22189 is a stack-based buffer overflow in Panda3D. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22190 is a format string vulnerability in Panda3D. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22191: Beghelli Sicuro24 SicuroWeb AngularJS Template Injection in SicuroWeb (Sicuro24). Patch commands and verification.
CVE-2026-22198 is a vulnerability in GestSup. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2220 is a SQL injection in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22201: wpDiscuz before 7.6.47 - IP Address Spoofing in getIP() in wpDiscuz. Patch commands and verification.
CVE-2026-22202: wpDiscuz before 7.6.47 - Destructive GET Action Deletes All Comments by Email in wpDiscuz. Patch commands and verification.
CVE-2026-22203: wpDiscuz before 7.6.47 - Options Export Leaks OAuth Secrets in Plaintext in wpDiscuz. Patch commands and verification.
CVE-2026-22204: wpDiscuz before 7.6.47 - Unsanitized Cookie Email Used as wp_mail() Recipient in wpDiscuz. Patch commands and verification.
CVE-2026-22209: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpDiscuz. Patch commands and verific
CVE-2026-2221 is a SQL injection in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22211 is an OS command injection in TinyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22212 is a stack-based buffer overflow in TinyOS. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-22214 is a stack-based buffer overflow in RIOT OS. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22215: wpDiscuz before 7.6.47 - Missing CSRF Protection on wpdGetFollowsPage in wpDiscuz. Patch commands and verification.
CVE-2026-22216 is a improper control of interaction frequency in Gvectors wpDiscuz. CVSS 6.9 Medium. Patch commands, mitigations, and verifi
CVE-2026-22217: CWE-829: Inclusion of Functionality from Untrusted Control Sphere in OpenClaw. Patch commands and verification.
CVE-2026-2222 is a vulnerability in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22220 is an improper input validation in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-22228 is a vulnerability in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2223 is a SQL injection in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22231 is a vulnerability in eCASE Audit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22232 is a vulnerability in eCASE Audit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22233 is a vulnerability in eCASE Audit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2224 is a vulnerability in Online Reviewer System. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22242 is a vulnerability in CoreShop. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22246 is a vulnerability in mastodon. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22247 is a vulnerability in glpi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2225 is a SQL injection in News Portal Project. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22251 is an information disclosure in wlc. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22253 is an access control bypass in soft-serve. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-2226 is an unrestricted file upload in DouPHP. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22262 is a stack-based buffer overflow in suricata. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22263 is a vulnerability in suricata. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22266 is a vulnerability in PowerProtect Data Manager. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22268 is a vulnerability in PowerProtect Data Manager. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22269 is a code injection in PowerProtect Data Manager. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2227 is an OS command injection in DCS-931L. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22270 is a uncontrolled search path element in Dell PowerScale OneFS,. This page lists the verified fix and inline mitigations.
CVE-2026-22274 is a vulnerability in ObjectScale. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22275 is a vulnerability in ObjectScale. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22276 is a vulnerability in ObjectScale. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22279 is an OS command injection in PowerScale OneFS. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-22280 is an arbitrary file read in PowerScale OneFS. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22284: an OS command injection in SmartFabric OS10 Software. Patched version and vendor advisory inside.
CVE-2026-22285 is a plaintext credential storage in Dell Device Management Agent (DDMA). This page lists the verified fix and inline mitigat
CVE-2026-2230 is a vulnerability in Booking Calendar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22316 is a buffer overflow using tftp filename in Phoenix Contact FL SWITCH 2005. CVSS 6.5 Medium. Patch commands, mitigations, and
CVE-2026-22318: Stack-Based Buffer Overflow in File Transfer Parameter Handling in FL SWITCH 2005. Patch commands and verification.
CVE-2026-22319: Stack-Based Buffer Overflow in File Install Parameter Handling in FL SWITCH 2005. Patch commands and verification.
CVE-2026-22320: Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI in FL SWITCH 2005. Patch commands and verificati
CVE-2026-22321: Stack-Based Buffer Overflow in CLI Login Username Handling over CLI in FL SWITCH 2005. Patch commands and verification.
CVE-2026-2233: CWE-862 Missing Authorization in User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Regis
CVE-2026-22341 is a authentication bypass using an alternate path or channel in Case-Themes Booked. This page lists the verified fix and inl
CVE-2026-22347: a vulnerability in Carousel Horizontal Posts Content Slider. Patched version and vendor advisory inside.
CVE-2026-22348 is a vulnerability in Civic Cookie Control. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-22349 is a vulnerability in Menu In Post. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22350 is a missing authorization in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder. This page lists the verif
CVE-2026-22353 is a vulnerability in teachPress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22358: a vulnerability in Electrician - Electrical Service WordPre. Patched version and vendor advisory inside.
CVE-2026-22359 is a vulnerability in Wordpress Movies Bulk Importer. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-22360 is a vulnerability in SearchAzon. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22382: a vulnerability in PawFriends - Pet Shop and Veterinary Wor. Patched version and vendor advisory inside.
CVE-2026-22388 is a vulnerability in Owl Carousel WP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22391 is a vulnerability in Cocco. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22393 is a vulnerability in Curly. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22396 is a vulnerability in Fiorello. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22398 is a vulnerability in Fleur. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2240 is a path traversal in janet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22400 is a vulnerability in Holmes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22404 is a vulnerability in Innovio. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22406 is a vulnerability in Overton. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22407 is a vulnerability in Roam. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22409 is a vulnerability in Justicia. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2241 is a path traversal in janet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22411 is a vulnerability in Dolcino. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2242 is a path traversal in janet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22422 is a vulnerability in Everest Forms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22426 is a vulnerability in Sweet Jane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2243 is a path traversal in the product. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22430 is a vulnerability in Verdure. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22445 is a vulnerability in Apimo Connector. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22447 is a vulnerability in Prowess. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2245 is a path traversal in CCExtractor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22450 is a vulnerability in Don Peppe. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22458 is a vulnerability in Wanderland. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22459 is a missing authorization in Blend Media WordPress CTA. This page lists the verified fix and inline mitigations.
CVE-2026-2246 is a memory corruption in apriltag. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22461 is a vulnerability in CTX Feed. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22462: a vulnerability in Add Polylang support for Customizer. Patched version and vendor advisory inside.
CVE-2026-22463 is a vulnerability in Form to Chat App. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22466 is a vulnerability in WP MapIt. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22468 is a vulnerability in Absolute Addons For Elementor. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-22469 is a vulnerability in DeepDigital. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22472 is a vulnerability in Easy Form Builder. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22481 is a vulnerability in BD Courier Order Ratio Checker. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-22482 is a vulnerability in IMGspider. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22483 is a vulnerability in teachPress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22485 is a vulnerability in My Album Gallery. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22486 is a vulnerability in Re Gallery. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22487 is a vulnerability in Speed Kit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22488: a vulnerability in Dashboard Welcome for Beaver Builder. Patched version and vendor advisory inside.
CVE-2026-22489 is a vulnerability in Image Slider Slideshow. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22490: a vulnerability in Bulk Landing Page Creator for WordPress . Patched version and vendor advisory inside.
CVE-2026-22492 is a vulnerability in Docket Cache. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22517: a vulnerability in GA4WP: Google Analytics for WordPress. Patched version and vendor advisory inside.
CVE-2026-22518 is a vulnerability in X Addons for Elementor. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22519 is a vulnerability in MediaPress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22522 is a vulnerability in Block Slider. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22537 is a vulnerability in QC 60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22539 is a vulnerability in QC 60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22543 is a vulnerability in QC 60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22548 is a vulnerability in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22549: a path traversal in F5 BIG-IP Container Ingress Services. Patched version and vendor advisory inside.
CVE-2026-2256 is a command injection in ModelScope ms-agent. This page lists the verified fix and inline mitigations.
CVE-2026-22560 is an open redirect in Rocket.Chat. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-22561 is a remote code execution in Anthropic Claude Desktop - Windows. CVSS 4.7 Medium. Patch commands, mitigations, and verificat
CVE-2026-22568 is a improper input validation in Zscaler ZIA Admin UI. This page lists the verified fix and inline mitigations.
CVE-2026-22569 is a incorrect startup configuration in zcc in Zscaler Client Connector. CVSS 5.4 Medium. Patch commands, mitigations, and ve
CVE-2026-2257: CWE-639 Authorization Bypass Through User-Controlled Key in GetGenie – AI Content Writer with Keyword Research & SEO Tracking
CVE-2026-22572 is a improper access control in Fortinet FortiManager. CVSS 6.8 Medium. Patch commands, mitigations, and verification.
CVE-2026-22573 is a path traversal in FortiSOAR PaaS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-22574 is an information disclosure in FortiSOAR PaaS. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-22576 is an information disclosure in FortiSOAR PaaS. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-2258 is a memory corruption in lobster. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22587 is a vulnerability in DevonWay. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22588 is a vulnerability in spree. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2259 is a memory corruption in lobster. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22592 is a vulnerability in gogs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22596 is a SQL injection in Ghost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22597 is a vulnerability in Ghost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22603 is a vulnerability in openproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22604 is an information disclosure in openproject. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22605 is an access control bypass in openproject. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-22613 is a code injection in Network M3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22614 is a cwe-257 storing passwords in a recoverable format in Eaton EasySoft. CVSS 6.1 Medium. Patch commands, mitigations, and v
CVE-2026-22615 is an improper input validation in IPP Software. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-22616 is a restriction of excessive authentication attempts in IPP Software. This page lists verified fix commands and short-term m
CVE-2026-22617 is a sensitive cookie in https session without in IPP Software. This page lists verified fix commands and short-term mitigati
CVE-2026-22618 is an improperly implemented security check for standard in IPP software. This page lists verified fix commands and short-ter
CVE-2026-22624 is a vulnerability in HS-AFS-S1H1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22625 is a vulnerability in HS-AFS-S1H1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22626 is a vulnerability in HS-AFS-S1H1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22628 is a execute unauthorized code or commands in Fortinet FortiSwitchAXFixed. CVSS 5.1 Medium. Patch commands, mitigations, and
CVE-2026-2263: Missing Authorization in Hustle – Email Marketing, Lead Generation, Optins, Popups. Patch commands and verification.
CVE-2026-22644 is a vulnerability in Incoming Goods Suite. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-22645 is an information disclosure in Incoming Goods Suite. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-22646 is a vulnerability in Incoming Goods Suite. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2265: Replicator 1.0.5 is vulnerable to Remote Code Execution through Insecure Deserialization in Replicator. Patch commands and ve
CVE-2026-22662 is a prompts.chat blind ssrf via media-generate in F prompts.chat, fixed by the same patch as CVE-2026-22661.
CVE-2026-22675: OCS Inventory NG Server Stored XSS via User-Agent in OCS Inventory NG Server. Patch commands and verification.
CVE-2026-22677 is a path traversal in hermes-webui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22678 is a cross-site scripting (XSS) in Webmin. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22680: OpenViking < 0.3.3 Missing Authorization via Task Polling in OpenViking. Patch commands and verification.
CVE-2026-22687 is a SQL injection in WeKnora. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22689 is a vulnerability in mailpit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22692 is a protection mechanism failure in october. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-22693 is a vulnerability in harfbuzz. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22694 is a vulnerability in aliasvault. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22695 is a path traversal in libpng. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22701 is a vulnerability in filelock. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22702 is a vulnerability in virtualenv. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22703 is a vulnerability in cosign. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22705 is a vulnerability in signatures. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22707 is an unrestricted file upload in strapi. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22711: Stored XSS through system messages in WikiLove in Mediawiki - Wikilove Extension. Patch commands and verification.
CVE-2026-22715 is a cwe-923 improper restriction of communication channel to intended endpoints in VMware Workstation. This page lists the v
CVE-2026-22716 is a out-of-bounds write in VMware Workstation. This page lists the verified fix and inline mitigations.
CVE-2026-22718 is an OS command injection in CLI VSCode Extension. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-2272 is a vulnerability in Red Hat Enterprise Linux 6. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22721 is a privilege escalation in VMware VMware Aria Operations. This page lists the verified fix and inline mitigations.
CVE-2026-22722 is a null pointer dereference in VMware Workstation. This page lists the verified fix and inline mitigations.
CVE-2026-22723 is a cwe-693 protection mechanism failure in Cloudfoundry Foundation UAA. This page lists the verified fix and inline mitigat
CVE-2026-22726 - CWE-923: Improper Restriction of Communication Channel to Intended Endpoints in Routing release. Runnable patch commands, m
CVE-2026-22728 is a cwe-284 in Bitnami sealed-secrets. This page lists the verified fix and inline mitigations.
CVE-2026-22737: Spring Framework Improper Path Limitation with Script View Templates in Spring Framework. Patch commands and verification.
CVE-2026-22740 - CWE-400 Uncontrolled Resource Consumption in Spring Framework. Runnable patch commands, mitigation, and verification on thi
CVE-2026-22745 - CWE-400 Uncontrolled Resource Consumption in Spring Framework. Runnable patch commands, mitigation, and verification on thi
CVE-2026-22747 - Unauthorized User Impersonation when Using X.509 Client Certificates in Spring Security. Runnable patch commands, mitigatio
CVE-2026-22748 - Potential Security Misconfiguration when Using withIssuerLocation in Spring Security. Runnable patch commands, mitigation,
CVE-2026-22751 - Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions in Spring Security. Runna
CVE-2026-2276 is a vulnerability in web application. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22761 is an OS command injection in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations you
CVE-2026-22762 is a path traversal in Avamar Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22764: an authentication bypass in OpenManage Network Integration. Patched version and vendor advisory inside.
CVE-2026-2277 is a vulnerability in rexCrawler. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22770 is a vulnerability in ImageMagick. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22772 is a vulnerability in fulcio. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22773 is an OS command injection in vllm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22779 is a vulnerability in BlackSheep. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22780 is an OS command injection in rizin. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22789 is an unrestricted file upload in WebErpMesv2. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22791 is an out-of-bounds write in opencryptoki. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22798 is a vulnerability in hermes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22801 is a path traversal in libpng. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22808 is a vulnerability in fleet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22809 is a vulnerability in tarteaucitron.js. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2281 is a vulnerability in Private Comment. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22815 is a cwe-400: uncontrolled resource consumption in Aio-libs aiohttp. CVSS 6.9 Medium. Patch commands, mitigations, and verifi
CVE-2026-22819 is a vulnerability in outray. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2282 is a vulnerability in Slidorion. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22820 is a vulnerability in outray. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22821 is a SQL injection in mreporting. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2284: a vulnerability in News Element Elementor Blog Magazine. Patched version and vendor advisory inside.
CVE-2026-22851 is a vulnerability in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22852 is an OS command injection in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22853 is an OS command injection in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22854 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22855 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22856 is a vulnerability in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22857 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22858 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22859 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22875: a vulnerability in Movable Type (Software Edition). Patched version and vendor advisory inside.
CVE-2026-22876: a path traversal in Multiple Network Cameras TRIFORA 3 serie. Patched version and vendor advisory inside.
CVE-2026-22878 is a weak credential storage in Mobility46 mobility46.se. This page lists the verified fix and inline mitigations.
CVE-2026-22880 is a cross-site request forgery (CSRF) in Mattermost. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-22881 is a vulnerability in Cybozu Garoon. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22882 is a cwe-125: out-of-bounds read in Canva Affinity. CVSS 6.1 Medium. Patch commands, mitigations, and verification.
CVE-2026-22888 is a path traversal in Cybozu Garoon. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2289 is a cross-site scripting in taskbuilder Taskbuilder – Project Management & Task Management Tool With Kanban Board. This page
CVE-2026-22890 is a weak credential storage in EV2GO ev2go.io. This page lists the verified fix and inline mitigations.
CVE-2026-22892 is an access control bypass in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22900 is a hard-coded credentials in QuNetSwitch. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-22901 is an OS command injection in QuNetSwitch. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22902 is an OS command injection in QuNetSwitch. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22911 is a hard-coded credentials in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22912 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22913 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22914 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22915 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22916 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22917 is an OS command injection in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22918 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2292 is a cross-site scripting in bandido Morkva UA Shipping. This page lists the verified fix and inline mitigations.
CVE-2026-2294: an access control bypass in UiPress lite | Effortless custom dashboa. Patched version and vendor advisory inside.
CVE-2026-2295: an information disclosure in WPZOOM Addons for Elementor – Starter Te. Patched version and vendor advisory inside.
CVE-2026-2297 is a cwe-668 exposure of resource to wrong sphere in Python Software Foundation CPython. This page lists the verified fix and
CVE-2026-2300 is a cross-site scripting (XSS) in BJ Lazy Load. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2301 is a missing authorization in metaphorcreations Post Duplicator. This page lists the verified fix and inline mitigations.
