19,785 CVEs published in 2026. 55 flagged on the CISA Known Exploited Vulnerabilities catalog. Every guide includes runnable Linux, Windows PowerShell, and Bash remediation commands.
19,785 fix guides from 2026 ⚠ 55 actively exploited (CISA KEV)CVE-2026-0300 - Out-of-Bounds Write in Cloud NGFW. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-1281 - Code Injection in Endpoint Manager Mobile. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2026-1340 - Code Injection in Endpoint Manager Mobile. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2026-1731 - OS Command Injection in Remote Support(RS) & Privileged Remote Access(PRA). Runnable patch commands and verification on this
CVE-2026-20127 - Authentication Bypass in Cisco Catalyst SD-WAN Manager. Runnable patch commands, mitigation snippets, and verification step
CVE-2026-20131 - Insecure Deserialization in Cisco Secure Firewall Management Center (FMC). Runnable patch commands and verification on this
CVE-2026-20182 - Authentication Bypass in Cisco Catalyst SD-WAN Manager. Runnable patch commands, mitigation snippets, and verification step
CVE-2026-20963 - Insecure Deserialization in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this p
CVE-2026-21643 - SQL Injection in FortiClientEMS. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-22769 - Hardcoded Credentials in RecoverPoint for Virtual Machines. Runnable patch commands and verification on this page.
CVE-2026-23760 - Remote Code Execution in SmarterMail. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-24061 - Authentication Bypass in Inetutils. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-24423 - Missing Authentication in SmarterMail. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-24858 - Authentication Bypass in FortiOS. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-3055 - Out-of-Bounds Read in ADC. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-33017 - Code Injection in langflow. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-33634 - Remote Code Execution in setup-trivy. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-35616 - Improper Access Control in FortiClientEMS. Runnable patch commands, mitigation snippets, and verification steps on this pag
CVE-2026-39987 - Missing Authentication in marimo. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-41940 - Missing Authentication in cPanel. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-42208 - SQL Injection in litellm. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-9082 - SQL Injection in Drupal core. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-1603 - Authentication Bypass in Endpoint Manager. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2026-20045 - Code Injection in Cisco Unified Communications Manager. Runnable patch commands, mitigation snippets, and verification step
CVE-2026-20128 - Security Vulnerability in Cisco Catalyst SD-WAN Manager. Runnable patch commands and verification on this page.
CVE-2026-20700 - Denial of Service in iOS and iPadOS. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-21385 - Integer Overflow in Snapdragon. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-21509 - Security Bypass in Microsoft 365 Apps for Enterprise. Runnable patch commands, mitigation snippets, and verification steps
CVE-2026-21510 - Security Vulnerability in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2026-21513 - Security Vulnerability in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2026-21514 - Security Vulnerability in Microsoft 365 Apps for Enterprise. Runnable patch commands and verification on this page.
CVE-2026-21519 - Remote Code Execution in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on t
CVE-2026-21533 - Privilege Escalation in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on th
CVE-2026-22719 - Command Injection in VMware Aria Operations. Runnable patch commands, mitigation snippets, and verification steps on this p
CVE-2026-2441 - Use-After-Free in Chrome. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-25108 - OS Command Injection in FileZen. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-31431 - Remote Code Execution in Linux. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-33825 - Security Vulnerability in Microsoft Defender Antimalware Platform. Runnable patch commands and verification on this page.
CVE-2026-34197 - Improper Input Validation in Apache ActiveMQ Broker. Runnable patch commands, mitigation snippets, and verification steps o
CVE-2026-34621 - Security Vulnerability in Acrobat Reader. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2026-3502 - Security Vulnerability in TrueConf Client. Runnable patch commands, mitigation snippets, and verification steps on this page
CVE-2026-3909 - Out-of-Bounds Write in Chrome. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-3910 - Security Vulnerability in Chrome. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-41091 - Security Vulnerability in Microsoft Malware Protection Engine. Runnable patch commands and verification on this page.
CVE-2026-42897 - Cross-Site Scripting in Microsoft Exchange Server 2016 Cumulative Update 23. Runnable patch commands and verification on th
CVE-2026-5281 - Use-After-Free in Chrome. Runnable patch commands, mitigation snippets, and verification steps on this page.
CVE-2026-6973 - Improper Input Validation in Endpoint Manager Mobile. Runnable patch commands, mitigation snippets, and verification steps o
CVE-2026-20122 - Security Vulnerability in Cisco Catalyst SD-WAN Manager. Runnable patch commands and verification on this page.
CVE-2026-20133 - Information Disclosure in Cisco Catalyst SD-WAN Manager. Runnable patch commands and verification on this page.
CVE-2026-20805 - Information Disclosure in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2026-21525 - Null Pointer Dereference in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps o
CVE-2026-32201 - Improper Input Validation in Microsoft SharePoint Enterprise Server 2016. Runnable patch commands and verification on this
CVE-2026-32202 - Security Vulnerability in Windows 10 Version 1607. Runnable patch commands, mitigation snippets, and verification steps on
CVE-2026-34926 - Relative Path Traversal in TrendAI Apex One. Runnable patch commands, mitigation snippets, and verification steps on this p
CVE-2026-45498 - Denial of Service in Microsoft Defender Antimalware Platform. Runnable patch commands and verification on this page.
CVE-2026-0006 is a heap buffer overflow in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0110 is a elevation of privilege in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0111 is a elevation of privilege in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0113 is a elevation of privilege in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0114 is a remote code execution in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0116 is a remote code execution in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0120 is a remote code execution in Google Android. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-0124 is a security vulnerability in Google Android. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-0481 is a weak cryptography in AMD Instinct™ MI210. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0488: a vulnerability in SAP CRM and SAP S/4HANA (Scripting Edito. Patched version and vendor advisory inside.
CVE-2026-0491 is a code injection in SAP Landscape Transformation. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0498: a code injection in SAP S/4HANA (Private Cloud and On-Premis. Patched version and vendor advisory inside.