CVE-2026-2302 is a vulnerability in MongoDB Ruby Driver. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-2303 is a vulnerability in MongoDB Go Driver. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2305 is a cross-site scripting in AddFunc Head & Footer Code. This page lists verified fix commands and short-term mitigations you
CVE-2026-2306 missing authorization in Ninja Tables – Easy Data Table Builder. Runnable upgrade commands and verification steps for sysadmin
CVE-2026-2311 - CWE-284 Improper Access Control in i. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-2312 is a vulnerability in Media Library Folders. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2324: CWE-352 Cross-Site Request Forgery (CSRF) in LatePoint – Calendar Booking Plugin for Appointments and Events. Patch commands
CVE-2026-2325 is a denial of service in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2327 is a vulnerability in markdown-it. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23476 is a vulnerability in facturascripts. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23480 is an authentication bypass in blinko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23481 is a path traversal in blinko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23483 is a path traversal in blinko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23484 is a path traversal in blinko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23485 is a path traversal in blinko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23486 is an information disclosure in blinko. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23487 is a vulnerability in blinko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23488 is a vulnerability in blinko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23494 is an access control bypass in pimcore. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23495 is an access control bypass in pimcore. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23496 is an access control bypass in pimcore. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2350 is a vulnerability in Interact. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2351 is an arbitrary file read in Task Manager. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-23511 is a vulnerability in zitadel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23517 is a vulnerability in fleet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2352 is a vulnerability in Autoptimize. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23521 is a path traversal in traccar traccar. This page lists the verified fix and inline mitigations.
CVE-2026-23525 is a vulnerability in 1Panel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23528 is a vulnerability in distributed. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23543 is a vulnerability in Essential Addons for Elementor. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-23545 is a vulnerability in Aruba HiSpeed Cache. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23546 is a insertion of sensitive information into sent data in RadiusTheme Classified Listing. This page lists the verified fix an
CVE-2026-23548 is a vulnerability in DirectoryPress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2355 is a cross-site scripting in joedolson My Calendar – Accessible Event Manager. This page lists the verified fix and inline mit
CVE-2026-2356 is a cwe-284 improper access control in wpeverest User Registration & Membership – Free & Paid Memberships, Subscriptions, Con
CVE-2026-23563 is a vulnerability in DEX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23564 is a vulnerability in DEX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23565 is a vulnerability in DEX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23566 is an improper input validation in DEX. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23567 is a path traversal in DEX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23568 is a path traversal in DEX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23569 is a path traversal in DEX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23570 is an improper input validation in DEX. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23571 is an OS command injection in DEX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2358: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WP ULike – Like & Dislike Butt
CVE-2026-23596: a vulnerability in HPE Aruba Networking Private 5G Core. Patched version and vendor advisory inside.
CVE-2026-23597: a vulnerability in HPE Aruba Networking Private 5G Core. Patched version and vendor advisory inside.
CVE-2026-23598: a vulnerability in HPE Aruba Networking Private 5G Core. Patched version and vendor advisory inside.
CVE-2026-23601 is a broken cryptography in Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8).
CVE-2026-23604 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23605 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23606 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23607 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23608 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23609 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23610 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23611 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23612 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23613 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23614 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23615 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23616 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23617 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23618 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23619 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2362 is a cross-site scripting in joedolson WP Accessibility. This page lists the verified fix and inline mitigations.
CVE-2026-23620 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23621 is a vulnerability in MailEssentials AI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23623 is an access control bypass in online. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23624 is a vulnerability in glpi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23626 is a server-side template injection in kimai. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2363 is a SQL injection in cbutlerjr WP-Members Membership Plugin. This page lists the verified fix and inline mitigations.
CVE-2026-23630 is a vulnerability in docmost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23631 is a use after free in redis. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-23632 is a vulnerability in gogs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23633 is a path traversal in gogs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23635 is a path traversal in Secure Data Forms. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-23636 is an unrestricted file upload in Secure Data Forms. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-23643 is a vulnerability in cakephp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23645 is a vulnerability in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23646 is a vulnerability in openproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23651 is a permissive regular expression in Microsoft Microsoft ACI Confidential Containers. This page lists the verified fix and i
CVE-2026-23653 is a command injection in Microsoft Visual Studio Code CoPilot Chat Extension. This page lists verified fix commands and shor
CVE-2026-23655: a vulnerability in Microsoft ACI Confidential Containers. Patched version and vendor advisory inside.
CVE-2026-23656: Windows App Installer Spoofing in Windows App Client for Windows Desktop. Patch commands and verification.
CVE-2026-2367 is a cross-site scripting in ays-pro Secure Copy Content Protection and Content Locking. This page lists the verified fix and
CVE-2026-23670 is a cwe-822: untrusted pointer dereference in Microsoft Windows. This page lists verified fix commands and short-term mitiga
CVE-2026-23681 is a vulnerability in SAP Support Tools Plug-In. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-23683: a vulnerability in SAP Fiori App (Intercompany Balance Reco. Patched version and vendor advisory inside.
CVE-2026-23684 is a vulnerability in SAP Commerce Cloud. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-23685: an unsafe deserialization in SAP NetWeaver (JMS service). Patched version and vendor advisory inside.
CVE-2026-23688: a vulnerability in SAP Fiori App (Manage Service Entry Shee. Patched version and vendor advisory inside.
CVE-2026-2369 is a integer underflow (wrap or wraparound) in Red Hat Enterprise Linux 10. CVSS 6.5 Medium. Patch commands, mitigations, and
CVE-2026-23694 is a CSRF in Aruba.it Aruba HiSpeed Cache. This page lists the verified fix and inline mitigations.
CVE-2026-23695 is a cross-site scripting (XSS) in Cockpit. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-23704: an unrestricted file upload in Movable Type (Software Edition). Patched version and vendor advisory inside.
CVE-2026-23708 is an authentication bypass in FortiSOAR PaaS. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-2371 is a missing authorization in wpsoul Greenshift – animation and page builder blocks. This page lists the verified fix and inli
CVE-2026-23721 is a vulnerability in openproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23724 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23725 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23726 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23727 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23728 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23729 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2373: CWE-862 Missing Authorization in Royal Addons for Elementor – Addons and Templates Kit for Elementor. Patch commands and veri
CVE-2026-23730 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23731 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23732 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23733 is a code injection in lobe-chat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23743 is an information disclosure in discourse. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23747 is a stack buffer overflow in Golioth Firmware SDK. This page lists the verified fix and inline mitigations.
CVE-2026-23748 is a integer underflow in Golioth Firmware SDK. This page lists the verified fix and inline mitigations.
CVE-2026-2375: a vulnerability in App Builder – Create Native Android & iO. Patched version and vendor advisory inside.
CVE-2026-23752 is a cross-site scripting in HelpDesk. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23753 is a cross-site scripting in HelpDesk. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23756 is a cross-site scripting in HelpDesk. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23757 is a cross-site scripting in HelpDesk. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23758 is a cross-site scripting in HelpDesk. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-2376: URL Redirection to Untrusted Site ('Open Redirect') in mirror registry for Red Hat OpenShift. Patch commands and verification
CVE-2026-23761 is a vulnerability in Voicemeeter (Standard). Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-23762 is a vulnerability in Voicemeeter (Standard). Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-23764 is a path traversal in Voicemeeter (Standard). Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2377: Mirror-registry: quay: quay: server-side request forgery via log export functionality in Red Hat Quay 3.16. Patch commands an
CVE-2026-23773 - CWE-918: Server-Side Request Forgery (SSRF) in Disk Library for mainframe DLm8700. Runnable patch commands, mitigation, and
CVE-2026-23777 is an information disclosure in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations yo
CVE-2026-23779 is a command injection in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations you can
CVE-2026-23796 is a vulnerability in Quick.Cart. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23797 is a path traversal in Quick.Cart. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23799 is a missing authorization in Themeum Tutor LMS. This page lists the verified fix and inline mitigations.
CVE-2026-23804 is a vulnerability in Better Business Reviews. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-23808 is a code injection in Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8). This
CVE-2026-23809 is a denial of service via resource consumption in Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating S
CVE-2026-23810 is a cwe-300 channel accessible by non-endpoint in Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating S
CVE-2026-23811 is a cwe-300 channel accessible by non-endpoint in Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating S
CVE-2026-23812 is a cwe-300 channel accessible by non-endpoint in Hewlett Packard Enterprise (HPE) HPE Aruba Networking Wireless Operating S
CVE-2026-23817: Unauthenticated Open Redirect allows URL Manipulation in Web Interface in AOS-CX. Patch commands and verification.
CVE-2026-23822 is a vulnerability in ArubaOS (AOS). Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23829 is a vulnerability in mailpit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2383 is a cross-site scripting in mra13 Simple Download Monitor. This page lists the verified fix and inline mitigations.
CVE-2026-23831 is a vulnerability in rekor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23835 is an arbitrary file read in lobe-chat. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2384 is a vulnerability in Quiz Maker. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23844 is a vulnerability in whisper-money. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23845 is a vulnerability in mailpit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23848 is a vulnerability in MyTube. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23849 is a vulnerability in filebrowser. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2385 is a cwe-345 insufficient verification of data authenticity in posimyththemes The Plus Addons for Elementor – Addons for Eleme
CVE-2026-23852 is a code injection in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23858 is a cross-site scripting in Dell Wyse Management Suite. This page lists the verified fix and inline mitigations.
CVE-2026-2386: an access control bypass in The Plus Addons for Elementor – Addons f. Patched version and vendor advisory inside.
CVE-2026-23861 is a vulnerability in Unisphere for PowerMax vApp. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-23863 - Improper Neutralization of Null Byte or NUL Character (CWE-158) in WhatsApp Desktop for Windows. Runnable patch commands, m
CVE-2026-23865 is a out-of-bounds read in FreeType FreeType. This page lists the verified fix and inline mitigations.
CVE-2026-23866 - Improper Verification of Source of a Communication Channel (CWE-940) in WhatsApp for Android. Runnable patch commands, miti
CVE-2026-23868 is a double free in giflib. CVSS 5.1 Medium. Patch commands, mitigations, and verification.
CVE-2026-23873 is a path traversal in hustoj. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23874 is a denial of service in ImageMagick. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23875 is a vulnerability in crawlchat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23877 is a path traversal in swingmusic. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23878 is a vulnerability in hotcrp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23885 is a code injection in alchemy_cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23886: an improper input validation in swift-w3c-trace-context. Patched version and vendor advisory inside.
CVE-2026-23887 is a vulnerability in groupoffice. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23888 is a path traversal in pnpm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23889 is a path traversal in pnpm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2389: a vulnerability in Complianz – GDPR/CCPA Cookie Consent. Patched version and vendor advisory inside.
CVE-2026-23890 is a path traversal in pnpm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23892 is a vulnerability in OctoPrint. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23893 is a vulnerability in opencryptoki. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23900 is a cross-site scripting in phoca.cz - Phoca Maps for Joomla. This page lists verified fix commands and short-term mitigatio
CVE-2026-23907: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache PDFBox Examples. Patch comma
CVE-2026-2391 is an improper input validation in the product. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-23923 is a vulnerability in Zabbix. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23924 is a vulnerability in Zabbix. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23925 is a incorrect authorization in Zabbix Zabbix. This page lists the verified fix and inline mitigations.
CVE-2026-23927 is a insufficiently protected credentials in Zabbix. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-23939 is a path traversal in hexpm hexpm. This page lists the verified fix and inline mitigations.
CVE-2026-2394 is a buffer over-read in Rti Connext Professional. CVSS 6.3 Medium. Patch commands, mitigations, and verification.
CVE-2026-23942: SFTP root escape via component-agnostic prefix check in ssh_sftpd in OTP. Patch commands and verification.
CVE-2026-23943 is a pre-auth ssh dos via unbounded zlib inflate in Erlang OTP. CVSS 6.9 Medium. Patch commands, mitigations, and verificatio
CVE-2026-23946 is an unsafe deserialization in tendenci. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-23948 is a vulnerability in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23951 is a path traversal in sumatrapdf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23952 is a vulnerability in ImageMagick. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23955 is a vulnerability in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23959 is a vulnerability in CoreShop. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2396 is a cross-site scripting in List View Google Calendar. This page lists verified fix commands and short-term mitigations you c
CVE-2026-23961 is an access control bypass in mastodon. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23963 is an OS command injection in mastodon. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23964 is an access control bypass in mastodon. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23968 is a vulnerability in copier. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23969 is a SQL injection in Apache Software Foundation Apache Superset. This page lists the verified fix and inline mitigations.
CVE-2026-23972 is a vulnerability in Booking and Rental Manager. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-23974 is a vulnerability in Golo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23976 is a vulnerability in Modula Image Gallery. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-23980 is a SQL injection in Apache Software Foundation Apache Superset. This page lists the verified fix and inline mitigations.
CVE-2026-23986 is a vulnerability in copier. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2399 is a path traversal in PowerChute™ Serial Shutdown. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-23990 is a vulnerability in flux-operator. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23991 is a vulnerability in go-tuf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23992 is an authentication bypass in go-tuf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2400 is a neutralization of crlf sequences in PowerChute™ Serial Shutdown. This page lists verified fix commands and short-term mit
CVE-2026-24000 is an authentication bypass in fleet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24003 is an authentication bypass in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24007 is a vulnerability in tuleap. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2402 is a restriction of excessive authentication attempts in PowerChute™ Serial Shutdown. This page lists verified fix commands an
CVE-2026-24027 is a vulnerability in Recursor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24028 is a out-of-bounds read when parsing dns packets via lua in Powerdns DNSdist, fixed by the same patch as CVE-2026-0396.
CVE-2026-24029 is a dns over https acl bypass in Powerdns DNSdist, fixed by the same patch as CVE-2026-0396.
CVE-2026-2403 is a validation of specified quantity in input in PowerChute™ Serial Shutdown. This page lists verified fix commands and short
CVE-2026-24030 is a unbounded memory allocation for doq and doh3 in Powerdns DNSdist, fixed by the same patch as CVE-2026-0396.
CVE-2026-24034 is an unrestricted file upload in horilla. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24035 is an access control bypass in horilla. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24036 is an access control bypass in horilla. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24037 is a vulnerability in horilla. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24039 is an access control bypass in horilla. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2404 is an encoding or escaping of output in PowerChute™ Serial Shutdown. This page lists verified fix commands and short-term miti
CVE-2026-24040 is a vulnerability in jsPDF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24043 is a vulnerability in jsPDF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24047 is a path traversal in backstage. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2405 is a denial of service in PowerChute™ Serial Shutdown. This page lists verified fix commands and short-term mitigations you ca
CVE-2026-24055 is an access control bypass in langfuse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24056 is a path traversal in pnpm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24069 is an incorrect authorization in SAST. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-2408 is an use-after-free in Cloud Workloads. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24095 is a vulnerability in Checkmk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24096: bundle sibling of CVE-2026-3466. Same patched build closes both.
CVE-2026-24097 is a cwe-204: observable response discrepancy in Checkmk Gmbh Checkmk. CVSS 5.3 Medium. Patch commands, mitigations, and veri
CVE-2026-2410 is a CSRF in themeisle Disable Admin Notices – Hide Dashboard Notifications. This page lists the verified fix and inline mitig
CVE-2026-24116 is a path traversal in wasmtime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24117 is a vulnerability in rekor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2412: a SQL injection in Quiz and Survey Master (QSM) – Easy Quiz. Patched version and vendor advisory inside.
CVE-2026-24125 is a path traversal in @tinacms/graphql in @tinacms graphql. CVSS 6.3 Medium. Patch commands, mitigations, and verification.
CVE-2026-24126 is a vulnerability in weblate. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24127 is a vulnerability in typemill. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24128 is a vulnerability in xwiki-platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24131 is a path traversal in pnpm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24134 is a vulnerability in studiocms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24137 is a path traversal in sigstore. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2414 is a vulnerability in Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24142 is an unsafe deserialization in TensorRT-LLM. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24147: bundle sibling of CVE-2026-24146. Same patched build closes both.
CVE-2026-24153: Trust Boundary Violation in Jetson Xavier Series, Jetson Orin Series and Jetson Thor. Patch commands and verification.
CVE-2026-24160 is a denial of service in TensorRT-LLM. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24176 - CWE-863 Incorrect Authorization in KAI Scheduler. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-2420 is a cross-site scripting in lotekmedia LotekMedia Popup Form. This page lists the verified fix and inline mitigations.
CVE-2026-24204 - CWE-20 Improper Input Validation in FLARE SDK. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-24208 is a path traversal in Triton Inference Server. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2421: a path traversal in ilGhera Carta Docente for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-24215 is a vulnerability in Triton Inference Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24231 - CWE-918 Server-Side Request Forgery (SSRF) in NemoClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-2424 is a vulnerability in Reward Video Ad for WordPress. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-24241 is a authentication bypass in NVIDIA DLS component of NVIDIA License System. This page lists the verified fix and inline miti
CVE-2026-2426 is a path traversal in WP-DownloadManager. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-2427 is a vulnerability in itsukaita. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24281: CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action in Apache ZooKeeper. Patch commands and verificati
CVE-2026-24282: Push message Routing Service Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-24288: Windows Mobile Broadband Driver Remote Code Execution in Windows 10 Version 21H2. Patch commands and verification.
CVE-2026-2429 is a SQL injection in jackdewey Community Events. This page lists the verified fix and inline mitigations.
CVE-2026-24297: Windows Kerberos Security Feature Bypass in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-24299 is a m365 copilot information disclosure in Microsoft 365 Copilot. CVSS 5.3 Medium. Patch commands, mitigations, and verifica
CVE-2026-2430 is a vulnerability in Autoptimize. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24308: CWE-532 Insertion of Sensitive Information into Log File in Apache ZooKeeper. Patch commands and verification.
CVE-2026-24309: Missing Authorization check in SAP NetWeaver Application Server for ABAP in SAP NetWeaver Application Server for ABAP. Patch
CVE-2026-2431 is a cross-site scripting in creativemindssolutions CM Custom Reports – Flexible reporting to track what matters most. This pa
CVE-2026-24311: Insecure Storage Protection vulnerability in SAP Customer Checkout 2.0 in SAP Customer Checkout 2.0. Patch commands and veri
CVE-2026-24312 is a vulnerability in SAP Business Workflow. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24313: Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) in SAP Solution Tools Plug-In (ST-PI). Patch commands and
CVE-2026-24314 is a exposure of sensitive system information to an unauthorized control sphere in SAP_SE S/4HANA (Manage Payment Media). Thi
CVE-2026-24316: Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP in SAP NetWeaver Application Server for ABAP
CVE-2026-24317: DLL Hijacking vulnerability in SAP GUI for Windows with active GuiXT in SAP GUI for Windows with active GuiXT. Patch command
CVE-2026-24318 is a cwe-539: use of persistent cookies containing in SAP BusinessObjects Business Intelligence Platform. This page lists ver
CVE-2026-24319: a vulnerability in SAP Business One (B1 Client Memory Dump . Patched version and vendor advisory inside.
CVE-2026-2432: a vulnerability in CM Custom Reports – Flexible reporting t. Patched version and vendor advisory inside.
CVE-2026-24321 is a vulnerability in SAP Commerce Cloud. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24323 is a vulnerability in SAP Document Management System. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-24324: a denial of service in SAP BusinessObjects Business Intelligenc. Patched version and vendor advisory inside.
CVE-2026-24325: a vulnerability in SAP BusinessObjects Enterprise (Central . Patched version and vendor advisory inside.
CVE-2026-24326: a vulnerability in SAP S/4HANA Defense & Security (Disconne. Patched version and vendor advisory inside.
CVE-2026-24327: a vulnerability in SAP Strategic Enterprise Management (Bal. Patched version and vendor advisory inside.
CVE-2026-24328: a vulnerability in Business Server Pages Application (TAF_A. Patched version and vendor advisory inside.
CVE-2026-2433 is a cross-site scripting in rebelcode RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging. This page list
CVE-2026-24332 is a vulnerability in WebSocket API service. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-2434 is a cross-site scripting in Pz-LinkCard. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-24345 is an improper input validation in EZCast Pro II. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24347 is an improper input validation in EZCast Pro II. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2435 is a SQL injection in Asset. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24350 is a cross-site scripting in PluXml PluXml CMS. This page lists the verified fix and inline mitigations.
CVE-2026-24351 is a cross-site scripting in PluXml PluXml CMS. This page lists the verified fix and inline mitigations.
CVE-2026-24352 is a cwe-384 session fixation in PluXml PluXml CMS. This page lists the verified fix and inline mitigations.
CVE-2026-24353 is a vulnerability in User Registration. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24354 is a vulnerability in Penci Shortcodes & Performance. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-24355 is a vulnerability in Houzez Theme - Functionality. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-24356 is a vulnerability in GetGenie. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24357 is a vulnerability in WP Recipe Maker. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24358 is a vulnerability in Quiz And Survey Master. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2436 is a path traversal in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24360 is a vulnerability in Seriously Simple Podcasting. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24361 is a vulnerability in LearnPress – Course Review. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24362 is a vulnerability in Ultimate Post Kit. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24364 is a vulnerability in WP User Frontend. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24365 is a vulnerability in Stock Manager for WooCommerce. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-24366: a vulnerability in YITH WooCommerce Request A Quote. Patched version and vendor advisory inside.
CVE-2026-24368 is a vulnerability in The Grid. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2437: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WP Travel Engine – Tour Booking Plugi
CVE-2026-24370 is a vulnerability in The Grid. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24371 is a vulnerability in BA Book Everything. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24374 is a vulnerability in RegistrationMagic. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24375: a vulnerability in Ultimate Gift Cards For WooCommerce. Patched version and vendor advisory inside.
CVE-2026-24376 is a vulnerability in WPVulnerability. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24377 is a vulnerability in Nexter Blocks. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24379 is a vulnerability in WP Job Portal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24380 is a vulnerability in EventPrime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24381 is a vulnerability in PhotoMe. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24383 is a vulnerability in B Slider. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24384 is a vulnerability in Merge + Minify + Refresh. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24386: a vulnerability in Element Invader – Template Kits for Elem. Patched version and vendor advisory inside.
CVE-2026-24387 is a vulnerability in WP Quick Post Duplicator. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24388 is a vulnerability in WPMasterToolKit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24389 is a vulnerability in Gallery PhotoBlocks. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24392 is a vulnerability in HurryTimer. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24398 is a vulnerability in hono. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24401 is a vulnerability in avahi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24413 is a vulnerability in icinga2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24414 is a vulnerability in icinga-powershell-framework. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24415 is a cross-site scripting in devcode-it openstamanager. This page lists the verified fix and inline mitigations.
CVE-2026-2442: a vulnerability in Page Builder: Pagelayer – Drag and Drop . Patched version and vendor advisory inside.
CVE-2026-24420 is an access control bypass in phpMyFAQ. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24421 is a vulnerability in phpMyFAQ. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24422 is an information disclosure in phpMyFAQ. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24426 is a vulnerability in Tenda AC7. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24427 is a vulnerability in Tenda AC7. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2443 is a path traversal in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24432 is a vulnerability in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24433 is a vulnerability in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24434 is a vulnerability in Tenda AC7. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24437 is a path traversal in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24447: a path traversal in Movable Type (Software Edition). Patched version and vendor advisory inside.
CVE-2026-24449 is a vulnerability in WRC-X1500GS-B. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24464 is a path traversal in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24466 is a vulnerability in See "References" section. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24468 is a cwe-204: observable response discrepancy in openaev. This page lists verified fix commands and short-term mitigations yo
CVE-2026-24472 is a vulnerability in hono. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24473 is an information disclosure in hono. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24474 is a code injection in components. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24476 is a vulnerability in Shaarli. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24484 is a denial of service via resource consumption in ImageMagick ImageMagick. This page lists the verified fix and inline mitig
CVE-2026-24487 is a information exposure in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-24488 is a path traversal in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-24489 is a vulnerability in gakido. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24498 is a information exposure in EFM-Networks, Inc. ipTIME T5008. This page lists the verified fix and inline mitigations.
CVE-2026-24510: CWE-269: Improper Privilege Management in Alienware Command Center (AWCC). Patch commands and verification.
CVE-2026-24511: CWE-209: Generation of Error Message Containing Sensitive Information in PowerScale OneFS. Patch commands and verification.
CVE-2026-24514 is an OS command injection in ingress-nginx. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24521 is a vulnerability in Kama Thumbnail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24522 is a vulnerability in WP Subscribe. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24523 is a vulnerability in WP FullCalendar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24524 is a vulnerability in Tablesome. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24525 is a vulnerability in CLP Varnish Cache. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24526: a vulnerability in Email Inquiry & Cart Options for WooComm. Patched version and vendor advisory inside.
CVE-2026-24528 is a vulnerability in Nova Blocks. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24529 is a vulnerability in Quick Restaurant Reservations. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-24530 is a vulnerability in WebP Conversion. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24532: a vulnerability in SiteLock Security – WP Hardening. Patched version and vendor advisory inside.
CVE-2026-24534 is a vulnerability in Booter. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24535: a vulnerability in Automatic Featured Images from Videos. Patched version and vendor advisory inside.
CVE-2026-24536 is a vulnerability in Webpushr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24539 is a vulnerability in Protección de datos – RGPD. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2454: DoS in Calls plugin via malformed msgpack in websocket request. in Mattermost. Patch commands and verification.
CVE-2026-24540 is a vulnerability in Integrate Google Drive. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24541 is a vulnerability in Download After Email. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24542 is a vulnerability in WP Term Order. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24543 is a vulnerability in Materialis Companion. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24544 is a vulnerability in HD Quiz. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24548 is a vulnerability in Radio Player. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24549 is a vulnerability in GeoDirectory. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2455 is a ssrf bypass via ipv4-mapped ipv6 literals in Mattermost. CVSS 4.3 Medium. Patch commands, mitigations, and verification.
CVE-2026-24550 is a vulnerability in Blockons. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24551 is a vulnerability in Monetag Official Plugin. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24553: a vulnerability in Fraud Prevention For Woocommerce. Patched version and vendor advisory inside.
CVE-2026-24555 is a vulnerability in ArtPlacer Widget. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24556 is a vulnerability in ElementCamp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24557: a vulnerability in Contact Form 7 GetResponse Extension. Patched version and vendor advisory inside.
CVE-2026-24558 is a vulnerability in ABG Rich Pins. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24559: a vulnerability in Integration for Contact Form 7 HubSpot. Patched version and vendor advisory inside.
CVE-2026-2456: Denial of Service via Unbounded Memory Allocation in Integration Actions in Mattermost. Patch commands and verification.
CVE-2026-24560 is a vulnerability in Cloudinary. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24561 is a vulnerability in FluentBoards. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24562: a vulnerability in Ryviu – Product Reviews for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-24563 is a vulnerability in LifePress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24564 is a vulnerability in Textmetrics. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24565 is a vulnerability in B Accordion. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24566 is a vulnerability in iNET Webkit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24567 is a vulnerability in Anything Order by Terms. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24568 is a vulnerability in WP Travel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24569 is a vulnerability in Media Library File Size. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2457: WebSocket Message Spoofing via Permalink Embed Manipulation in Mattermost. Patch commands and verification.
CVE-2026-24570 is a vulnerability in Edwiser Bridge. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24571 is a vulnerability in BOX NOW Delivery. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24573 is a cross-site scripting (XSS) in Visualizer. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24576 is a vulnerability in UX Flat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24577 is a vulnerability in Pie Register. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24578 is a vulnerability in Admin login URL Change. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24579: a vulnerability in Ai Image Alt Text Generator for WP. Patched version and vendor advisory inside.
CVE-2026-2458: Unauthorized channel enumeration in private teams after member removal in Mattermost. Patch commands and verification.
CVE-2026-24580 is a vulnerability in Ecwid Shopping Cart. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24581: a vulnerability in Points and Rewards for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-24583: a vulnerability in SumUp Payment Gateway For WooCommerce. Patched version and vendor advisory inside.
CVE-2026-24584 is a vulnerability in Tutor LMS BunnyNet Integration. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-24585: a vulnerability in Hyyan WooCommerce Polylang Integration. Patched version and vendor advisory inside.
CVE-2026-24587: a vulnerability in AJAX Hits Counter + Popular Posts Widget. Patched version and vendor advisory inside.
CVE-2026-24588 is a vulnerability in Smart Product Viewer. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24589 is a vulnerability in Cargus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24591: a vulnerability in Turn Yoast SEO FAQ Block to Accordion. Patched version and vendor advisory inside.
CVE-2026-24593 is a vulnerability in AWP Classifieds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24594: a vulnerability in Livemesh Addons for WPBakery Page Builde. Patched version and vendor advisory inside.
CVE-2026-24595 is a vulnerability in Zoho CRM Lead Magnet. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24596: a vulnerability in Related Posts Thumbnails Plugin for Word. Patched version and vendor advisory inside.
CVE-2026-24598 is a vulnerability in Multilanguage by BestWebSoft. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-24599 is a vulnerability in NextMove Lite. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24600 is a vulnerability in Penci Review. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24601 is a vulnerability in Penci Pay Writer. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24603: a vulnerability in Universal Google Adsense and Ads manager. Patched version and vendor advisory inside.
CVE-2026-24604 is a vulnerability in Simple GDPR Cookie Compliance. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-24605 is a vulnerability in X Addons for Elementor. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24606 is a vulnerability in Bayarcash WooCommerce. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24607 is a vulnerability in Travel Monster. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2461 is a cwe-639: authorization bypass through user-controlled key in Mattermost. CVSS 4.3 Medium. Patch commands, mitigations, an
CVE-2026-24612 is a vulnerability in Orchid Store. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24613 is a vulnerability in Ecwid Shopping Cart. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24614 is a vulnerability in Flex QR Code Generator. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24615 is a vulnerability in Cream Magazine. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24616 is a vulnerability in WP Popups. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24617 is a vulnerability in Easy Modal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24619: a vulnerability in PopCash.Net Code Integration Tool. Patched version and vendor advisory inside.
CVE-2026-2462: Admin RCE via Malicious Plugin Upload on CI Test Instances in Mattermost. Patch commands and verification.
CVE-2026-24620 is a vulnerability in Landing Page Builder. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24621 is a vulnerability in Terms descriptions. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24622 is a vulnerability in Suggestion Toolkit. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24625: a vulnerability in File Uploads Addon for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-24626 is a vulnerability in Logo Slider. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24627 is a vulnerability in Trusona for WordPress. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24629: a vulnerability in Web Accessibility with Max Access. Patched version and vendor advisory inside.
CVE-2026-2463 is a unauthorized access to invite id during team creation in Mattermost. CVSS 4.3 Medium. Patch commands, mitigations, and ve
CVE-2026-24630 is a vulnerability in Stylish Cost Calculator. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24631 is a vulnerability in Rosebud. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24632 is a vulnerability in Delay Redirects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24633: a vulnerability in Add Expires Headers & Optimized Minify. Patched version and vendor advisory inside.
CVE-2026-24634 is a vulnerability in Ultimate Reviews. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24636 is a vulnerability in Sugar Calendar (Lite). Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24640 is a execute unauthorized code or commands in Fortinet FortiWeb. CVSS 5.9 Medium. Patch commands, mitigations, and verificati
CVE-2026-24662: a cross-site scripting (XSS) in Musetheque V4 Information Disclosure for. Patched version and vendor advisory inside.
CVE-2026-24664 is a vulnerability in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24666 is a vulnerability in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24667 is a vulnerability in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24668 is an access control bypass in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24670 is an access control bypass in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24671 is a vulnerability in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24673 is an unrestricted file upload in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24674 is a vulnerability in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24686 is a path traversal in go-tuf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24687 is a path traversal in Umbraco.Forms.Issues. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24688 is a denial of service in pypdf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24692 is a guest users can bypass read permissions via search api in Mattermost. CVSS 4.3 Medium. Patch commands, mitigations, and
CVE-2026-24732 is a cwe-552 files or directories accessible to external parties in Hallo Welt! GmbH BlueSpice. This page lists the verified
CVE-2026-24738 is an OS command injection in gmrtd. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24739 is a vulnerability in symfony. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24742 is an access control bypass in discourse. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24743 is a vulnerability in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24744 is a vulnerability in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24745 is a vulnerability in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24746 is a vulnerability in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24748 is an access control bypass in kargo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24749 is an incorrect authorization in silverstripe-assets. This page lists verified fix commands and short-term mitigations you ca
CVE-2026-24762 is a vulnerability in rustfs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24766 is a vulnerability in nocodb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24767 is a vulnerability in nocodb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24768 is a vulnerability in nocodb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24771 is a vulnerability in hono. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24774 is a vulnerability in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24775 is a vulnerability in openproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24776 is a vulnerability in openproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24777 is a vulnerability in openproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24784 is a vulnerability in Dnn.Platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2479 is a SSRF in dfactory Responsive Lightbox & Gallery. This page lists the verified fix and inline mitigations.
CVE-2026-24795 is an OS command injection in CloverBootloader. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24796 is a path traversal in CloverBootloader. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24797 is an OS command injection in cupoch. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24799 is an OS command injection in dlib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2480: bundle sibling of CVE-2026-0737. Same patched build closes both.
CVE-2026-24801 is a vulnerability in IronOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24802 is a denial of service in jsonrpc4j. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24805 is a vulnerability in liteide. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24806 is a code injection in quick-media. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24807 is an authentication bypass in quick-media. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24809 is an OS command injection in REFramework. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-2481: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Beaver Builder Page Builder – Drag an
CVE-2026-24818 is a path traversal in UEVR. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24819 is a path traversal in weixin4j. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24820 is a path traversal in WickedEngine. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24824 is a vulnerability in yacy_search_server. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24825 is a vulnerability in ydb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24829 is an OS command injection in is-Engine. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2483 is a vulnerability in InfoSphere Information Server. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-24839 is a vulnerability in dokploy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2484 is a vulnerability in InfoSphere Information Server. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-24845 is a path traversal in malcontent. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24846 is a path traversal in malcontent. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24847 is a open redirect in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-2485 is a vulnerability in InfoSphere Information Server. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-24850 is an authentication bypass in signatures. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24851 is an access control bypass in openfga. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24852 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24857 is a path traversal in bulk_extractor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2486: a vulnerability in Master Addons For Elementor – Widgets. Patched version and vendor advisory inside.
CVE-2026-2488 is a missing authorization in metagauss ProfileGrid – User Profiles, Groups and Communities. This page lists the verified fix
CVE-2026-24885 is a vulnerability in kanboard. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24888 is a vulnerability in maker.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24889 is a vulnerability in rs-soroban-sdk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2489 is a cross-site scripting in readymadeweb TP2WP Importer. This page lists the verified fix and inline mitigations.