CVE-2026-0500: a code injection in SAP Wily Introscope Enterprise Manager (. Patched version and vendor advisory inside.
CVE-2026-0501: a SQL injection in SAP S/4HANA Private Cloud and On-Premise. Patched version and vendor advisory inside.
CVE-2026-0509: a vulnerability in SAP NetWeaver Application Server ABAP an. Patched version and vendor advisory inside.
CVE-2026-0542 is a improper isolation or compartmentalization in ServiceNow ServiceNow AI Platform. This page lists the verified fix and inl
CVE-2026-0545: Missing Authentication for Critical Function in mlflow/mlflow in mlflow/mlflow. Patch commands and verification.
CVE-2026-0596 is a command injection in mlflow/mlflow in mlflow/mlflow. CVSS 9.6 Critical. Patch commands, mitigations, and verification.
CVE-2026-0625 is an authentication bypass in DSL-2640B. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0650 is an authentication bypass in Flagr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0740: Ninja Forms - File Upload <= 3.3.26 - Unauthenticated Arbitrary File Upload in Ninja Forms - File Uploads. Patch commands and
CVE-2026-0755 is an OS command injection in gemini-mcp-tool. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0756: an OS command injection in github-kanban-mcp-server. Patched version and vendor advisory inside.
CVE-2026-0759 is an OS command injection in Development Starter Kit. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0760 is an unsafe deserialization in MetaGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0761 is a code injection in MetaGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0763 is an unsafe deserialization in GPT Academic. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0764 is an unsafe deserialization in GPT Academic. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0768 is a code injection in Langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0769 is a code injection in Langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0770 is a local privilege escalation in Langflow. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0773 is an unsafe deserialization in Upsonic. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0848 is a improper input validation in nltk nltk/nltk. This page lists the verified fix and inline mitigations.
CVE-2026-0898 is an access control bypass in Pega Robot Studio. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-0920: a vulnerability in LA-Studio Element Kit for Elementor. Patched version and vendor advisory inside.
CVE-2026-0926 is a vulnerability in Prodigy Commerce. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0953: Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login in Tutor LMS Pro. Patch commands and verification.
CVE-2026-0963 is a path traversal in Crafty Controller. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1009 is a vulnerability in Altium Live. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1019: an authentication bypass in Police Statistics Database System. Patched version and vendor advisory inside.
CVE-2026-1021: an unrestricted file upload in Police Statistics Database System. Patched version and vendor advisory inside.
CVE-2026-1056 is a path traversal in Snow Monkey Forms. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1114: Improper Access Control via Weak JWT Token in parisneo/lollms in parisneo/lollms. Patch commands and verification.
CVE-2026-1115 is a cross-site scripting in parisneo/lollms. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-1162 is a vulnerability in HiPER 810. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1181 is a code injection in Altium 365. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1201 is a vulnerability in Elevation C3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1221: a hard-coded credentials in PrismX MX100 AP controller. Patched version and vendor advisory inside.
CVE-2026-1306 is an unrestricted file upload in midi-Synth. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1331 is an unrestricted file upload in MeetingHub. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1341: an authentication bypass in Avation Light Engine Pro. Patched version and vendor advisory inside.
CVE-2026-1346 is a execution with unnecessary privileges in IBM Verify Identity Access Container, fixed by the same patch as CVE-2026-1342.
CVE-2026-1357 is an unrestricted file upload in WPvivid, Backup. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1358 is an unrestricted file upload in Airleader Master. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1363 is a vulnerability in IAQS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1364 is an authentication bypass in IAQS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1405 is an unrestricted file upload in Slider Future. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1432 is a SQL injection in Buroweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1435 is a vulnerability in Graylog Web Interface. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1453: an authentication bypass in Encoder Series E1 hardware Version 1.4. Patched version and vendor advisory inside.
CVE-2026-1470 is a code injection in the product. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1472 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1473 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1474 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1475 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1476 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1477 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1478 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1479 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1480 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1481 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1482 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1483 is a SQL injection in Evaluación de Desempeño (EDD). Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1490 is a vulnerability in Spam protection. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1492 is a privilege escalation in wpeverest User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restri
CVE-2026-1496 is a vulnerability in Coverity. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1555 is an unrestricted file upload in WebStack. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-1568: an authentication bypass in Vulnerability Management. Patched version and vendor advisory inside.
CVE-2026-1579: PX4 Autopilot Missing authentication for critical function in Autopilot. Patch commands and verification.
CVE-2026-1610 is a hard-coded credentials in AX12 Pro V2. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1615 is a code injection in jsonpath. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1632 is an authentication bypass in MOMA Seismic Station. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-1633 is an authentication bypass in LAN 232 TRIO. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1670 is an authentication bypass in I-HIB2PI-UL 2MP IP. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1678 is a out-of-bounds write in zephyrproject-rtos Zephyr. This page lists the verified fix and inline mitigations.
CVE-2026-1699: a local privilege escalation in Eclipse Theia - Website. Patched version and vendor advisory inside.
CVE-2026-1709 is a path traversal in Red Hat Enterprise Linux 10. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1723 is an OS command injection in X6000R. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1727: an information disclosure in Gemini Enterprise (formerly Agentspace). Patched version and vendor advisory inside.
CVE-2026-1729 is an authentication bypass in AdForest. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1803 is a vulnerability in ZHOME A0101. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1830 is a missing authorization in Quick Playground. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-1868: a server-side template injection in GitLab AI Gateway. Patched version and vendor advisory inside.
CVE-2026-1949 - CWE-131 Incorrect Calculation of Buffer Size in AS320T. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1950 - CWE-121 Stack-based Buffer Overflow in AS320T. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1951 - CWE-121 Stack-based Buffer Overflow in AS320T. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1952 - CWE-912 Hidden Functionality in AS320T. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-1994: a vulnerability in s2Member – Excellent for All Kinds of Me. Patched version and vendor advisory inside.