CVE-2026-24896 is a improper access control in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-2490 is a vulnerability in Client for Windows. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24900 is a vulnerability in Markus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24903 is a vulnerability in OrcaStatLLM-Researcher. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24904 is an access control bypass in TrustTunnel. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24905 is an OS command injection in inspektor-gadget. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24906 is a cross-site scripting in october. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-24907 is a cross-site scripting in october. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-24909 is a path traversal in vlt. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2491 is a socomec diris a-40 http api authentication bypass in Socomec DIRIS A-40. CVSS 6.3 Medium. Patch commands, mitigations, an
CVE-2026-24910 is a vulnerability in Bun. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24914 is an use-after-free in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24915 is a path traversal in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24916 is an information disclosure in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24917 is an use-after-free in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24918 is a vulnerability in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24919 is an OS command injection in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24920 is a vulnerability in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24921 is a path traversal in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24922 is a path traversal in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24923 is a vulnerability in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24924 is a vulnerability in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24927 is an use-after-free in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24928 is an out-of-bounds write in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24929 is a vulnerability in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24931 is a vulnerability in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24934 is a code injection in ADM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24935 is a code injection in ADM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24938 is a vulnerability in Better Search. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24939 is a vulnerability in Modula Image Gallery. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2494 is a CSRF in metagauss ProfileGrid – User Profiles, Groups and Communities. This page lists the verified fix and inline mitiga
CVE-2026-24940 is a vulnerability in Travelfic Toolkit. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24942 is a vulnerability in WpEvently. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24944 is a vulnerability in Subscribe2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24945: a vulnerability in Ultimate Addons for Contact Form 7. Patched version and vendor advisory inside.
CVE-2026-24946: a vulnerability in Print Invoice & Delivery Notes for WooCo. Patched version and vendor advisory inside.
CVE-2026-24947: a vulnerability in LA-Studio Element Kit for Elementor. Patched version and vendor advisory inside.
CVE-2026-24951 is a vulnerability in myCred. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24952 is a vulnerability in Seriously Simple Podcasting. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24953 is a path traversal in Simple File List. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24957 is a vulnerability in Strong Testimonials. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24958 is a vulnerability in JetElements For Elementor. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-2496 is a vulnerability in Ed's Font Awesome. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24961 is a vulnerability in Grand Blog. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24962 is a vulnerability in Sigmize. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24964 is a vulnerability in Contest Gallery. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24965 is a vulnerability in Contest Gallery. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24966 is a vulnerability in Copyscape Premium. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24967 is a vulnerability in Amelia. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24972 is a vulnerability in Elated Listing. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2498 is a cross-site scripting in bulktheme WP Social Meta. This page lists the verified fix and inline mitigations.
CVE-2026-24982 is a vulnerability in Spectra. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24984 is a vulnerability in Visual Link Preview. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24985: a vulnerability in WP Forms Signature Contract Add-On. Patched version and vendor advisory inside.
CVE-2026-24986: a vulnerability in Simple Membership WP user Import. Patched version and vendor advisory inside.
CVE-2026-24987 is a vulnerability in WP System Log. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24988: a vulnerability in The Events Calendar Shortcode & Block. Patched version and vendor advisory inside.
CVE-2026-2499 is a cross-site scripting in tgrk Custom Logo. This page lists the verified fix and inline mitigations.
CVE-2026-24990 is a vulnerability in WP Docs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24991 is a vulnerability in Extensions For CF7. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24992: a vulnerability in Advanced WooCommerce Product Sales Repor. Patched version and vendor advisory inside.
CVE-2026-24994 is a vulnerability in Sunshine Photo Cart. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24995 is a vulnerability in Latest Post Shortcode. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24996 is a vulnerability in WPElemento Importer. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24997: a vulnerability in Wired Impact Volunteer Management. Patched version and vendor advisory inside.
CVE-2026-24998 is a vulnerability in Hustle. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24999 is a vulnerability in Alma. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25000 is a vulnerability in Wheel of Life. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25003 is a vulnerability in Client Portal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25004 is a vulnerability in CM Business Directory. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25005 is a vulnerability in Frontend File Manager. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25006 is a vulnerability in XStore. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25008 is a vulnerability in Ninja Tables. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25009 is a vulnerability in Education Zone. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2501 is a vulnerability in Ed's Social Share. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25010 is a vulnerability in Share This Image. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25011 is a vulnerability in WP Custom Admin Interface. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-25012 is a vulnerability in WP Bannerize Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25014 is a vulnerability in Enter Addons. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25015 is a vulnerability in UsersWP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25016 is a vulnerability in Nelio Popups. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25019 is a vulnerability in Atarim. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2502 is a vulnerability in xmlrpc attacks blocker. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25020 is a vulnerability in WP Sync for Notion. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25021 is a vulnerability in Mizan Demo Importer. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25023 is a vulnerability in Run Contests. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25024 is a vulnerability in ThirstyAffiliates. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25028: a vulnerability in ElementInvader Addons for Elementor. Patched version and vendor advisory inside.
CVE-2026-2503 is a SQL injection in ElementCamp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25034 is a vulnerability in KiviCare. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25036 is a vulnerability in Passster. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2504 is a vulnerability in Dealia – Request a quote. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25040 is an access control bypass in budibase. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25043: CWE-770: Allocation of Resources Without Limits or Throttling in budibase. Patch commands and verification.
CVE-2026-2505 is a cross-site scripting in Categories Images. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-2506 is a cross-site scripting in motahar1 EM Cost Calculator. This page lists the verified fix and inline mitigations.
CVE-2026-25061 is an OS command injection in tcpflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25062 is a path traversal in outline. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25067 is a vulnerability in SmarterMail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25068 is a vulnerability in alsa-lib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25073: XikeStor SKS8310-8X Stored XSS via System Name in XikeStor SKS8310-8X. Patch commands and verification.
CVE-2026-25088 is a SQL injection in FortiNDR. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2509: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Page Builder: Pagelayer – Drag and Dr
CVE-2026-25100 is a vulnerability in Bludit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25101 is a vulnerability in Bludit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25107 is a hard-coded credentials in WRC-X1800GS-B. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25118: CWE-598: Use of GET Request Method With Sensitive Query Strings in immich. Patch commands and verification.
CVE-2026-2512: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Code Embed. Patch commands and
CVE-2026-25120 is a vulnerability in gogs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25122 is a vulnerability in apko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25123 is a vulnerability in homarr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25124 is a missing authorization in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-25125 is an information disclosure in october. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25129 is a vulnerability in psysh. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25133 is a cross-site scripting in october. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25135 is a information exposure in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-25138 is a observable response discrepancy in rucio rucio. This page lists the verified fix and inline mitigations.
CVE-2026-25144 is a vulnerability in Talishar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25145 is a path traversal in melange. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25148 is a vulnerability in qwik. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2515: a missing authorization in Hostinger Reach – AI-Powered Email Marke. Patched version and vendor advisory inside.
CVE-2026-25151 is a vulnerability in qwik. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25152 is a path traversal in backstage. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25154 is a vulnerability in localsend. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25155 is a vulnerability in qwik. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25168: Windows Graphics Component Denial of Service in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-25169: Windows Graphics Component Denial of Service in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-2517 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2518 is a missing authorization in FastX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25180: Windows Graphics Component Information Disclosure in Microsoft Office for Android. Patch commands and verification.
CVE-2026-25185: Windows Shell Link Processing Spoofing in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-25186: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Windows 10 Version 1607. Patch commands and verificat
CVE-2026-2519 is a vulnerability in Online Scheduling and Appointment Booking System – Bookly. This page lists verified fix commands and sho
CVE-2026-25198 is a vulnerability in web2py. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25204 is a deserialization of untrusted data in Escargot. This page lists verified fix commands and short-term mitigations you can
CVE-2026-25206 is an out-of-bounds read in Escargot. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25209 is an out-of-bounds read in Escargot. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-2521 is a memory corruption in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25210 is a vulnerability in libexpat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25219 is an information disclosure in Apache Airflow. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-2522 is a memory corruption in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25220 is a authorization bypass through user-controlled key in openemr openemr. This page lists the verified fix and inline mitigat
CVE-2026-25222 is an information disclosure in PolarLearn. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25228 is a path traversal in signalk-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25229 is an access control bypass in gogs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2523 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25230 is a vulnerability in FileRise. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25234 is a SQL injection in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25236 is a SQL injection in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2524 is a vulnerability in Open5GS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25240 is a SQL injection in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25242 is a vulnerability in gogs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2525 is a vulnerability in Free5GC. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2526 is an OS command injection in WL-WN579A3. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25266 is a exposed dangerous method or function in Snapdragon. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2026-2527 is an OS command injection in WL-WN579A3. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2528 is an OS command injection in WL-WN579A3. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2529 is an OS command injection in WL-WN579A3. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2530 is an OS command injection in WL-WN579A3. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25305 is a vulnerability in XStore. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25307 is a vulnerability in XStore Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25308 is a vulnerability in Simple Membership. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2531 is a vulnerability in MindsDB. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25310 is a vulnerability in Extend Link. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25311 is a vulnerability in Autoshare for Twitter. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25313 is a vulnerability in FluentForm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25314 is a vulnerability in TOP Table Of Contents. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25315 is a vulnerability in hCaptcha for WP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25318: a vulnerability in WiserReview Product Reviews for WooComme. Patched version and vendor advisory inside.
CVE-2026-25319 is a vulnerability in Zita Elementor Site Library. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2532 is a vulnerability in DeepAudit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25320 is a vulnerability in Elementor Contact Form DB. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-25321 is a vulnerability in SupportCandy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25322 is a vulnerability in PublishPress Revisions. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25323 is a vulnerability in OSM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25324 is a vulnerability in Quiz And Survey Master. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25325 is a vulnerability in rtMedia for WordPress. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25327: a vulnerability in Five Star Restaurant Reservations. Patched version and vendor advisory inside.
CVE-2026-25328: a path traversal in Product File Upload for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-25329 is a vulnerability in Quiz And Survey Master. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2533: an OS command injection in Self-service Washing Machine. Patched version and vendor advisory inside.
CVE-2026-25330 is a vulnerability in PublishPress Authors. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25331 is a vulnerability in WP Activity Log. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25332 is a vulnerability in Endless Posts Navigation. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25333 is a vulnerability in Shopwell. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25335: a vulnerability in Secure Copy Content Protection and Conte. Patched version and vendor advisory inside.
CVE-2026-25336 is a vulnerability in Coachify. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25337 is a vulnerability in Coachify. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25338: a vulnerability in AI ChatBot with ChatGPT and Content Gene. Patched version and vendor advisory inside.
CVE-2026-25339 is a vulnerability in Contact Form by WPForms. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2534 is an OS command injection in CF-N1 V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25343 is a vulnerability in WP SMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25344 is a vulnerability in Review Schema. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25348 is a vulnerability in Download Alt Text AI. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2535 is an OS command injection in CF-N1 V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25355 is a vulnerability in Sanzo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2536 is a XML external entity (XXE) in JFlow. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25362 is a vulnerability in FooGallery. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25363 is a vulnerability in FooGallery. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25364: a vulnerability in Client Invoicing by Sprout Invoices. Patched version and vendor advisory inside.
CVE-2026-25365 is a vulnerability in Kargo Takip. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25367 is a vulnerability in CitiLights. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25368 is a vulnerability in Calculated Fields Form. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2537 is an OS command injection in CF-E4. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25370 is a vulnerability in WP Compress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25372 is a vulnerability in Academy LMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25374 is a vulnerability in Spa and Salon. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25375: a vulnerability in Image Photo Gallery Final Tiles Grid. Patched version and vendor advisory inside.
CVE-2026-25384 is a vulnerability in WP-Lister Lite for eBay. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25385 is a vulnerability in URL Shortify. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25386 is a vulnerability in Ally. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25387 is a vulnerability in Image Optimizer by Elementor. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-25388 is a vulnerability in Ads Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25389 is a vulnerability in EventPrime. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2539 is a vulnerability in Car Alarm System KE700. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25390 is a vulnerability in New User Approve. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25391 is a vulnerability in WP Wand. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25392: a vulnerability in Update URLs – Quick and Easy way to sear. Patched version and vendor advisory inside.
CVE-2026-25393 is a vulnerability in Hello FSE. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25394 is a vulnerability in Fitness FSE. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25395 is a vulnerability in Business Roy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25398 is a vulnerability in Vertex Addons for Elementor. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-25399 is a vulnerability in Serious Slider. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25402: a vulnerability in Knowledge Base for Documentation. Patched version and vendor advisory inside.
CVE-2026-25404 is a vulnerability in WP Job Manager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25407 is a vulnerability in Cookiebot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25408 is a vulnerability in Broken Link Notifier. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25409 is a vulnerability in JAMstack Deployments. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2541 is a vulnerability in Car Alarm System KE700. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25410 is a vulnerability in WP-CORS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25411 is a vulnerability in Revision Manager TMC. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25415 is a vulnerability in WPBookit Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25416 is a vulnerability in News Kit Elementor Addons. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-25417 is a vulnerability in ProfileGrid. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25419 is a vulnerability in UpsellWP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25420 is a vulnerability in MailerLite. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25422 is a vulnerability in Popularis Extra. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25428 is a vulnerability in TS Poll. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2543 is a vulnerability in vichan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25430: a vulnerability in Integration for Mailchimp and Contact Fo. Patched version and vendor advisory inside.
CVE-2026-25431 is a missing authorization in Hustle. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25432 is a vulnerability in Omnipress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25436 is a missing authorization in Royal Elementor Addons. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-25437 is a vulnerability in GZSEO. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2544 is an OS command injection in LuLu UI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25441 is a vulnerability in LeadConnector. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2545 is a vulnerability in LigeroSmart. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25451 is a vulnerability in Bold Page Builder. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25453 is a vulnerability in Advanced iFrame. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25454 is a vulnerability in The League. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25455 is a vulnerability in Product Slider for WooCommerce. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-25459 is a vulnerability in Sober. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2546 is a vulnerability in LigeroSmart. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25460 is a vulnerability in Ave Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25462 is a vulnerability in avalex. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25463 is a vulnerability in Wpresidence Core. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25465 is a vulnerability in CP Multi View Event Calendar. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-25468 exposure of sensitive system information to an unauthorized control sphere in Happy Addons for Elementor. Runnable upgrade co
CVE-2026-25469 is a vulnerability in ViaBill – WooCommerce. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-2547 is a vulnerability in LigeroSmart. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25472 is a vulnerability in Fusion Builder. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25473 is a vulnerability in WZone. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25475 is an information disclosure in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25477 is a open redirect in toeverything AFFiNE. This page lists the verified fix and inline mitigations.
CVE-2026-25479 is a vulnerability in litestar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2548 is an OS command injection in FBM-220G. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25480 is a vulnerability in litestar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25482 is a vulnerability in commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25483 is a vulnerability in commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25484 is a vulnerability in commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25485 is a vulnerability in commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25486 is a vulnerability in commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25487 is a vulnerability in commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25488 is a vulnerability in commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25489 is a vulnerability in commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2549 is an access control bypass in LibrarySystem 图书馆管理系统. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-25490 is a vulnerability in commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25492 is a vulnerability in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25493 is a vulnerability in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25494 is a vulnerability in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25496 is a vulnerability in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25500 is a vulnerability in rack. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25501 is a null pointer dereference in free5gc smf. This page lists the verified fix and inline mitigations.
CVE-2026-25507 is an use-after-free in esp-idf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25508 is a path traversal in esp-idf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25509 is a vulnerability in ci4ms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2551 is a path traversal in ZenTao. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25516 is a vulnerability in nicegui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25517 is a vulnerability in wagtail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25518 is a vulnerability in cert-manager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2552 is a path traversal in ZenTao. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25522 is a vulnerability in commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25523 is an information disclosure in magento-lts. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25525 is a path traversal in magento-lts. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25527 is a path traversal in changedetection.io. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25528 is a vulnerability in langsmith-sdk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2553 is a SQL injection in Hotel-Management-System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25530 is a vulnerability in kanboard. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25531 is a vulnerability in kanboard. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25532 is a vulnerability in esp-idf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25533 is a denial of service in enclave. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25537 is a vulnerability in jsonwebtoken. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25540 is a vulnerability in mastodon. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25541 is a vulnerability in bytes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25542 - CWE-185: Incorrect Regular Expression in pipeline. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-25543 is a vulnerability in HtmlSanitizer. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25545 is a SSRF in withastro astro. This page lists the verified fix and inline mitigations.
CVE-2026-25556 is a vulnerability in MuPDF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2556 is a vulnerability in cskefu. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25562 is a vulnerability in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25567 is a vulnerability in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2557 is a vulnerability in cskefu. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25571: CWE-130: Improper Handling of Length Parameter Inconsistency in SICAM SIAPP SDK. Patch commands and verification.
CVE-2026-25572: CWE-130: Improper Handling of Length Parameter Inconsistency in SICAM SIAPP SDK. Patch commands and verification.
CVE-2026-25574 is a vulnerability in payload. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25576 is a heap buffer overflow in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25578 is a vulnerability in navidrome. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2558 is a vulnerability in GeekAI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25581 is a vulnerability in SCEditor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2559: CWE-862 Missing Authorization in Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup
CVE-2026-25590 is a cross-site scripting in glpi-project glpi-inventory-plugin. This page lists the verified fix and inline mitigations.
CVE-2026-25594 is a vulnerability in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25595 is a vulnerability in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25596 is a vulnerability in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25597 is a vulnerability in PrestaShop. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25598 is an OS command injection in harden-runner. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-2560 is an OS command injection in kodbox. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25601: Credential Exposure vulnerability in MEPIS RM in MEPIS RM. Patch commands and verification.
CVE-2026-25602: a vulnerability in Meona Client Launcher Component. Patched version and vendor advisory inside.
CVE-2026-25603 is a path traversal in Linksys MR9600. This page lists the verified fix and inline mitigations.
CVE-2026-25604: CWE-346: Origin Validation Error in Apache Airflow Providers Amazon. Patch commands and verification.