CVE-2026-20079 is a authentication bypass using an alternate path or channel in Cisco Cisco Secure Firewall Management Center (FMC). This pa
CVE-2026-20093: bundle sibling of CVE-2026-20085. Same patched build closes both.
CVE-2026-20129 is a authentication bypass in Cisco Cisco Catalyst SD-WAN Manager. This page lists the verified fix and inline mitigations.
CVE-2026-20147 is a command injection in Cisco ISE Passive Identity Connector. This page lists verified fix commands and short-term mitigati
CVE-2026-20160: Cisco Smart Software Manager On-Prem Arbitrary Command Execution in Cisco Smart Software Manager On-Prem. Patch commands and
CVE-2026-2017 is a stack-based buffer overflow in W30AP. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-20180 is a path traversal in Cisco Identity Services Engine Software. This page lists verified fix commands and short-term mitigati
CVE-2026-20184 is a certificate validation in Cisco Webex Meetings. This page lists verified fix commands and short-term mitigations you can
CVE-2026-20186 is a command injection in Cisco Identity Services Engine Software. This page lists verified fix commands and short-term mitig
CVE-2026-20223 is an authentication bypass in Cisco Secure Workload. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-2031: a missing authorization in Internal Integration Platform APIs. Patched version and vendor advisory inside.
CVE-2026-20781 is a missing authentication in CloudCharge cloudcharge.se. This page lists the verified fix and inline mitigations.
CVE-2026-20794: a vulnerability in Intel(R) Data Center Graphics Driver for. Patched version and vendor advisory inside.
CVE-2026-20889 is a cwe-190: integer overflow or wraparound in LibRaw, fixed by the same patch as CVE-2026-20884.
CVE-2026-20911 is a cwe-131: incorrect calculation of buffer size in LibRaw, fixed by the same patch as CVE-2026-20884.
CVE-2026-2095 is an authentication bypass in Agentflow. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2096 is an authentication bypass in Agentflow. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21264 is a vulnerability in Microsoft Account. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21410 is a SQL injection in InSAT MasterSCADA BUK-TS. This page lists the verified fix and inline mitigations.
CVE-2026-21413 is a cwe-129: improper validation of array index in LibRaw, fixed by the same patch as CVE-2026-20884.
CVE-2026-21440 is a path traversal in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21515 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Azure IOT Central. Runnable patch commands, mitigati
CVE-2026-21531: an unsafe deserialization in Azure AI Language Authoring. Patched version and vendor advisory inside.
CVE-2026-21536 is a unrestricted file upload in Microsoft Microsoft Devices Pricing Program. This page lists the verified fix and inline mit
CVE-2026-21571 - OS Command Injection in Bamboo Data Center. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-21622 is a cwe-613 insufficient session expiration in hexpm hexpm. This page lists the verified fix and inline mitigations.
CVE-2026-21623: a vulnerability in EasyDiscuss extension for Joomla. Patched version and vendor advisory inside.
CVE-2026-21624: a vulnerability in EasyDiscuss extension for Joomla. Patched version and vendor advisory inside.
CVE-2026-21626: an information disclosure in EasyDiscuss extension for Joomla. Patched version and vendor advisory inside.
CVE-2026-21627 is a cwe-284 improper access control in tassos.gr Novarain/Tassos Framework (plg_system_nrframework). This page lists the ver
CVE-2026-21628 is a unrestricted file upload in astroidframe.work Astroid Template Framework. This page lists the verified fix and inline mi
CVE-2026-21666 is a remote code execution in Veeam Backup and Replication. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-21667 is a remote code execution in Veeam Backup and Replication. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-21669 is a remote code execution in Veeam Backup and Replication. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-21671 is a remote code execution in Veeam Software Appliance. CVSS 9.1 Critical. Patch commands, mitigations, and verification.
CVE-2026-21675 is an use-after-free in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21708 is a cwe-89 sql injection in Veeam Backup and Replication. CVSS 9.9 Critical. Patch commands, mitigations, and verification.
CVE-2026-21718 is a broken cryptography in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-21854 is an authentication bypass in tarkov-data-manager. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-21855 is a vulnerability in tarkov-data-manager. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21858 is an improper input validation in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21861: baserCMS: OS Command Injection Leading to Remote Code Execution (RCE) in basercms. Patch commands and verification.
CVE-2026-21875 is a SQL injection in clipbucket-v5. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21876 is a code injection in coreruleset. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21877 is a code injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21881 is an authentication bypass in kanboard. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21891 is an authentication bypass in ZimaOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21893 is an OS command injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21902 is a incorrect permission assignment in Juniper Networks Junos OS Evolved. This page lists the verified fix and inline mitiga
CVE-2026-21962 is a vulnerability in Oracle HTTP Server. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-21969: a vulnerability in Oracle Agile Product Lifecycle Managemen. Patched version and vendor advisory inside.
CVE-2026-21992 is a vulnerability in Oracle Identity Manager. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21994: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Clou
CVE-2026-22034 is a vulnerability in snuffleupagus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22039 is a vulnerability in kyverno. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22172 is a vulnerability in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22193: wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions() in wpDiscuz. Patch commands and verification.
CVE-2026-22207 is a missing authentication in Volcengine OpenViking. This page lists the verified fix and inline mitigations.
CVE-2026-22208 is a vulnerability in OpenS100. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22234 is a vulnerability in eCase Portal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22236 is an authentication bypass in BLUVOYIX. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22237 is an information disclosure in BLUVOYIX. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22238 is an authentication bypass in BLUVOYIX. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22239 is a vulnerability in BLUVOYIX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22240 is a vulnerability in BLUVOYIX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22252 is an access control bypass in LibreChat. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22314: a code injection in Meona Client Launcher Component. Patched version and vendor advisory inside.
CVE-2026-22336 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Directorist Booking. Runnabl
CVE-2026-22337 - CWE-266 Incorrect Privilege Assignment in Directorist Social Login. Runnable patch commands, mitigation, and verification o
CVE-2026-2234: an authentication bypass in C&Cm@il package olln-base. Patched version and vendor advisory inside.
CVE-2026-22384 is an unsafe deserialization in Applay - Shortcodes. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-22390 is a code injection in Builderall Builderall Builder for WordPress. This page lists the verified fix and inline mitigations.
CVE-2026-22417 is a unsafe deserialization in ThemeGoods Grand Wedding. This page lists the verified fix and inline mitigations.
CVE-2026-22451 is a unsafe deserialization in AncoraThemes Handyman. This page lists the verified fix and inline mitigations.
CVE-2026-22453 is a unsafe deserialization in ThemeREX Pets Club. This page lists the verified fix and inline mitigations.
CVE-2026-22454 is a unsafe deserialization in ThemeREX Solaris. This page lists the verified fix and inline mitigations.
CVE-2026-22474 is a unsafe deserialization in ThemeREX Equestrian Centre. This page lists the verified fix and inline mitigations.
CVE-2026-22475 is a unsafe deserialization in axiomthemes Estate. This page lists the verified fix and inline mitigations.
CVE-2026-2248 is an authentication bypass in METIS WIC. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22484 is a SQL injection in Lisfinity Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2249 is an authentication bypass in METIS DFS. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22497 is a unsafe deserialization in AncoraThemes Jardi. This page lists the verified fix and inline mitigations.
CVE-2026-22500: an unsafe deserialization in m2 | Construction and Tools Store. Patched version and vendor advisory inside.
CVE-2026-22501 is a unsafe deserialization in axiomthemes Mounthood. This page lists the verified fix and inline mitigations.
CVE-2026-22507 is an unsafe deserialization in Beelove. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2251 is a path traversal in Xerox FreeFlow Core. This page lists the verified fix and inline mitigations.
CVE-2026-22540 is a denial of service in QC60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22542 is a denial of service in QC 60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22552 is a missing authentication in ePower epower.ie. This page lists the verified fix and inline mitigations.
CVE-2026-22553 is a OS command injection in InSAT MasterSCADA BUK-TS. This page lists the verified fix and inline mitigations.
CVE-2026-22557 is a path traversal in Ubiquiti Inc UniFi Network Application. CVSS 10 Critical. Patch commands, mitigations, and verificatio
CVE-2026-22562 is a path traversal in UniFi Play Audio Port. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-22563 is an improper input validation in UniFi Play Audio Port. This page lists verified fix commands and short-term mitigations yo
CVE-2026-22564 is an access control - generic in UniFi Play Audio Port. This page lists verified fix commands and short-term mitigations you
CVE-2026-22599 is a SQL injection in strapi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22600 is an information disclosure in openproject. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22679: Weaver E-cology 10.0 Unauthenticated RCE via dubboApi Debug Endpoint in E-cology. Patch commands and verification.
CVE-2026-22686 is an authentication bypass in enclave. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22688 is an OS command injection in WeKnora. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22696 is an authentication bypass in dcap-qvl. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22709 is a code injection in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22732: Under Some Conditions Spring Security HTTP Headers Are not Written in Spring Security. Patch commands and verification.
CVE-2026-22738 is a vulnerability in Spring AI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22755: an OS command injection in Affected device model numbers are FD8365. Patched version and vendor advisory inside.
CVE-2026-22778 is a vulnerability in vllm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22781 is an OS command injection in TinyWeb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22783 is an unrestricted file upload in iris-web. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-22785 is an OS command injection in orval. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22792 is a vulnerability in 5ire. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22793 is a code injection in 5ire. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22794 is a vulnerability in appsmith. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22797 is an authentication bypass in keystonemiddleware. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-22799 is an unrestricted file upload in emlog. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22806 is an access control bypass in loft. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22813 is a vulnerability in opencode. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22822 is an access control bypass in external-secrets. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22844 is an OS command injection in Zoom Node. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22863 is a path traversal in deno. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22886 is a cwe-1392 use of default credentials in Eclipse Foundation Eclipse OpenMQ. This page lists the verified fix and inline mi
CVE-2026-22891 is a heap buffer overflow in The Biosig Project libbiosig. This page lists the verified fix and inline mitigations.
CVE-2026-22898 is an authentication bypass in QVR Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22903 is a stack-based buffer overflow in 0852-1322. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22904 is a stack-based buffer overflow in 0852-1322. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22906 is a vulnerability in 0852-1322. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22907 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22908 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22924 is an authentication bypass in SIMATIC CN 4100. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-22984 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23112 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23240 is a tls: fix race condition in tls_sw_cancel_work_tx() in Linux. CVSS 9.8 Critical. Patch commands, mitigations, and verific
CVE-2026-2329 is a stack-based buffer overflow in GXP1610. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2330 is a cwe-552 files or directories accessible to external parties in SICK AG SICK Lector85x. This page lists the verified fix a
CVE-2026-2331 is a cwe-552 files or directories accessible to external parties in SICK AG SICK Lector85x. This page lists the verified fix a
CVE-2026-2333 is an OS command injection in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23427 is a ksmbd: fix use-after-free in durable v2 replay of active file handles in Linux, fixed by the same patch as CVE-2026-2340
CVE-2026-23428 is a ksmbd: fix use-after-free of share_conf in compound request in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23450 is a net/smc: fix null dereference and uaf in smc_tcp_syn_recv_sock() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23455 is a netfilter: nf_conntrack_h323: check for zero length in decodeq931() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-2347: an insecure direct object reference (IDOR) in E-Commerce Website. Patched version and vendor advisory inside.
CVE-2026-23478 is a vulnerability in cal.com. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23489: Fields GLPI plugin vulnerable to RCE in dropdown generation in fields. Patch commands and verification.