CVE-2026-25605: CWE-73: External Control of File Name or Path in SICAM SIAPP SDK. Patch commands and verification.
CVE-2026-25607 is a vulnerability in STER. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25609 is a vulnerability in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2561 is a vulnerability in JD Cloud Box AX6600. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25616 is a vulnerability in Blesta. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2562 is a vulnerability in JD Cloud Box AX6600. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25627 is a path traversal in nanomq. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2563 is a vulnerability in JD Cloud Box AX6600. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25631 is an improper input validation in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25633 is a vulnerability in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25637 is a missing release of memory after effective lifetime in ImageMagick ImageMagick. This page lists the verified fix and inli
CVE-2026-25638 is a missing release of memory after effective lifetime in ImageMagick ImageMagick. This page lists the verified fix and inli
CVE-2026-25642 is a vulnerability in hedgedoc. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25645 is an OS command injection in requests. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25647 is a vulnerability in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25650 is an information disclosure in MCP-Salesforce. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25651 is a vulnerability in client-certificate-auth. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25689 is a execute unauthorized code or commands in Fortinet FortiDeceptor. CVSS 6 Medium. Patch commands, mitigations, and verific
CVE-2026-2569: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Dear Flipbook – PDF Flipbook,
CVE-2026-25690 is a vulnerability in FortiDeceptor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25691 is a path traversal in FortiSandbox. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25704 is a vulnerability in cosmic-greeter. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2571: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in Download Manager. Patch commands and verification.
CVE-2026-25720 - CWE-613 Insufficient session expiration in X3050. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-25727 is a stack-based buffer overflow in time. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25734 is a cross-site scripting in rucio rucio. This page lists the verified fix and inline mitigations.
CVE-2026-25735 is a cross-site scripting in rucio rucio. This page lists the verified fix and inline mitigations.
CVE-2026-25736 is a cross-site scripting in rucio rucio. This page lists the verified fix and inline mitigations.
CVE-2026-25738 is a vulnerability in indico. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25739 is a vulnerability in indico. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25740 is a path traversal in nixpkgs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25742 is a zulip: anonymous file access after disabling spectator access in zulip. CVSS 5.3 Medium. Patch commands, mitigations, an
CVE-2026-25744 is a cwe-639: authorization bypass through user-controlled key in openemr. CVSS 6.5 Medium. Patch commands, mitigations, and
CVE-2026-25745 is a openemr's message update ignores patient id in openemr. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2026-25749 is a path traversal in vim. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2575: Improper Handling of Highly Compressed Data (Data Amplification) in Red Hat build of Keycloak 26.4. Patch commands and verifi
CVE-2026-25760 is a path traversal in sliver. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25765 is a vulnerability in faraday. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25766 is a path traversal in echo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25771 is a cwe-400: uncontrolled resource consumption in wazuh. CVSS 5.3 Medium. Patch commands, mitigations, and verification.
CVE-2026-25772 is a cwe-121: stack-based buffer overflow in wazuh. CVSS 4.9 Medium. Patch commands, mitigations, and verification.
CVE-2026-25774 is a weak credential storage in EV Energy ev.energy. This page lists the verified fix and inline mitigations.
CVE-2026-2578: CWE-201: Insertion of Sensitive Information Into Sent Data in Mattermost. Patch commands and verification.
CVE-2026-25780 is a memory exhaustion via malformed doc file upload in Mattermost. CVSS 4.3 Medium. Patch commands, mitigations, and verific
CVE-2026-25783: Denial of service via malformed User-Agent header in getBrowserVersion in Mattermost. Patch commands and verification.
CVE-2026-25790 is a cwe-121: stack-based buffer overflow in wazuh. CVSS 4.9 Medium. Patch commands, mitigations, and verification.
CVE-2026-25792 is a vulnerability in greenshot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25795 is a null pointer dereference in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25796 is a missing release of memory after effective lifetime in ImageMagick ImageMagick. This page lists the verified fix and inli
CVE-2026-25797 is a code injection in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25798 is a null pointer dereference in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25799 is a divide by zero in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25805 is a vulnerability in zed. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25806 is a vulnerability in assessment-placipy. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25809 is an access control bypass in assessment-placipy. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2581 is a cwe-770 allocation of resources without limits or throttling in undici. CVSS 5.9 Medium. Patch commands, mitigations, and
CVE-2026-25810 is a vulnerability in assessment-placipy. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25811 is an access control bypass in assessment-placipy. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2582 is a code injection in Germanized for WooCommerce. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-2583 is a cross-site scripting in creativethemeshq Blocksy. This page lists the verified fix and inline mitigations.
CVE-2026-25834 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-25836 is a execute unauthorized code or commands in Fortinet FortiSandbox Cloud. CVSS 6.7 Medium. Patch commands, mitigations, and
CVE-2026-25846 is a vulnerability in YouTrack. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25850 is a vulnerability in OpenHarmony. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25852 - CWE-427 in Acronis DeviceLock DLP. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-25854 is an url redirection to untrusted site in Apache Tomcat. This page lists verified fix commands and short-term mitigations yo
CVE-2026-25868 is a vulnerability in MiniGal Nano. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25869 is a path traversal in MiniGal Nano. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25870 is a vulnerability in DoraCMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25872 is a path traversal in JUNG Smart Panel 5.1 KNX. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-25876 is a vulnerability in assessment-placipy. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25877 is a improper access control in chartbrew chartbrew. This page lists the verified fix and inline mitigations.
CVE-2026-25878 is an authentication bypass in FroshPlatformAdminer. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-25882 is a improper validation of array index in gofiber fiber. This page lists the verified fix and inline mitigations.
CVE-2026-25883 is a server-side request forgery in vexa. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25889 is an OS command injection in filebrowser. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-2589 is a information exposure in wpsoul Greenshift – animation and page builder blocks. This page lists the verified fix and inlin
CVE-2026-25897 is a heap buffer overflow in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25898 is a out-of-bounds read in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25904 is a vulnerability in the product. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25905 is a vulnerability in the product. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25907 is a overly restrictive account lockout mechanism in Dell PowerScale OneFS. This page lists the verified fix and inline mitig
CVE-2026-25908 - CWE-250: Execution with Unnecessary Privileges in Alienware Command Center (AWCC). Runnable patch commands, mitigation, and
CVE-2026-25916 is a vulnerability in Webmail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25918 is a vulnerability in unity-cli. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25920 is a path traversal in sumatrapdf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25928: OpenEMR Vulnerable to Path Traversal When Zipping DICOM Folders in openemr. Patch commands and verification.
CVE-2026-25929 is a authorization bypass through user-controlled key in openemr openemr. This page lists the verified fix and inline mitigat
CVE-2026-2593 is a cross-site scripting in wpsoul Greenshift – animation and page builder blocks. This page lists the verified fix and inlin
CVE-2026-25930 is a authorization bypass through user-controlled key in openemr openemr. This page lists the verified fix and inline mitigat
CVE-2026-25933 is an OS command injection in arduino-app-lab. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25934 is a vulnerability in go-git. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25936 is a glpi vulnerable to authenticated sql injection in Glpi-project glpi. CVSS 6.5 Medium. Patch commands, mitigations, and v
CVE-2026-25937 is a glpi has a mfa bypass in Glpi-project glpi. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2026-25941 is a improper input validation in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-25942 is a out-of-bounds read in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-2595: a vulnerability in Quads Ads Manager for Google AdSense. Patched version and vendor advisory inside.
CVE-2026-25952 is a use-after-free in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-25953 is a use-after-free in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-25954 is a use-after-free in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-25955 is a use-after-free in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-25956 is a vulnerability in frappe. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25957 is a vulnerability in cube. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25959 is a use-after-free in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-25962 is a improper handling of highly compressed data (data amplification) in MarkUsProject Markus. This page lists the verified f
CVE-2026-25964 is a path traversal in recipes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25966 is a improper access control in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25969 is a missing release of memory after effective lifetime in ImageMagick ImageMagick. This page lists the verified fix and inli
CVE-2026-25970 is a integer overflow in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25971 is a uncontrolled recursion in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25972 is a execute unauthorized code or commands in Fortinet FortiSIEM. CVSS 4.1 Medium. Patch commands, mitigations, and verificat
CVE-2026-25982 is a out-of-bounds read in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25983 is a use-after-free in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25986 is a out-of-bounds write in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25987 is a out-of-bounds read in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25988 is a missing release of memory after effective lifetime in ImageMagick ImageMagick. This page lists the verified fix and inli
CVE-2026-25996 is a vulnerability in inspektor-gadget. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25997 is a use-after-free in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-2600: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ElementsKit Elementor Addons – Advanc
CVE-2026-26000 is a vulnerability in xwiki-platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26002 is a improper neutralization of special elements in output used by a downstream component ('injection') in OSC ondemand. This
CVE-2026-26003 is a vulnerability in FastGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26004: CWE-639: Authorization Bypass Through User-Controlled Key in sentry. Patch commands and verification.
CVE-2026-26005 is a vulnerability in clipbucket-v5. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26006 is a vulnerability in AutoGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26012 is an access control bypass in vaultwarden. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-26014 is an information disclosure in dtls. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26019 is a vulnerability in langchainjs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2602: a vulnerability in Twentig Supercharged Block Editor – Bloc. Patched version and vendor advisory inside.
CVE-2026-26023 is a vulnerability in dify. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26024 is a null pointer dereference in free5gc smf. This page lists the verified fix and inline mitigations.
CVE-2026-26025 is a null pointer dereference in free5gc smf. This page lists the verified fix and inline mitigations.
CVE-2026-26028 is a vulnerability in cryptpad. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26033 is a unquoted search path or element in Dell Inc. UPS Multi-UPS Management Console (MUMC). This page lists the verified fix a
CVE-2026-26047 is a denial of service via resource consumption in Vendor the affected product. This page lists the verified fix and inline m
CVE-2026-26049 is a path traversal in USR-W610. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2605 is a vulnerability in TanOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26057 is a vulnerability in skill-scanner. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26058 is a zulip: path traversal in import in zulip. CVSS 6.1 Medium. Patch commands, mitigations, and verification.
CVE-2026-2606 is a path traversal in IBM webMethods API Gateway (on-prem). This page lists the verified fix and inline mitigations.
CVE-2026-26060 is a vulnerability in fleet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26066 is a denial of service via resource consumption in ImageMagick ImageMagick. This page lists the verified fix and inline mitig
CVE-2026-26067 - CWE-863: Incorrect Authorization in october. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-26070 is a vulnerability in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26071 is a vulnerability in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26072 is a vulnerability in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26073 is a path traversal in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26075 is a vulnerability in FastGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26076 is an OS command injection in ntpd-rs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26077 is a authentication bypass in discourse discourse. This page lists the verified fix and inline mitigations.
CVE-2026-26079 is a local privilege escalation in Webmail. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2608: a vulnerability in Kadence Blocks, Page Builder Toolkit fo. Patched version and vendor advisory inside.
CVE-2026-26100 is an arbitrary file read in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26104 is a missing authorization in Red Hat Red Hat Enterprise Linux 10. This page lists the verified fix and inline mitigations.
CVE-2026-26120 is a microsoft bing tampering in Microsoft Bing. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2026-26122 is a insecure default in Microsoft Microsoft ACI Confidential Containers. This page lists the verified fix and inline mitigat
CVE-2026-26123: Microsoft Authenticator Information Disclosure in Microsoft Authenticator for Android. Patch commands and verification.
CVE-2026-26124 is a path traversal: '.../...//' in Microsoft Microsoft ACI Confidential Containers. This page lists the verified fix and inl
CVE-2026-26136 is a microsoft copilot information disclosure in Microsoft Copilot. CVSS 6.5 Medium. Patch commands, mitigations, and verific
CVE-2026-26155 is a cwe-126: buffer over-read in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can
CVE-2026-26169 is a cwe-126: buffer over-read in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can
CVE-2026-2617 is an insecure default configuration in 777VR1. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26175 is an use of uninitialized resource in Microsoft Windows. This page lists verified fix commands and short-term mitigations yo
CVE-2026-2618 is a vulnerability in 777VR1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26185 is a vulnerability in directus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26186 is a SQL injection in fleetdm fleet. This page lists the verified fix and inline mitigations.
CVE-2026-26188 is a vulnerability in craft-freeform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26189 is an OS command injection in trivy-action. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2619 is a incorrect authorization in gitlab in GitLab, fixed by the same patch as CVE-2026-1092.
CVE-2026-26191 is an OS command injection in fleet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26195 is a cross-site scripting in gogs gogs. This page lists the verified fix and inline mitigations.
CVE-2026-26196 is a use of get request method with sensitive query strings in gogs gogs. This page lists the verified fix and inline mitigat
CVE-2026-2620: a SQL injection in Monitoring and Early Warning System. Patched version and vendor advisory inside.
CVE-2026-26203 is an use-after-free in pjmedia-video. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26204 - CWE-124: Buffer Underwrite ('Buffer Underflow') in wazuh. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-26206 - CWE-307: Improper Restriction of Excessive Authentication Attempts in wazuh. Runnable patch commands, mitigation, and verif
CVE-2026-26207 is a missing authorization in discourse discourse. This page lists the verified fix and inline mitigations.
CVE-2026-2621: a SQL injection in Koyuan Thermoelectricity Heat Network Ma. Patched version and vendor advisory inside.
CVE-2026-2622 is a vulnerability in Blossom. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26223 is a vulnerability in SPIP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26226 is a vulnerability in beautiful-mermaid. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-26227 is a cwe-307 improper restriction of excessive authentication attempts in VideoLAN VLC for Android. This page lists the verif
CVE-2026-2623 is a path traversal in Blossom. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26233 is a vulnerability in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26246 is a memory exhaustion via malformed psd file upload in Mattermost. CVSS 4.3 Medium. Patch commands, mitigations, and verific
CVE-2026-2625: Improper Verification of Cryptographic Signature in Red Hat Hardened Images. Patch commands and verification.
CVE-2026-26269 is a stack-based buffer overflow in vim. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-26270 is a vulnerability in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26271 is a buffer over-read in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-26272 is a cross-site scripting in sysadminsmedia homebox. This page lists the verified fix and inline mitigations.
CVE-2026-26274 - CWE-184: Incomplete List of Disallowed Inputs in october. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-26281 is a vulnerability in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26282 is a vulnerability in NanaZip. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26283 is a loop with unreachable exit condition ('infinite loop') in ImageMagick ImageMagick. This page lists the verified fix and
CVE-2026-26284 is a heap buffer overflow in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-2629 is an OS command injection in node-sonos-http-api. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-26291 is a cross-site scripting in GROWI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26304 is a permission bypass in playbook run creation in Mattermost. CVSS 4.3 Medium. Patch commands, mitigations, and verification
CVE-2026-26309: Envoy has an off-by-one write in JsonEscaper::escapeString() in envoy. Patch commands and verification.
CVE-2026-26310 is a crash for scoped ip address in envoy during dns in Envoyproxy envoy. CVSS 5.9 Medium. Patch commands, mitigations, and v
CVE-2026-26311: Envoy HTTP: filter chain execution on reset streams causing UAF crash in envoy. Patch commands and verification.
CVE-2026-26312 is an OS command injection in stalwart. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-26313 is an OS command injection in go-ethereum. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-26315 is a vulnerability in go-ethereum. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26326 is an information disclosure in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-26328 is an access control bypass in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2633: a vulnerability in Kadence Blocks, Page Builder Toolkit fo. Patched version and vendor advisory inside.
CVE-2026-26330 is a cwe-416: use after free in Envoyproxy envoy. CVSS 5.3 Medium. Patch commands, mitigations, and verification.
CVE-2026-26338: a vulnerability in Alfresco Transformation Service (Enterpr. Patched version and vendor advisory inside.
CVE-2026-26351 is a cross-site scripting in GetSimpleCMS-CE GetSimpleCMS-CE. This page lists the verified fix and inline mitigations.
CVE-2026-26352 is a vulnerability in Express. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26357: a vulnerability in Unisphere for PowerMax 9.2.4.18. Patched version and vendor advisory inside.
CVE-2026-2636 is a cwe-159 improper handling of invalid use of special elements in Microsoft Windows OS. This page lists the verified fix an
CVE-2026-26361 is an arbitrary file read in Unisphere for PowerMax. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-26365 is a cwe-444 inconsistent interpretation of http requests ('http request/response smuggling') in Akamai Ghost. This page list
CVE-2026-26370 is a vulnerability in Survey Maker. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26377 is a cross-site scripting in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26399 is a return of stack variable address in The. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-2640 is a cwe-269: improper privilege management in Lenovo PC Manager. CVSS 6.8 Medium. Patch commands, mitigations, and verificati
CVE-2026-2641 is a vulnerability in ctags. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2642 is a vulnerability in the_silver_searcher. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-2644 is a path traversal in minisat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2645: Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2 in wolfSSL. Patch commands and verification.
CVE-2026-2646: Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function in wolfssl. Patch commands and verification.
CVE-2026-26460 is a neutralization of script-related html tags in in HTML Injection. This page lists verified fix commands and short-term mi
CVE-2026-26461 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-26464 is a cross-site scripting in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26477 is a allocation of resources without limits or throttling in DokuWiki. CVSS 4.3 Medium. Patch commands, mitigations, and veri
CVE-2026-2653 is a path traversal in admesh. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2654 is a vulnerability in smolagents. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2657 is a stack-based buffer overflow in wren. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2658 is a vulnerability in newbee-mall. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2659 is a path traversal in Squirrel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2660 is an use-after-free in lily. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2661 is a path traversal in Squirrel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2662 is a path traversal in lily. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2663 is a SQL injection in xh-admin-backend. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2664 is a out-of-bounds read in Docker Docker Desktop. This page lists the verified fix and inline mitigations.