CVE-2026-23491 is a path traversal in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23500 is an OS command injection in dolibarr. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23515 is an OS command injection in signalk-server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-23518 is an authentication bypass in fleet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23520 is an OS command injection in arcane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23523 is a code injection in Dive. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23524 is an unsafe deserialization in reverb. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23542 is an unsafe deserialization in Grand Restaurant. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-23549 is an unsafe deserialization in WpEvently. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23550 is a vulnerability in Modular DS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23552 is a cwe-346 origin validation error in Apache Software Foundation Apache Camel. This page lists the verified fix and inline
CVE-2026-23600 is a authentication bypass in Hewlett Packard Enterprise (HPE) HPE AutoPass License Server (APLS). This page lists the verifi
CVE-2026-23647 is a hard-coded credentials in RBG-100. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23652 is an OS command injection in Microsoft Power Pages. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-23693 is a missing authentication in Roxnor ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor. This
CVE-2026-23696: Windmill < 1.603.3 File Ownership Handling SQLi RCE in Windmill CE (Community Edition). Patch commands and verification.
CVE-2026-23722 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23734 is a path traversal in xwiki-commons. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23744 is an authentication bypass in inspector. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-23746: an authentication bypass in Instant Financial Issuance (IF). Patched version and vendor advisory inside.
CVE-2026-23751 - CWE-306 Missing Authentication for Critical Function in Kofax Capture. Runnable patch commands, mitigation, and verificatio
CVE-2026-23767 is a missing authentication in Seiko Epson Corporation ESC/POS. This page lists the verified fix and inline mitigations.
CVE-2026-23781 is a hard-coded credentials in An. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23800 is a vulnerability in Modular DS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23802 is a unrestricted file upload in Jordy Meow AI Engine. This page lists the verified fix and inline mitigations.
CVE-2026-23813 is a security vulnerability in Hewlett Packard Enterprise (hpe) AOS-CX. CVSS 9.8 Critical. Patch commands, mitigations, and v
CVE-2026-23830 is a code injection in SandboxJS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23836 is an improper input validation in hotcrp. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23837 is an access control bypass in MyTube. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23839 is an improper input validation in movary. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23840 is an improper input validation in movary. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23841 is an improper input validation in movary. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-23891 is a cross-site scripting in decidim. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23947 is an OS command injection in orval. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23966 is a vulnerability in sm-crypto. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24002 is a vulnerability in grist-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24015: Apache IoTDB: Insecure Default Configuration in Apache IoTDB. Patch commands and verification.
CVE-2026-24042 is a vulnerability in appsmith. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24044 is a vulnerability in ess-helm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24060 is a vulnerability in WebCTRL Premium Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2409 is a SQL injection in Cloud Suite. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24101 is a OS command injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24103 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24105 is a code injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24107 is a code injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24108 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24109 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24110 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24111 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24113 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24115 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24118 improper control of generation of code ('code injection') in vm2. Runnable upgrade commands and verification steps for sysadm
CVE-2026-24120 is a protection mechanism failure in vm2. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-2417 is an authentication bypass in Mosaic Show Controller. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-24178 - CWE-639 Authorization Bypass Through User-Controlled Key in FLARE SDK. Runnable patch commands, mitigation, and verificatio
CVE-2026-2418 is a security vulnerability in Unknown Login with Salesforce. This page lists the verified fix and inline mitigations.
CVE-2026-24207: an authentication bypass in Triton Inference Server. Patched version and vendor advisory inside.
CVE-2026-24300 is an access control bypass in Azure Front Door. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-24303 - CWE-284: Improper Access Control in Microsoft Partner Center. Runnable patch commands, mitigation, and verification on this
CVE-2026-24304: an access control bypass in Azure Resource Manager. Patched version and vendor advisory inside.
CVE-2026-24305 is an access control bypass in Microsoft Entra. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24306 is an access control bypass in Azure Front Door. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-24307 is an authentication bypass in Microsoft 365 Copilot. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-24378 is an unsafe deserialization in EventPrime. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24399 is a vulnerability in chattermate.chat. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24429 is a default credentials in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24436 is a vulnerability in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24448 is a use of hard-coded credentials in Micro Research Ltd. MR-GM5L-S1. CVSS 9.8 Critical. Patch commands, mitigations, and ver
CVE-2026-24457 is a path traversal in Eclipse Foundation Eclipse OpenMQ. This page lists the verified fix and inline mitigations.
CVE-2026-2446 is a missing authorization in Unknown PowerPack for LearnDash. This page lists the verified fix and inline mitigations.
CVE-2026-24465 is a stack-based buffer overflow in WAB-S733IW2-PD. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-24467 is a cwe-640: weak password recovery mechanism for in openaev. This page lists verified fix commands and short-term mitigatio
CVE-2026-24471 is a vulnerability in continuwuity. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24479 is a path traversal in hustoj. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2449 is a neutralization of argument delimiters in a in upKeeper Instant Privilege Access. This page lists verified fix commands an
CVE-2026-24494 is a SQL injection in Order Up Online Ordering System. This page lists the verified fix and inline mitigations.
CVE-2026-24663 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-24685 is an OS command injection in openproject. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24713: Apache IoTDB: JEXL Expression Injection in Apache IoTDB. Patch commands and verification.
CVE-2026-24728 is an authentication bypass in DreamMaker. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24729 is an unrestricted file upload in DreamMaker. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24731 is a missing authentication in EV2GO ev2go.io. This page lists the verified fix and inline mitigations.
CVE-2026-24736 is a vulnerability in squidex. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24770 is a path traversal in ragflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24781 improper control of generation of code ('code injection') in vm2. Runnable upgrade commands and verification steps for sysadm
CVE-2026-24789 is an authentication bypass in ZLAN5143D. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24793 is an OS command injection in azerothcore-wotlk. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-24794 is a memory corruption in cardboard. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24798 is a memory corruption in DagorEngine. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24800 is an OS command injection in furnace. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24803 is a denial of service in lede. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24804 is a denial of service in lede. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24810 is a vulnerability in rethinkdb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24811 is a vulnerability in root. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24812 is a vulnerability in root. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24814 is a vulnerability in swoole-src. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24815 is an unsafe deserialization in tis. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24816 is a denial of service in tis. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24821 is a path traversal in WickedEngine. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24822 is an OS command injection in wxhelper. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24823 is an OS command injection in X-TRACK. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24826 is an OS command injection in turso3d. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24830 is a vulnerability in IronOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24832 is an OS command injection in ixray-1.6-stcop. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24834 is an arbitrary file read in kata-containers. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24838 is a vulnerability in Dnn.Platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24841 is an OS command injection in dokploy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24849 is a path traversal in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-24871 is a code injection in Minecraft-Rcon-Manage. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24872 is a vulnerability in SkyFire_548. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24874 is a vulnerability in xray-monolith. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24897 is a path traversal in Erugo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24898 is a authentication bypass in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-24908 is a SQL injection in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-24936 is an improper input validation in ADM. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24956: a SQL injection in Download Manager Addons for Elementor. Patched version and vendor advisory inside.
CVE-2026-24960 is a unrestricted file upload in zozothemes Charety. This page lists the verified fix and inline mitigations.
CVE-2026-24968 is a vulnerability in Xagio SEO. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24971 is a vulnerability in Search & Go. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24989 is an unsafe deserialization in SUMO Affiliates Pro. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-24993: a SQL injection in Advanced WooCommerce Product Sales Repor. Patched version and vendor advisory inside.
CVE-2026-25029 is an unsafe deserialization in KIDZ. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25030 is an unsafe deserialization in Goldish. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25031 is an unsafe deserialization in Tasty Daily. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25032 is an unsafe deserialization in Ricky. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25035 is an authentication bypass in Contest Gallery. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25047 is a vulnerability in deepHas. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25049 is a code injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25052 is a vulnerability in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25053 is an OS command injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25056 is an unrestricted file upload in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25057 is a path traversal in Markus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25069: a path traversal in Pironman Dashboard (pm_dashboard). Patched version and vendor advisory inside.
CVE-2026-25070: XikeStor SKS8310-8X PingTestSet Command Injection in XikeStor SKS8310-8X. Patch commands and verification.
CVE-2026-25084 is an authentication bypass in ZLAN5143D. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25115 is an authentication bypass in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25130 is an OS command injection in cai. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25134 is a vulnerability in groupoffice. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25137 is a vulnerability in nixpkgs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25141 is a code injection in orval. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25142 is a code injection in SandboxJS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25146 is a information exposure in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-25150 is a vulnerability in qwik. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25160 is a code injection in alist. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25192 is an authentication bypass in Chargeportal. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25197: Gardyn Cloud API Authorization Bypass Through User-Controlled Key in Cloud API. Patch commands and verification.
CVE-2026-25199 exposure of sensitive information to an unauthorized actor in Apache CloudStack. Runnable upgrade commands and verification s
CVE-2026-25200 is an unrestricted file upload in MagicINFO 9 Server. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-25202 is a hard-coded credentials in MagicINFO 9 Server. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-25212 is a n/a in the vendor n/a. CVSS 9.9 Critical. Patch commands, mitigations, and verification.
CVE-2026-25227 is a code injection in authentik. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25237 is a vulnerability in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25238 is a SQL injection in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25241 is a SQL injection in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25244 is an OS command injection in webdriverio. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25293 is a buffer overflow in Snapdragon. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-25340 is a SQL injection in Jobmonster. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25345 is an access control bypass in SimpLy Gallery. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25366 is a code injection in Woody ad snippets. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25371 is a SQL injection in Lumise Product Designer. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25377 is a SQL injection in Addon Jobsearch Chat. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25413 is an unrestricted file upload in WPBookit Pro. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25429 is an unsafe deserialization in Nexa Blocks. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25447 is a code injection in Widget Wrangler. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25449: WordPress Traveler theme < 3.2.8.1 - PHP Object Injection in Traveler. Patch commands and verification.
CVE-2026-25481 is a code injection in langroid. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2550 is an unrestricted file upload in iptime A6004MX. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-25505 is an authentication bypass in bambuddy. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25510 is an unrestricted file upload in ci4ms. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25512 is an OS command injection in groupoffice. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25520 is a vulnerability in SandboxJS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25521 is a vulnerability in locutus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25526 is a server-side template injection in jinjava. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25534: CWE-918: Server-Side Request Forgery (SSRF) in clouddriver-artifacts. Patch commands and verification.
CVE-2026-25539 is a path traversal in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25544 is a SQL injection in payload. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25547 is a vulnerability in brace-expansion. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25548 is a code injection in InvoicePlane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25579 is a vulnerability in navidrome. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25586 is a vulnerability in SandboxJS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25587 is a code injection in SandboxJS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25592 is a path traversal in semantic-kernel. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25632 is an unsafe deserialization in EPyT-Flow. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-2564 is a vulnerability in VIP 3260 Z IA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25641 is a vulnerability in SandboxJS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25643 is an OS command injection in frigate. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25660 - CWE-290 Authentication bypass by spoofing in CodeChecker. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-25715 is a vulnerability in USR-W610. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25728 is a vulnerability in clipbucket-v5. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25751 is an authentication bypass in FUXA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25752 is a vulnerability in FUXA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25753 is a hard-coded credentials in assessment-placipy. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-25763 is an OS command injection in openproject. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25769: Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization in wazuh. Patch commands and verification.
CVE-2026-2577 is an authentication bypass in nanobot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25770: Wazuh has Privilege Escalation to Root via Cluster Protocol File Write in wazuh. Patch commands and verification.