CVE-2026-2665 is an unrestricted file upload in base-admin. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-2666 is an unrestricted file upload in MCMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2667: an access control bypass in Visual Integrated Command and Dispatch P. Patched version and vendor advisory inside.
CVE-2026-2668: an access control bypass in Visual Integrated Command and Dispatch P. Patched version and vendor advisory inside.
CVE-2026-2669: an access control bypass in Visual Integrated Command and Dispatch P. Patched version and vendor advisory inside.
CVE-2026-26697 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26698 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26717 is a cwe-208 observable timing discrepancy in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-2672 is a path traversal in Electronic Archives System. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2673: OpenSSL TLS 1.3 server may choose unexpected key agreement group in OpenSSL. Patch commands and verification.
CVE-2026-2676 is an access control bypass in sms-ssm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2677 is a cross-site scripting in A3factura A3factura. This page lists the verified fix and inline mitigations.
CVE-2026-2678 is a cross-site scripting in A3factura A3factura. This page lists the verified fix and inline mitigations.
CVE-2026-2679 is a cross-site scripting in A3factura A3factura. This page lists the verified fix and inline mitigations.
CVE-2026-2680 is a cross-site scripting in A3factura A3factura. This page lists the verified fix and inline mitigations.
CVE-2026-2681 is an OS command injection in the product. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-2682 is a SQL injection in Electronic Archives System. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-2683 is a path traversal in Electronic Archives System. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2684: an unrestricted file upload in Electronic Archives System. Patched version and vendor advisory inside.
CVE-2026-2687: Reading progressbar < 1.3.1 - Admin+ Stored XSS in Reading progressbar. Patch commands and verification.
CVE-2026-2689 is a SQL injection in Event Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26895 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-2690 is a SQL injection in Event Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2691 is a SQL injection in Event Management System. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2692 is a path traversal in CyreneAdmin. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26927: URL (HTTP Origin) call location spoofing in Szafir SDK Web in Szafir SDK Web. Patch commands and verification.
CVE-2026-26929: CWE-732 Incorrect Permission Assignment for Critical Resource in Apache Airflow. Patch commands and verification.
CVE-2026-2693 is an access control bypass in CyreneAdmin. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-26931: CWE-789 Memory Allocation with Excessive Size Value in Metricbeat. Patch commands and verification.
CVE-2026-26932 is a cwe-129 improper validation of array index in Elastic Packetbeat. This page lists the verified fix and inline mitigation
CVE-2026-26933: Improper Validation of Array Index in Packetbeat Leading to Denial of Service in Packetbeat. Patch commands and verification
CVE-2026-26934 is a cwe-1284 improper validation of specified quantity in input in Elastic Kibana. This page lists the verified fix and inli
CVE-2026-26935 is a improper input validation in Elastic Kibana. This page lists the verified fix and inline mitigations.
CVE-2026-26936 is a regex denial of service in Elastic Kibana. This page lists the verified fix and inline mitigations.
CVE-2026-26937 is a denial of service via resource consumption in Elastic Kibana. This page lists the verified fix and inline mitigations.
CVE-2026-26939 is a cwe-862 missing authorization in Elastic Kibana. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2026-2694 is a cwe-285 improper authorization in stellarwp The Events Calendar. This page lists the verified fix and inline mitigations.
CVE-2026-26940: CWE-1284 Improper Validation of Specified Quantity in Input in Kibana. Patch commands and verification.
CVE-2026-26942 is an OS command injection in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations you
CVE-2026-26945 is a cwe-114: process control in Integrated Dell Remote Access Controller. CVSS 5.3 Medium. Patch commands, mitigations, and
CVE-2026-26946 is a improper privilege management in ECS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-26948: CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information in Integrated Dell Remote Access Contr
CVE-2026-26949 is a incorrect authorization in Dell Device Management Agent (DDMA). This page lists the verified fix and inline mitigations.
CVE-2026-2695 is an improper input validation in DEX (On-Premises). Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-26951 is a stack buffer overflow in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations you
CVE-2026-26952 is an improper input validation in web. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-26953 is an improper input validation in web. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-26957 is a vulnerability in github.com/abhinavxd/libredesk. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-2696: Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure in Export All URLs. Patch commands and verification.
CVE-2026-26962 is a rack: header injection in multipart requests in rack, fixed by the same patch as CVE-2026-26961.
CVE-2026-26963 is an access control bypass in cilium. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2697 is a authorization bypass through user-controlled key in Tenable Security Center. This page lists the verified fix and inline
CVE-2026-26972 is a path traversal in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26973 is a incorrect authorization in discourse discourse. This page lists the verified fix and inline mitigations.
CVE-2026-26977 is a vulnerability in lms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2698 is a authorization bypass through user-controlled key in Tenable Security Center. This page lists the verified fix and inline
CVE-2026-26981 is a signed to unsigned conversion error in AcademySoftwareFoundation openexr. This page lists the verified fix and inline mi
CVE-2026-26982: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ghostty. Patch command
CVE-2026-26983 is a null pointer dereference in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-26986 is a use-after-free in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-26987 is a vulnerability in librenms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26989 is a vulnerability in librenms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26991 is a vulnerability in librenms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26992 is a vulnerability in librenms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26993 is a vulnerability in Flare. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26994 is an authentication bypass in utls. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26998 is a resource exhaustion in traefik traefik. This page lists the verified fix and inline mitigations.
CVE-2026-27003 is a path traversal in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27004 is a vulnerability in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27007 is a path traversal in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27008 is an arbitrary file read in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27009 is a vulnerability in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27014 is a vulnerability in NanaZip. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27015 is a reachable assertion in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-27016 is a vulnerability in librenms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27020 is a vulnerability in photobooth. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27021 is a missing authorization in discourse discourse. This page lists the verified fix and inline mitigations.
CVE-2026-27022 is a vulnerability in langgraphjs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27023 is a SSRF in twentyhq twenty. This page lists the verified fix and inline mitigations.
CVE-2026-27024 is a denial of service in pypdf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27025 is a vulnerability in pypdf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27026 is an OS command injection in pypdf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27027 is a weak credential storage in Everon api.everon.io. This page lists the verified fix and inline mitigations.
CVE-2026-2703 is a vulnerability in xlnt. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2704 is a path traversal in Open Babel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27042 is a vulnerability in NotificationX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27046 is a vulnerability in StoreCustomizer. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2705 is a path traversal in Open Babel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27050 is a vulnerability in RealPress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27055 is a vulnerability in Penci AI SmartContent Creator. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-27056 is a vulnerability in iThemes Sync. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27057 is a vulnerability in Penci Filter Everything. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-27058 is a vulnerability in Penci Podcast. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27059 is a vulnerability in Penci Recipe. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2706: a SQL injection in Patient Record Management System. Patched version and vendor advisory inside.
CVE-2026-27066: a vulnerability in Live sales notification for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-27069 is a vulnerability in Soledad. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2707: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in weForms – Easy Drag & Drop Con
CVE-2026-27074 is a vulnerability in Shortcoder. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2709 is a vulnerability in busy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27090 is a vulnerability in Kenta Companion. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27091: WordPress UiPress lite plugin <= 3.5.09 - Broken Access Control in UiPress lite. Patch commands and verification.
CVE-2026-27092 is a vulnerability in WPAdverts. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27094 is a vulnerability in CoBlocks. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27101: CWE-22: Improper Limitation of a Pathname to a Restricted Directory Path Traversal in Secure Connect Gateway. Patch commands
CVE-2026-27102 is a cwe-266: incorrect privilege assignment in Dell PowerScale OneFS. CVSS 6.6 Medium. Patch commands, mitigations, and veri
CVE-2026-27105 - CWE-59: Improper Link Resolution Before File Access ('Link Following') in Dell/Alienware Purchased Apps. Runnable patch com
CVE-2026-2711 is a vulnerability in worldquant-miner. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27111 is a vulnerability in kargo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27113 is an OS command injection in liquidprompt. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-27114 is a denial of service in NanaZip. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27116 is a cross-site scripting in go-vikunja vikunja. This page lists the verified fix and inline mitigations.
CVE-2026-27117 is a path traversal in rikyoz bit7z. This page lists the verified fix and inline mitigations.
CVE-2026-27118 is a vulnerability in kit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27119 is a vulnerability in svelte. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2712 is an incorrect authorization in WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performan
CVE-2026-27120 is a vulnerability in leaf-kit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27121 is a vulnerability in svelte. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27122 is a vulnerability in svelte. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27125 is a vulnerability in svelte. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27126 is a cross-site scripting in craftcms cms. This page lists the verified fix and inline mitigations.
CVE-2026-27128 is a time-of-check time-of-use (toctou) race condition in craftcms cms. This page lists the verified fix and inline mitigatio
CVE-2026-27129 is a SSRF in craftcms cms. This page lists the verified fix and inline mitigations.
CVE-2026-27131 is an information disclosure in craft-sprig. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-27133 is a code injection in strimzi-kafka-operator. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-27138 is a security vulnerability in Go standard library crypto/x509. This page lists the verified fix and inline mitigations.
CVE-2026-2714 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Institute Management – Learni
CVE-2026-27142 is a security vulnerability in Go standard library html/template. This page lists the verified fix and inline mitigations.
CVE-2026-27147 is a vulnerability in GetSimpleCMS-CE. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27149 is a SQL injection in discourse discourse. This page lists the verified fix and inline mitigations.
CVE-2026-27156 is a cross-site scripting in zauberzeug nicegui. This page lists the verified fix and inline mitigations.
CVE-2026-2716 is a vulnerability in Client Testimonial Slider. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-27162 is a information exposure in discourse discourse. This page lists the verified fix and inline mitigations.
CVE-2026-27166: Discourse vulnerable to HTML injection via prohibited iframe URLs in discourse. Patch commands and verification.
CVE-2026-2717 - CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') in HTTP Headers. Runnable patch commands, mitigation, an
CVE-2026-27176 is a vulnerability in MajorDoMo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27177 is a vulnerability in MajorDoMo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27178 is a vulnerability in MajorDoMo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2718 is a vulnerability in Dealia – Request a quote. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-27189 is a time-of-check time-of-use (toctou) race condition in OpenSift OpenSift. This page lists the verified fix and inline miti
CVE-2026-2719 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Private WP suite. Runnable pa
CVE-2026-27195 is a improper handling of exceptional conditions in bytecodealliance wasmtime. This page lists the verified fix and inline mi
CVE-2026-27199 is a improper handling of windows device names in pallets werkzeug. This page lists the verified fix and inline mitigations.
CVE-2026-2720 is a vulnerability in Hr Press Lite. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27204 is a denial of service via resource consumption in bytecodealliance wasmtime. This page lists the verified fix and inline mit
CVE-2026-2721 is a cross-site scripting in pierrelannoy MailArchiver. This page lists the verified fix and inline mitigations.
CVE-2026-27210 is a cross-site scripting in mpetroff pannellum. This page lists the verified fix and inline mitigations.
CVE-2026-27214: Substance3D - Painter | NULL Pointer Dereference (CWE-476) in Substance3D - Painter. Patch commands and verification.
CVE-2026-27215: Substance3D - Painter | NULL Pointer Dereference (CWE-476) in Substance3D - Painter. Patch commands and verification.
CVE-2026-27216: Substance3D - Painter | Out-of-bounds Read (CWE-125) in Substance3D - Painter. Patch commands and verification.
CVE-2026-27217: Substance3D - Painter | NULL Pointer Dereference (CWE-476) in Substance3D - Painter. Patch commands and verification.
CVE-2026-27218: Substance3D - Painter | NULL Pointer Dereference (CWE-476) in Substance3D - Painter. Patch commands and verification.
CVE-2026-27219: Substance3D - Painter | Out-of-bounds Read (CWE-125) in Substance3D - Painter. Patch commands and verification.
CVE-2026-2722 is a cross-site scripting in urkekg Stock Ticker. This page lists the verified fix and inline mitigations.
CVE-2026-27221: Acrobat Reader | Improper Certificate Validation (CWE-295) in Acrobat Reader. Patch commands and verification.
CVE-2026-27222 is a divide by zero in Bridge. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27223: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27224: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27225: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27226: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27228: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27229: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-2723 is a vulnerability in Post Snippits. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27230: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27231: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27232: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27233: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27234: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27235: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27236: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27237: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27239: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27240: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27241: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27242: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27244: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27247: Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) in Adobe Experience Manager. Patch commands and ver
CVE-2026-27248: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27249: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-2725 is an access control bypass in Gerrit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27250: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27251: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27252: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27253: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27254: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27255: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27256: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27257: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27258 is an out-of-bounds write in DNG SDK. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-2726 is an access control bypass in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27262: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27265: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27266: Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Experience Manager. Patch commands and verifi
CVE-2026-27268 is a illustrator | out-of-bounds read (cwe-125) in Adobe Illustrator. CVSS 5.5 Medium. Patch commands, mitigations, and verif
CVE-2026-27270 is a illustrator | out-of-bounds read (cwe-125) in Adobe Illustrator. CVSS 5.5 Medium. Patch commands, mitigations, and verif
CVE-2026-2728 is a cross-site scripting in librenms. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-27281 is a dng sdk | integer overflow or wraparound (cwe-190) in Adobe DNG SDK. CVSS 5.5 Medium. Patch commands, mitigations, and v
CVE-2026-27285 is a heap buffer overflow in InDesign Desktop. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27286 is a heap buffer overflow in InDesign Desktop. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27288 is a cross-site scripting in Adobe Experience Manager. This page lists verified fix commands and short-term mitigations you c
CVE-2026-2729 authorization bypass through user-controlled key in Forminator Forms – Contact Form, Payment Form & Custom Form Builder. Runna
CVE-2026-27299 is an improper input validation in Adobe Framemaker. This page lists verified fix commands and short-term mitigations you can
CVE-2026-27300 is an access of uninitialized pointer (cwe-824) in Adobe Framemaker. This page lists verified fix commands and short-term mit
CVE-2026-27301 is a heap buffer overflow in Adobe Framemaker. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27315: bundle sibling of CVE-2026-27314. Same patched build closes both.
CVE-2026-2732 is a missing authorization in shortpixel Enable Media Replace. This page lists the verified fix and inline mitigations.
CVE-2026-27327 is a vulnerability in YayMail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27328 is a vulnerability in EduBlink. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27329 authorization bypass through user-controlled key in YITH WooCommerce Wishlist. Runnable upgrade commands and verification ste
CVE-2026-2734 is an access control bypass in mlflow/mlflow. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-27344 is a missing authorization in inseriswiss inseri core. This page lists the verified fix and inline mitigations.
CVE-2026-27349 is a vulnerability in Mail Mint. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2735 is a vulnerability in OpenCms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27354 is a cross-site scripting in WebCodingPlace WooCommerce Coming Soon Product with Countdown. This page lists the verified fix
CVE-2026-2736 is a vulnerability in OpenCms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27360 is a vulnerability in Photo Gallery by 10Web. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-27362 is a missing authorization in kamleshyadav WP Bakery Autoresponder Addon. This page lists the verified fix and inline mitigat
CVE-2026-27368 is a vulnerability in Coming Soon Page. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2738 is a vulnerability in ovpn-dco-win. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27387 is a vulnerability in DirectoryPress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2739 is a denial of service in bn.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27393 is a missing authorization in CF7 WOW Styler. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-27397: CWE-639 Authorization Bypass Through User-Controlled Key in Really Simple Security Pro. Patch commands and verification.
CVE-2026-27405 is a missing authorization in WpBookingly. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-27411 is a guessable captcha in jp-secure SiteGuard WP Plugin. This page lists the verified fix and inline mitigations.
CVE-2026-27415 is a cross-site request forgery (csrf) in Bear. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-27416 is a missing authorization in PDF Poster. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-2742: Unauthorized session creation via reserved framework path access in vaadin. Patch commands and verification.
CVE-2026-27421 improper neutralization of input during web page generation ('cross-site scripti in Royal Elementor Addons. Runnable upgrade
CVE-2026-27424: a missing authorization in Image Photo Gallery Final Tiles Grid. Patched version and vendor advisory inside.
CVE-2026-27440 is a vulnerability in myCred. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27445 is a cwe-347 improper verification of cryptographic signature in SEPPmail Secure Email Gateway. This page lists the verified
CVE-2026-27447: OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup in cups. Patch commands and verification.
CVE-2026-2745 is an authentication bypass in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27454 is a discourse has check revision visibility on posts endpoint in discourse. CVSS 5.3 Medium. Patch commands, mitigations, an
CVE-2026-27456: util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup in util-linux. Patch commands and verification.
CVE-2026-27457 is a missing authorization in WeblateOrg weblate. This page lists the verified fix and inline mitigations.
CVE-2026-2746 is a cwe-347 improper verification of cryptographic signature in SEPPmail Secure Email Gateway. This page lists the verified f
CVE-2026-27460 is a cwe-409: improper handling of highly compressed in recipes. This page lists verified fix commands and short-term mitigat
CVE-2026-27461 is a SQL injection in pimcore pimcore. This page lists the verified fix and inline mitigations.