CVE-2026-25775 - CWE-306 Missing authentication for critical function in X3050. Runnable patch commands, mitigation, and verification on thi
CVE-2026-25776 is a code injection in Six Apart Ltd. Movable Type. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-25785 is a path traversal in MOTEX Inc. Lanscope Endpoint Manager (On-Premises) Sub-Manager Server. This page lists the verified fi
CVE-2026-25786: a cross-site scripting (XSS) in SIMATIC Drive Controller CPU 1504D TF. Patched version and vendor advisory inside.
CVE-2026-25787: a cross-site scripting (XSS) in SIMATIC Drive Controller CPU 1504D TF. Patched version and vendor advisory inside.
CVE-2026-25803 is a hard-coded credentials in 3dp-manager. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25812 is a vulnerability in assessment-placipy. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25814 is a vulnerability in assessment-placipy. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25818 is a n/a in the vendor n/a. CVSS 9.1 Critical. Patch commands, mitigations, and verification.
CVE-2026-25823 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-2584 is a SQL injection in Ciser System SL CSIP firmware. This page lists the verified fix and inline mitigations.
CVE-2026-25848 is an authentication bypass in Hub. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25851 is a missing authentication in Chargemap chargemap.com. This page lists the verified fix and inline mitigations.
CVE-2026-25858 is a vulnerability in mall. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2586 is a code injection in Eclipse Glassfish. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2587 is a vulnerability in Eclipse Glassfish. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25873: OmniGen2-RL Reward Server Unsafe Deserialization RCE in OmniGen2-RL. Patch commands and verification.
CVE-2026-25874 - CWE-502 Deserialization of Untrusted Data in LeRobot. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-25875 is an access control bypass in assessment-placipy. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2588 is a integer overflow in TIMLEGGE Crypt::NaCl::Sodium. This page lists the verified fix and inline mitigations.
CVE-2026-25881 is a vulnerability in SandboxJS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25885 is an access control bypass in PolarLearn. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25893 is an access control bypass in FUXA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25894 is a vulnerability in FUXA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25895 is a path traversal in FUXA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25896 is a vulnerability in fast-xml-parser. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2590 is a improper certificate validation in Devolutions Remote Desktop Manager. This page lists the verified fix and inline mitiga
CVE-2026-25921 is a insufficient verification of data authenticity in gogs gogs. This page lists the verified fix and inline mitigations.
CVE-2026-25938 is an authentication bypass in FUXA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25939 is a vulnerability in FUXA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2599 is a unsafe deserialization in crmperks Database for Contact Form 7, WPforms, Elementor forms. This page lists the verified fi
CVE-2026-25993 is a SQL injection in evershop. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26009 is an OS command injection in catalyst. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-26011 is an OS command injection in navigation2. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-26015 - CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in DocsGPT. Runnable patch comm
CVE-2026-26016 is a vulnerability in panel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26020 is an access control bypass in AutoGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-26021 is a vulnerability in set-in. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26026 is a glpi has a server-side template injection via double-compilation in Glpi-project glpi, fixed by the same patch as CVE-20
CVE-2026-26030 is a code injection in semantic-kernel. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-26051 is a missing authentication in Mobiliti e-mobi.hu. This page lists the verified fix and inline mitigations.
CVE-2026-26064 is a path traversal in calibre. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26065 is a path traversal in calibre. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26068 is an OS command injection in emp3r0r. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26069 is an information disclosure in scraparr. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-26083 is a missing authorization in FortiSandbox Cloud. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2611 is a vulnerability in mlflow/mlflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26135: Azure Custom Locations Resource Provider (RP) Elevation of Privilege in Azure Custom Locations Resource Provider. Patch comm
CVE-2026-26137: Microsoft Exchange Elevation of Privilege in Microsoft Exchange Online. Patch commands and verification.
CVE-2026-26149 is a cwe-150: improper neutralization of escape, meta in Microsoft Power Apps Desktop Client. This page lists verified fix co
CVE-2026-26190 is an authentication bypass in milvus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26198 is a SQL injection in collerek ormar. This page lists the verified fix and inline mitigations.
CVE-2026-26210 - CWE-502 Deserialization of Untrusted Data in ktransformers. Runnable patch commands, mitigation, and verification on this p
CVE-2026-26214 is a vulnerability in Galaxy FDS Android SDK. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26215: an unsafe deserialization in manga-image-translator. Patched version and vendor advisory inside.
CVE-2026-26216 is a code injection in Crawl4AI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26217 is a path traversal in Crawl4AI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26218 is a hard-coded credentials in newbee-mall. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-26219 is a vulnerability in newbee-mall. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26220 is an unsafe deserialization in LightLLM. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-26221: an unsafe deserialization in OnBase Workflow Timer Service. Patched version and vendor advisory inside.
CVE-2026-26222 is a unsafe deserialization in Beyond Limits Inc. Altec DocLink. This page lists the verified fix and inline mitigations.
CVE-2026-2624 is a missing authentication in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW). This page lis
CVE-2026-26266 is a cross-site scripting in aliasvault aliasvault. This page lists the verified fix and inline mitigations.
CVE-2026-26273 is an information disclosure in known. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26279 is a OS command injection in froxlor Froxlor. This page lists the verified fix and inline mitigations.
CVE-2026-2628 is a cwe-288 authentication bypass using an alternate path or channel in cyberlord92 All-in-One Microsoft 365 & Entra ID / Azu
CVE-2026-26288 is a missing authentication in Everon api.everon.io. This page lists the verified fix and inline mitigations.
CVE-2026-2631: Datalogics Ecommerce Delivery < 2.6.60 - Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery. Patch command
CVE-2026-26332 improper control of generation of code ('code injection') in vm2. Runnable upgrade commands and verification steps for sysadm
CVE-2026-26333 is an authentication bypass in VeraSMART. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-26335 is an unsafe deserialization in VeraSMART. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-26339: a vulnerability in Alfresco Transformation Service (Enterpr. Patched version and vendor advisory inside.