CVE-2026-27468 is a missing authorization in mastodon mastodon. This page lists the verified fix and inline mitigations.
CVE-2026-27469 is a cross-site scripting in isso-comments isso. This page lists the verified fix and inline mitigations.
CVE-2026-2747 is a information exposure in SEPPmail Secure Email Gateway. This page lists the verified fix and inline mitigations.
CVE-2026-27472 is a vulnerability in SPIP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27473 is a vulnerability in SPIP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27474 is a vulnerability in SPIP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27477 is a SSRF in mastodon mastodon. This page lists the verified fix and inline mitigations.
CVE-2026-27480 is a observable response discrepancy in static-web-server static-web-server. This page lists the verified fix and inline miti
CVE-2026-27481 is a discourse: hidden tag visibility bypass on tag routes in discourse. CVSS 6.3 Medium. Patch commands, mitigations, and ve
CVE-2026-27482 is a declaration of catch for generic exception in ray-project ray. This page lists the verified fix and inline mitigations.
CVE-2026-27485 is a unix symbolic link (symlink) following in openclaw openclaw. This page lists the verified fix and inline mitigations.
CVE-2026-27486 is a unverified ownership in openclaw openclaw. This page lists the verified fix and inline mitigations.
CVE-2026-27488 is a SSRF in openclaw openclaw. This page lists the verified fix and inline mitigations.
CVE-2026-27491: Discourse has a bypass of official warnings messages by non-staff users in discourse. Patch commands and verification.
CVE-2026-27492 is a exposure of data element to wrong session in lettermint lettermint-node. This page lists the verified fix and inline mit
CVE-2026-27502 is a vulnerability in SVXportal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27503 is a vulnerability in SVXportal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27504 is a vulnerability in SVXportal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27505 is a vulnerability in SVXportal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27506 is a vulnerability in SVXportal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27508 is a vulnerability in Express. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27510 is a cwe-345 insufficient verification of data authenticity in UnitreeRobotics Unitree Go2. This page lists the verified fix
CVE-2026-27511 is a cwe-1021 improper restriction of rendered ui layers or frames in Shenzhen Tenda Technology Co., Ltd. Tenda F3. This page
CVE-2026-27512 is a cross-site scripting in Shenzhen Tenda Technology Co., Ltd. Tenda F3. This page lists the verified fix and inline mitiga
CVE-2026-27513 is a CSRF in Shenzhen Tenda Technology Co., Ltd. Tenda F3. This page lists the verified fix and inline mitigations.
CVE-2026-27517 is a cross-site scripting in Binardat Ltd. 10G08-0800GSM Network Switch. This page lists the verified fix and inline mitigati
CVE-2026-27518 is a CSRF in Binardat Ltd. 10G08-0800GSM Network Switch. This page lists the verified fix and inline mitigations.
CVE-2026-2752 is a information disclosure via error message in Navtor NavBox. This page lists the verified fix and inline mitigations.
CVE-2026-27521 is a cwe-307 improper restriction of excessive authentication attempts in Binardat Ltd. 10G08-0800GSM Network Switch. This pa
CVE-2026-27523: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in OpenClaw. Patch commands and verifi
CVE-2026-27545 is a cwe-367: time-of-check time-of-use (toctou) race condition in OpenClaw. CVSS 6.9 Medium. Patch commands, mitigations, an
CVE-2026-27567 is a SSRF in payloadcms payload. This page lists the verified fix and inline mitigations.
CVE-2026-27568 is a cross-site scripting in WWBN AVideo. This page lists the verified fix and inline mitigations.
CVE-2026-27570: Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox in discourse. Patch commands and verification.
CVE-2026-27571 is a improper handling of highly compressed data (data amplification) in nats-io nats-server. This page lists the verified fi
CVE-2026-27572 is a resource exhaustion in bytecodealliance wasmtime. This page lists the verified fix and inline mitigations.
CVE-2026-27576 is a denial of service via resource consumption in openclaw openclaw. This page lists the verified fix and inline mitigations
CVE-2026-27585 is a improper input validation in caddyserver caddy. This page lists the verified fix and inline mitigations.
CVE-2026-27589 is a CSRF in caddyserver caddy. This page lists the verified fix and inline mitigations.
CVE-2026-27599 is a vulnerability in ci4ms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27600 is a SSRF in sysadminsmedia homebox. This page lists the verified fix and inline mitigations.
CVE-2026-27605 is a unrestricted file upload in chartbrew chartbrew. This page lists the verified fix and inline mitigations.
CVE-2026-27612 is a cross-site scripting in denpiligrim repostat. This page lists the verified fix and inline mitigations.
CVE-2026-27621 is a cross-site scripting in TypiCMS Core. This page lists the verified fix and inline mitigations.
CVE-2026-27629 is a improper neutralization of special elements used in a template engine in inventree InvenTree. This page lists the verifi
CVE-2026-27638 is a missing authorization in actualbudget actual. This page lists the verified fix and inline mitigations.
CVE-2026-27642 is a improper input validation in free5gc udm. This page lists the verified fix and inline mitigations.
CVE-2026-27643 is a information disclosure via error message in free5gc udr. This page lists the verified fix and inline mitigations.
CVE-2026-27644 improper neutralization of formula elements in a csv file in traccar. Runnable upgrade commands and verification steps for sy
CVE-2026-27645 is a cross-site scripting in dgtlmoon changedetection.io. This page lists the verified fix and inline mitigations.
CVE-2026-27646 is an access control bypass in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-27653 is a incorrect default permissions in Soliton Systems K.K. Soliton SecureBrowser for OneGate. This page lists the verified fi
CVE-2026-27656 is a vulnerability in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27659 is a vulnerability in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27661: CWE-1230: Exposure of Sensitive Information Through Metadata in SINEC Security Monitor. Patch commands and verification.
CVE-2026-27663: an OS command injection in CPCI85 Central Processing/Communication. Patched version and vendor advisory inside.
CVE-2026-27670 is a cwe-367: time-of-check time-of-use (toctou) race condition in OpenClaw. CVSS 5.8 Medium. Patch commands, mitigations, an
CVE-2026-27672 is a missing authorization in Material Master Application. This page lists verified fix commands and short-term mitigations y
CVE-2026-27673 is a missing authorization in SAP S/4HANA (Private Cloud and On-Premise). This page lists verified fix commands and short-ter
CVE-2026-27674 is a code injection in SAP NetWeaver Application Server Java (Web Dynpro Java). This page lists verified fix commands and sho
CVE-2026-27676 is a missing authorization in SAP S/4HANA OData Service (Manage Technical Object Structures). This page lists verified fix co
CVE-2026-27677 is a missing authorization in SAP S/4HANA OData Service (Manage Reference Equipment). This page lists verified fix commands a
CVE-2026-27678 is a missing authorization in SAP S/4HANA Backend OData Service (Manage Reference Structures). This page lists verified fix c
CVE-2026-27679 is a missing authorization in SAP S/4HANA Frontend OData Service (Manage Reference Structures). This page lists verified fix
CVE-2026-27682: a cross-site scripting (XSS) in SAP NetWeaver Application Server ABAP (A. Patched version and vendor advisory inside.
CVE-2026-27683 is a cross-site scripting in SAP BusinessObjects Business Intelligence Platform. This page lists verified fix commands and sh
CVE-2026-27684: SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification) in SAP NetWeaver (Feedback Notification). Patch command
CVE-2026-27686: Missing Authorization check in SAP Business Warehouse (Service API) in SAP Business Warehouse (Service API). Patch commands
CVE-2026-27687: CWE-862: Missing Authorization in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal. Patch commands and verification.
CVE-2026-27688: Missing Authorization check in SAP NetWeaver Application Server for ABAP in SAP NetWeaver Application Server for ABAP. Patch
CVE-2026-27691 is a integer overflow in InternationalColorConsortium iccDEV. This page lists the verified fix and inline mitigations.
CVE-2026-27693 is a xml injection (aka blind xpath injection) in traccar. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-27694 improper neutralization of input during web page generation ('cross-site scripti in traccar. Runnable upgrade commands and ve
CVE-2026-27695 is a resource exhaustion in zeroae zae-limiter. This page lists the verified fix and inline mitigations.
CVE-2026-27697 is a basercms: sql injection vulnerability in blog post in Baserproject basercms, fixed by the same patch as CVE-2026-21861.
CVE-2026-27704 is a path traversal in dart-lang sdk. This page lists the verified fix and inline mitigations.
CVE-2026-27705 is a authorization bypass through user-controlled key in makeplane plane. This page lists the verified fix and inline mitigat
CVE-2026-27709 is a out-of-bounds read in M2Team NanaZip. This page lists the verified fix and inline mitigations.
CVE-2026-27710 is a integer underflow in M2Team NanaZip. This page lists the verified fix and inline mitigations.
CVE-2026-27711 is a out-of-bounds read in M2Team NanaZip. This page lists the verified fix and inline mitigations.
CVE-2026-27723 is a improper access control in opf openproject. This page lists the verified fix and inline mitigations.
CVE-2026-27729 is a resource exhaustion in withastro astro. This page lists the verified fix and inline mitigations.
CVE-2026-27734 is a path traversal in henrygd beszel. This page lists the verified fix and inline mitigations.
CVE-2026-27735 is a path traversal in modelcontextprotocol servers. This page lists the verified fix and inline mitigations.
CVE-2026-27736 is a open redirect in bigbluebutton bigbluebutton. This page lists the verified fix and inline mitigations.
CVE-2026-27737 is a cross-site scripting (XSS) in bigbluebutton. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-27738 is a open redirect in angular angular-cli. This page lists the verified fix and inline mitigations.
CVE-2026-27740 is a discourse has stored xss in ai triage automation in discourse. CVSS 5.1 Medium. Patch commands, mitigations, and verific
CVE-2026-27741 is a CSRF in Bludit Bludit. This page lists the verified fix and inline mitigations.
CVE-2026-27742 is a cross-site scripting in Bludit Bludit. This page lists the verified fix and inline mitigations.
CVE-2026-27746 is a cross-site scripting in SPIP jeux. This page lists the verified fix and inline mitigations.
CVE-2026-27753 is a cwe-307 improper restriction of excessive authentication attempts in Shenzhen Hongyavision Technology Co., Ltd. (Sodola
CVE-2026-27754 is a cwe-328 use of weak hash in Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) SODOLA SL902-SWTGW124AS. This p
CVE-2026-27756 is a cross-site scripting in Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) SODOLA SL902-SWTGW124AS. This page
CVE-2026-27758 is a CSRF in Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) SODOLA SL902-SWTGW124AS. This page lists the verifi
CVE-2026-27759 is a SSRF in Dhrumil Kumbhani Featured Image from Content. This page lists the verified fix and inline mitigations.
CVE-2026-27766 is a race condition in OpenHarmony. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27770 is a weak credential storage in ePower epower.ie. This page lists the verified fix and inline mitigations.
CVE-2026-27773 is a weak credential storage in SWITCH EV swtchenergy.com. This page lists the verified fix and inline mitigations.
CVE-2026-27774 is a cwe-427 in Acronis True Image. CVSS 6.7 Medium. Patch commands, mitigations, and verification.
CVE-2026-27777 is a weak credential storage in Mobiliti e-mobi.hu. This page lists the verified fix and inline mitigations.
CVE-2026-27787 is a cross-site scripting (xss) in Icz Corporation MATCHA SNS. CVSS 5.4 Medium. Patch commands, mitigations, and verification
CVE-2026-27792 is a missing authorization in seerr-team seerr. This page lists the verified fix and inline mitigations.
CVE-2026-27793 is a authorization bypass through user-controlled key in seerr-team seerr. This page lists the verified fix and inline mitiga
CVE-2026-27794 is a unsafe deserialization in langchain-ai langgraph-checkpoint. This page lists the verified fix and inline mitigations.
CVE-2026-27795 is a SSRF in langchain-ai langchainjs. This page lists the verified fix and inline mitigations.
CVE-2026-27796: Homarr: Unauthenticated Information Disclosure (Integration Metadata Leak) in homarr. Patch commands and verification.
CVE-2026-27797 is a homarr: unauthenticated ssrf in rssfeed.ts in Homarr-labs homarr. CVSS 5.3 Medium. Patch commands, mitigations, and veri
CVE-2026-27798 is a out-of-bounds read in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-27799 is a heap buffer overflow in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-27801 is a improper restriction of excessive authentication attempts in dani-garcia vaultwarden. This page lists the verified fix a
CVE-2026-27807 is a improper restriction of recursive entity references in dtds ('xml entity expansion') in MarkUsProject Markus. This page
CVE-2026-27808 is a SSRF in axllent mailpit. This page lists the verified fix and inline mitigations.
CVE-2026-27809 is a improper handling of highly compressed data (data amplification) in psd-tools psd-tools. This page lists the verified fi
CVE-2026-27810 is a improper neutralization of crlf sequences in http headers ('http request/response splitting') in kovidgoyal calibre. Thi
CVE-2026-27813 is an use-after-free in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27814 is a vulnerability in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27815 is an OS command injection in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-27816 is an OS command injection in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-27824 is a improper restriction of excessive authentication attempts in kovidgoyal calibre. This page lists the verified fix and in
CVE-2026-27828 is an use-after-free in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27829 is a SSRF in withastro astro. This page lists the verified fix and inline mitigations.
CVE-2026-2783 is a information exposure in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27835 is a authorization bypass through user-controlled key in wger-project wger. This page lists the verified fix and inline mitig
CVE-2026-27837 is a improperly controlled modification of object prototype attributes ('prototype pollution') in mickhansen dottie.js. This
CVE-2026-27839 is a authorization bypass through user-controlled key in wger-project wger. This page lists the verified fix and inline mitig
CVE-2026-27840 is a authentication bypass by assumed-immutable data in zitadel zitadel. This page lists the verified fix and inline mitigati
CVE-2026-27846 is a missing authentication in Linksys MR9600. This page lists the verified fix and inline mitigations.
CVE-2026-27853 is a out-of-bounds write when rewriting large dns packets in Powerdns DNSdist, fixed by the same patch as CVE-2026-0396.
CVE-2026-27854 is a use after free when parsing edns options in lua in Powerdns DNSdist, fixed by the same patch as CVE-2026-0396.
CVE-2026-27855 is a code injection in OX Dovecot Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27857 is a vulnerability in OX Dovecot Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27859 is a vulnerability in OX Dovecot Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27877 is a vulnerability in Grafana. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27879 is a vulnerability in Grafana. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27884 is a path traversal in Pennyw0rth NetExec. This page lists the verified fix and inline mitigations.
CVE-2026-27887 is a resource exhaustion in spinframework spin. This page lists the verified fix and inline mitigations.
CVE-2026-27888 is a denial of service via resource consumption in py-pdf pypdf. This page lists the verified fix and inline mitigations.
CVE-2026-27892 is an information disclosure in facturascripts. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-27895 is a cwe-185: incorrect regular expression in Ldapaccountmanager lam. CVSS 4.3 Medium. Patch commands, mitigations, and verif
CVE-2026-27898 is a authorization bypass through user-controlled key in dani-garcia vaultwarden. This page lists the verified fix and inline
CVE-2026-27900 is a log exposure of sensitive info in linode terraform-provider-linode. This page lists the verified fix and inline mitigati
CVE-2026-27901 is a cross-site scripting in sveltejs svelte. This page lists the verified fix and inline mitigations.
CVE-2026-27902 is a cross-site scripting in sveltejs svelte. This page lists the verified fix and inline mitigations.
CVE-2026-27906 is an improper input validation in Microsoft Windows. This page lists verified fix commands and short-term mitigations you ca
CVE-2026-27925 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-27930 is an out-of-bounds read in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27931 is an out-of-bounds read in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-27933 is a insufficient session expiration in manyfold3d manyfold. This page lists the verified fix and inline mitigations.
CVE-2026-27935: Discourse leaks private topic metadata to non-authorized users in discourse. Patch commands and verification.
CVE-2026-27936: Discourse discloses restricted post-action counts to non-privileged users in discourse. Patch commands and verification.
CVE-2026-2794 is a cwe-908 use of uninitialized resource in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27943 is a authorization bypass through user-controlled key in openemr openemr. This page lists the verified fix and inline mitigat
CVE-2026-27948 is a cross-site scripting in 9001 copyparty. This page lists the verified fix and inline mitigations.
CVE-2026-27950 is a use-after-free in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-27951 is a integer overflow in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-27954 is a missing authorization in LiveHelperChat livehelperchat. This page lists the verified fix and inline mitigations.
CVE-2026-27963 is a cross-site scripting in advplyr audiobookshelf. This page lists the verified fix and inline mitigations.
CVE-2026-27968 is a authentication bypass in packistry packistry. This page lists the verified fix and inline mitigations.
CVE-2026-27973 is a cross-site scripting in advplyr audiobookshelf. This page lists the verified fix and inline mitigations.
CVE-2026-27974 is a cross-site scripting in advplyr audiobookshelf-app. This page lists the verified fix and inline mitigations.
CVE-2026-27978: Next.js: null origin can bypass Server Actions CSRF checks in next.js. Patch commands and verification.
CVE-2026-27979: Next.js: Unbounded postponed resume buffering can lead to DoS in next.js. Patch commands and verification.
CVE-2026-27980: Next.js: Unbounded next/image disk cache growth can exhaust storage in next.js. Patch commands and verification.
CVE-2026-27982 is a open redirect in allauth django-allauth. This page lists the verified fix and inline mitigations.
CVE-2026-2802 is a cwe-362 concurrent execution using shared resource with improper synchronization ('race condition') in Mozilla Firefox. T
CVE-2026-28036 is a SSRF in SkatDesign Ratatouille. This page lists the verified fix and inline mitigations.
CVE-2026-28038 is a missing authorization in Brainstorm_Force Ultimate Addons for WPBakery Page Builder. This page lists the verified fix an
CVE-2026-2804 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-28040 - CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Taxi Booking Manager for Woo
CVE-2026-28044: WordPress WP Rocket plugin <= 3.19.4 - Cross Site Scripting (XSS) in WP Rocket. Patch commands and verification.
CVE-2026-28070: WordPress WP eMember plugin <= v10.2.2 - Broken Access Control in WP eMember. Patch commands and verification.
CVE-2026-28071 is a missing authorization in PixFort pixfort Core. This page lists the verified fix and inline mitigations.
CVE-2026-28078 is a path traversal in Stylemix uListing. This page lists the verified fix and inline mitigations.
CVE-2026-2808: CWE-59: Improper Link Resolution Before File Access (Link Following) in Consul. Patch commands and verification.
CVE-2026-28080 is a missing authorization in Rank Math Rank Math SEO PRO. This page lists the verified fix and inline mitigations.
CVE-2026-28083 is a cross-site scripting in UX-themes Flatsome. This page lists the verified fix and inline mitigations.
CVE-2026-2809 is a endpoint dlp driver dll in Endpoint DLP Module for Netskope Client. CVSS 6.7 Medium. Patch commands, mitigations, and ver
CVE-2026-2810 - CWE-125 Out-of-bounds read in Client. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-28104 is a missing authorization in Aryan Shirani Bid Abadi Site Suggest. This page lists the verified fix and inline mitigations.
CVE-2026-28106 is a open redirect in Kings Plugins B2BKing Premium. This page lists the verified fix and inline mitigations.
CVE-2026-2812 is an authentication bypass in ArcGIS Server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-2813 is an open redirect in ArcGIS Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28131 is a insertion of sensitive information into sent data in WPVibes Elementor Addon Elements. This page lists the verified fix
CVE-2026-28132 is a improper neutralization of script-related html tags in a web page (basic xss) in villatheme WooCommerce Photo Reviews. T
CVE-2026-2817 is a vulnerability in Spring Data Geode. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2819 is a vulnerability in RuoYi-Vue-Plus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28194 is a open redirect in JetBrains TeamCity. This page lists the verified fix and inline mitigations.
CVE-2026-28195 is a missing authorization in JetBrains TeamCity. This page lists the verified fix and inline mitigations.
CVE-2026-2820: a SQL injection in Smart Integrated Management Platform Sys. Patched version and vendor advisory inside.
CVE-2026-28204 is a path traversal in Chargeportal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28207 is a OS command injection in z-libs Zen-C. This page lists the verified fix and inline mitigations.
CVE-2026-28208 is a path traversal in junrar junrar. This page lists the verified fix and inline mitigations.
CVE-2026-2821: a SQL injection in Smart Integrated Management Platform Sys. Patched version and vendor advisory inside.
CVE-2026-28214 is an integer overflow in firebird. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-28217 is a missing authorization in hoppscotch hoppscotch. This page lists the verified fix and inline mitigations.
CVE-2026-28218 is a improper access control in discourse discourse. This page lists the verified fix and inline mitigations.
CVE-2026-2822 is a SQL injection in JeecgBoot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28221 - CWE-121: Stack-based Buffer Overflow in wazuh. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-28222 is a cross-site scripting in wagtail wagtail. This page lists the verified fix and inline mitigations.
CVE-2026-28223 is a cross-site scripting in wagtail wagtail. This page lists the verified fix and inline mitigations.
CVE-2026-28225 is a authorization bypass through user-controlled key in manyfold3d manyfold. This page lists the verified fix and inline mit
CVE-2026-28226 is a SQL injection in phishingclub phishingclub. This page lists the verified fix and inline mitigations.
CVE-2026-2823 is an OS command injection in CF-E7. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28230 is a improper access control in steve-community steve. This page lists the verified fix and inline mitigations.
CVE-2026-28231 is a out-of-bounds read in bigcat88 pillow_heif. This page lists the verified fix and inline mitigations.
CVE-2026-2824 is an OS command injection in CF-E7. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2825 is a vulnerability in WeRSS we-mp-rss. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28254 is a cwe-862 missing authorization in Trane Tracer SC. CVSS 6.9 Medium. Patch commands, mitigations, and verification.
CVE-2026-28256: CWE-547 Use of hard-coded, security-relevant constants in Tracer SC. Patch commands and verification.
CVE-2026-2826: Missing Authorization in Kadence Blocks, Page Builder Toolkit for Gutenberg Editor. Patch commands and verification.
CVE-2026-28263 is a cross-site scripting in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations you c
CVE-2026-28265 is a cwe-35: path traversal in Dell PowerStore. CVSS 4.4 Medium. Patch commands, mitigations, and verification.
CVE-2026-28267: Incorrect default permissions in i-フィルター 10 (Windows version only). Patch commands and verification.
CVE-2026-28269 is a OS command injection in kiteworks security-advisories. This page lists the verified fix and inline mitigations.
CVE-2026-28270 is a unrestricted file upload in kiteworks security-advisories. This page lists the verified fix and inline mitigations.
CVE-2026-28271 is a reliance on reverse dns resolution for a security-critical action in kiteworks security-advisories. This page lists the
CVE-2026-28277 is a unsafe deserialization in langchain-ai langgraph. This page lists the verified fix and inline mitigations.
CVE-2026-28280 is a cross-site scripting in jmpsec osctrl. This page lists the verified fix and inline mitigations.
CVE-2026-28288 is a observable response discrepancy in langgenius dify. This page lists the verified fix and inline mitigations.
CVE-2026-28295 is a SSRF in Red Hat Red Hat Enterprise Linux 10. This page lists the verified fix and inline mitigations.
CVE-2026-28296 is a improper neutralization of crlf sequences ('crlf injection') in Red Hat Red Hat Enterprise Linux 10. This page lists the
CVE-2026-28297: a vulnerability in SolarWinds Observability Self-Hosted. Patched version and vendor advisory inside.
CVE-2026-28298: a vulnerability in SolarWinds Observability Self-Hosted. Patched version and vendor advisory inside.
CVE-2026-2830 is a code injection in wpallimport WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets. This page lists the
CVE-2026-2831 is a SQL injection in pierrelannoy MailArchiver. This page lists the verified fix and inline mitigations.
CVE-2026-2832: an information disclosure in Samsung MultiXpress SL-X7600LXR. Patched version and vendor advisory inside.
CVE-2026-28338 is a cross-site scripting in pmd pmd. This page lists the verified fix and inline mitigations.
CVE-2026-28343 is a cross-site scripting in ckeditor ckeditor5. This page lists the verified fix and inline mitigations.
CVE-2026-28348 is a improper encoding or escaping of output in fedora-python lxml_html_clean. This page lists the verified fix and inline mi
CVE-2026-28350 is a improper encoding or escaping of output in fedora-python lxml_html_clean. This page lists the verified fix and inline mi
CVE-2026-28351 is a denial of service via resource consumption in py-pdf pypdf. This page lists the verified fix and inline mitigations.
CVE-2026-28352 is a missing authentication in indico indico. This page lists the verified fix and inline mitigations.
CVE-2026-28354 is a authorization bypass through user-controlled key in MacWarrior clipbucket-v5. This page lists the verified fix and inlin
CVE-2026-28357 is a cross-site scripting in nocodb nocodb. This page lists the verified fix and inline mitigations.
CVE-2026-28359 is a cross-site scripting in nocodb nocodb. This page lists the verified fix and inline mitigations.
CVE-2026-28361 is a authorization bypass through user-controlled key in nocodb nocodb. This page lists the verified fix and inline mitigatio
CVE-2026-2837 is a vulnerability in Ricerca – advanced search. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-28374 is a vulnerability in Grafana OSS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28375 is a vulnerability in Grafana. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28376 is a vulnerability in Grafana OSS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28379 is a vulnerability in Grafana OSS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2838: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Whole Enquiry Cart for WooCommerce. P
CVE-2026-28380 is a vulnerability in Grafana OSS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28383 is a vulnerability in Grafana OSS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28394 is a resource exhaustion in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28395 is a binding to an unrestricted ip address in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28396 is a insufficient session expiration in nocodb nocodb. This page lists the verified fix and inline mitigations.
CVE-2026-28397 is a cross-site scripting in nocodb nocodb. This page lists the verified fix and inline mitigations.
CVE-2026-28398 is a cross-site scripting in nocodb nocodb. This page lists the verified fix and inline mitigations.
CVE-2026-28399 is a SQL injection in nocodb nocodb. This page lists the verified fix and inline mitigations.
CVE-2026-2840 is a cross-site scripting in Email Encoder – Protect Email Addresses and Phone Numbers. This page lists verified fix commands
CVE-2026-28401 is a cross-site scripting in nocodb nocodb. This page lists the verified fix and inline mitigations.
CVE-2026-28407 is a improper check or handling of exceptional conditions in chainguard-dev malcontent. This page lists the verified fix and
CVE-2026-28410 is a improper access control in graphprotocol contracts. This page lists the verified fix and inline mitigations.
CVE-2026-28412 is a denial of service via resource consumption in f textream. This page lists the verified fix and inline mitigations.
CVE-2026-28413 is a open redirect in plone Products.isurlinportal. This page lists the verified fix and inline mitigations.
CVE-2026-28415 is a information exposure in gradio-app gradio. This page lists the verified fix and inline mitigations.
CVE-2026-28417 is a improper neutralization of invalid characters in identifiers in web pages in vim vim. This page lists the verified fix a
CVE-2026-28418 is a heap buffer overflow in vim vim. This page lists the verified fix and inline mitigations.
CVE-2026-28419 is a buffer underwrite ('buffer underflow') in vim vim. This page lists the verified fix and inline mitigations.
CVE-2026-28420 is a heap buffer overflow in vim vim. This page lists the verified fix and inline mitigations.
CVE-2026-28421 is a improper input validation in vim vim. This page lists the verified fix and inline mitigations.
CVE-2026-28423 is a SSRF in statamic cms. This page lists the verified fix and inline mitigations.
CVE-2026-28424 is a missing authorization in statamic cms. This page lists the verified fix and inline mitigations.
CVE-2026-28427 is a path traversal in nekename OpenDeck. This page lists the verified fix and inline mitigations.
CVE-2026-28428 is a authentication bypass in Talishar Talishar. This page lists the verified fix and inline mitigations.
CVE-2026-28434 is a information exposure in yhirose cpp-httplib. This page lists the verified fix and inline mitigations.
CVE-2026-28438 is a SQL injection in cocoindex-io cocoindex. This page lists the verified fix and inline mitigations.
CVE-2026-28443 is a SQL injection in openreplay openreplay. This page lists the verified fix and inline mitigations.
CVE-2026-28444: an insecure direct object reference (IDOR) in typebot.io. Patched version and vendor advisory inside.
CVE-2026-28448 is a improper authorization in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28449 is a cwe-294 authentication bypass by capture-replay in OpenClaw. CVSS 6.3 Medium. Patch commands, mitigations, and verificat
CVE-2026-2845 is a resource exhaustion in GitLab GitLab. This page lists the verified fix and inline mitigations.
CVE-2026-28451 is a SSRF in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28452 is a resource exhaustion in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28457 is a path traversal in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28460: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78) in OpenClaw. Patch comma
CVE-2026-28467 is a SSRF in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28471 is a authentication bypass in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28475 is a observable timing discrepancy in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28476 is a SSRF in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28477 is a CSRF in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-2848: a SQL injection in Simple Responsive Tourism Website. Patched version and vendor advisory inside.
CVE-2026-28480 is a authentication bypass by spoofing in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28481 is a insertion of sensitive information into sent data in OpenClaw OpenClaw. This page lists the verified fix and inline miti
CVE-2026-28486 is a path traversal in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-2849 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-28493 is a cwe-190: integer overflow or wraparound in ImageMagick. CVSS 6.5 Medium. Patch commands, mitigations, and verification.
CVE-2026-28499: LeafKit's HTML escaping may be skipped for Collection values, enabling XSS in leaf-kit. Patch commands and verification.
CVE-2026-2850 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-28503 is a vulnerability in recipes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-28506: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in outline. Patch commands and verification.
CVE-2026-28509 is a cross-site scripting in langbot-app LangBot. This page lists the verified fix and inline mitigations.
CVE-2026-2851 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-28510 authentication bypass by assumed-immutable data in elabftw. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-2852 is an access control bypass in warehouse. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-28532 - CWE-190: Integer Overflow or Wraparound in frr. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-28537 is a double free in Huawei HarmonyOS. This page lists the verified fix and inline mitigations.
CVE-2026-28538 is a cwe-24 path traversal: '../filedir' in Huawei HarmonyOS. This page lists the verified fix and inline mitigations.
CVE-2026-28539 is a cwe-19 data processing errors in Huawei HarmonyOS. This page lists the verified fix and inline mitigations.
CVE-2026-28540 is a cwe-158 improper neutralization of null byte or nul character in Huawei HarmonyOS. This page lists the verified fix and
CVE-2026-28541 is a cwe-264 permissions, privileges, and access controls in Huawei HarmonyOS. This page lists the verified fix and inline mi
CVE-2026-28543 is a cwe-362 concurrent execution using shared resource with improper synchronization ('race condition') in Huawei HarmonyOS.
CVE-2026-28544 is a cwe-362 concurrent execution using shared resource with improper synchronization ('race condition') in Huawei HarmonyOS.
CVE-2026-28545 is a cwe-362 concurrent execution using shared resource with improper synchronization ('race condition') in Huawei HarmonyOS.
CVE-2026-28546 is a heap buffer overflow in Huawei HarmonyOS. This page lists the verified fix and inline mitigations.
CVE-2026-28547 is a cwe-824 access of uninitialized pointer in Huawei HarmonyOS. This page lists the verified fix and inline mitigations.
CVE-2026-28549 is a cwe-362 concurrent execution using shared resource with improper synchronization ('race condition') in Huawei HarmonyOS.
CVE-2026-28550 is a cwe-840 business logic errors in Huawei HarmonyOS. This page lists the verified fix and inline mitigations.
CVE-2026-28551 is a cwe-362 concurrent execution using shared resource with improper synchronization ('race condition') in Huawei HarmonyOS.
CVE-2026-28552 is a cwe-19 data processing errors in Huawei HarmonyOS. This page lists the verified fix and inline mitigations.
CVE-2026-28553 is a permission issues in EMUI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-28554 is a missing authorization in gVectors Team wpForo Forum. This page lists the verified fix and inline mitigations.
CVE-2026-28555 is a missing authorization in gVectors Team wpForo Forum. This page lists the verified fix and inline mitigations.
CVE-2026-28556 is a missing authorization in gVectors Team wpForo Forum. This page lists the verified fix and inline mitigations.
CVE-2026-28558 is a cross-site scripting in gVectors Team wpForo Forum. This page lists the verified fix and inline mitigations.
CVE-2026-28559 is a information exposure in gVectors Team wpForo Forum. This page lists the verified fix and inline mitigations.
CVE-2026-28560 is a cross-site scripting in gVectors Team wpForo Forum. This page lists the verified fix and inline mitigations.
CVE-2026-28561 is a cross-site scripting in gVectors Team wpForo Forum. This page lists the verified fix and inline mitigations.
CVE-2026-28563: Apache Airflow: DAG authorization bypass in Apache Airflow. Patch commands and verification.
CVE-2026-2858 is a path traversal in wren. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2859 is a cwe-204: observable response discrepancy in Checkmk Gmbh Checkmk. CVSS 6.3 Medium. Patch commands, mitigations, and verif
CVE-2026-2860 is a improper authorization in feng_ha_ha ssm-erp. This page lists the verified fix and inline mitigations.
CVE-2026-2861 is a information exposure in n/a Foswiki. This page lists the verified fix and inline mitigations.
CVE-2026-2862: bundle sibling of CVE-2026-1342. Same patched build closes both.
CVE-2026-2863 is a path traversal in feng_ha_ha ssm-erp. This page lists the verified fix and inline mitigations.
CVE-2026-2864 is a path traversal in feng_ha_ha ssm-erp. This page lists the verified fix and inline mitigations.
CVE-2026-2865 is a SQL injection in itsourcecode Agri-Trading Online Shopping System. This page lists the verified fix and inline mitigation
CVE-2026-2867 is a SQL injection in itsourcecode Vehicle Management System. This page lists the verified fix and inline mitigations.
CVE-2026-28675 is a information exposure in OpenSift OpenSift. This page lists the verified fix and inline mitigations.
CVE-2026-2868 improper neutralization of input during web page generation ('cross-site scripti in Gutenverse – Ultimate WordPress FSE Blocks
CVE-2026-28682 is a improper access control in Forceu Gokapi. This page lists the verified fix and inline mitigations.
CVE-2026-28684 is a cwe-59: improper link resolution before file in python-dotenv. This page lists verified fix commands and short-term miti
CVE-2026-28685 is a improper authorization in kimai kimai. This page lists the verified fix and inline mitigations.
CVE-2026-28686 is a cwe-122: heap-based buffer overflow in ImageMagick. CVSS 6.8 Medium. Patch commands, mitigations, and verification.