CVE-2026-2634 is a cwe-451 user interface (ui) misrepresentation of critical information in Mozilla Firefox for iOS. This page lists the ver
CVE-2026-26341 is a cwe-1392 use of default credentials in Tattile s.r.l. Smart+. This page lists the verified fix and inline mitigations.
CVE-2026-2635 is a hard-coded credentials in MLflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26366 is a vulnerability in eNet SMART HOME server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26369 is a vulnerability in eNet SMART HOME server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26478 is a OS command injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26694 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26695 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26696 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26700 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26701 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26702 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26703 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26704 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26705 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26706 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26707 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26708 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26709 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26710 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26711 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26712 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26713 is a SQL injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26720 is a code injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26791 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-26792 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-26793 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-26795 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-26830 is an OS command injection in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26832 is an OS command injection in n/a. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2686 is an OS command injection in G10. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26954 is a sandboxjs has a sandbox escape in Nyariv SandboxJS. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-26956 is a protection mechanism failure in vm2. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-26980 is a SQL injection in Ghost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26988 is a SQL injection in librenms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2699: EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC) in ShareFile Storage Zones Controller. Patch commands
CVE-2026-2701: RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC) in ShareFile Storage Zones Controller. Patch commands
CVE-2026-27012 is a missing authentication in devcode-it openstamanager. This page lists the verified fix and inline mitigations.
CVE-2026-27028 is a missing authentication in Mobility46 mobility46.se. This page lists the verified fix and inline mitigations.
CVE-2026-27044 is a code injection in Total Poll Lite. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-27049 is an authentication bypass in Jobica Core. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-27051 is a vulnerability in Golo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27065: WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion in BuilderPress. Patch commands and verification.
CVE-2026-27067: Unrestricted Upload of File with Dangerous Type in Mobile App Editor. Patch commands and verification.
CVE-2026-27071 is a vulnerability in WPCafe. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27082 is an unsafe deserialization in Love Story. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-27083: an unsafe deserialization in Work & Travel Company. Patched version and vendor advisory inside.
CVE-2026-27084 is an unsafe deserialization in Buisson. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-27095: an unsafe deserialization in Bus Ticket Booking with Seat Reservation. Patched version and vendor advisory inside.
CVE-2026-27112 is an access control bypass in kargo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27130 is an OS command injection in dokploy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27143: Missing bound checks can lead to memory corruption in safe Go in cmd/compile in cmd/compile. Patch commands and verification
CVE-2026-27174 is a code injection in MajorDoMo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27175 is an OS command injection in MajorDoMo. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-27180 is a code injection in MajorDoMo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27197 is a authentication bypass in getsentry sentry. This page lists the verified fix and inline mitigations.
CVE-2026-27208 is a OS command injection in bleon-ethical api-gateway-deploy. This page lists the verified fix and inline mitigations.
CVE-2026-27211 is a external control of file name or path in cloud-hypervisor cloud-hypervisor. This page lists the verified fix and inline
CVE-2026-27212 is a improperly controlled modification of object prototype attributes ('prototype pollution') in nolimits4web swiper. This p
CVE-2026-27243 is a cross-site scripting in Adobe Connect. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-27245 is a cross-site scripting in Adobe Connect. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-27246 is a cross-site scripting in Adobe Connect. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-27303 is a deserialization of untrusted data in Adobe Connect. This page lists verified fix commands and short-term mitigations you
CVE-2026-27304 is an improper input validation in ColdFusion. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-2731 is a path traversal in DynamicWeb 9. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27384 is a improper validation of specified quantity in input in BoldGrid W3 Total Cache. This page lists the verified fix and inli
CVE-2026-27389 is a authentication bypass using an alternate path or channel in designthemes WeDesignTech Ultimate Booking Addon. This page
CVE-2026-27413: WordPress Profile Builder Pro plugin < 3.14.0 - SQL Injection in Profile Builder Pro. Patch commands and verification.
CVE-2026-27417 is a unsafe deserialization in SeventhQueen Sweet Date. This page lists the verified fix and inline mitigations.
CVE-2026-2743 is a path traversal in SeppMail SeppMail. This page lists the verified fix and inline mitigations.
CVE-2026-27437 is a unsafe deserialization in ThemeREX Tennis Club. This page lists the verified fix and inline mitigations.
CVE-2026-27438 is a unsafe deserialization in ThemeREX Kingler. This page lists the verified fix and inline mitigations.
CVE-2026-27439 is a unsafe deserialization in ThemeREX Dentario. This page lists the verified fix and inline mitigations.
CVE-2026-27441 is a OS command injection in SEPPmail Secure Email Gateway. This page lists the verified fix and inline mitigations.
CVE-2026-27442 is a path traversal in SEPPmail Secure Email Gateway. This page lists the verified fix and inline mitigations.
CVE-2026-27446 is a missing authentication in Apache Software Foundation Apache Artemis. This page lists the verified fix and inline mitigat
CVE-2026-27452 is a information exposure in JonathanWilbur asn1-ts. This page lists the verified fix and inline mitigations.
CVE-2026-27471 is a missing authorization in frappe erpnext. This page lists the verified fix and inline mitigations.
CVE-2026-27475 is an unsafe deserialization in SPIP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27476 is an OS command injection in RustFly. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27478 is a cwe-290: authentication bypass by spoofing in unitycatalog. CVSS 9.1 Critical. Patch commands, mitigations, and verifica
CVE-2026-2749 is a security vulnerability in Centreon the affected product. This page lists the verified fix and inline mitigations.
CVE-2026-27493 is a code injection in n8n-io n8n. This page lists the verified fix and inline mitigations.
CVE-2026-27495 is a code injection in n8n-io n8n. This page lists the verified fix and inline mitigations.
CVE-2026-27497 is a code injection in n8n-io n8n. This page lists the verified fix and inline mitigations.
CVE-2026-27498 is a code injection in n8n-io n8n. This page lists the verified fix and inline mitigations.
CVE-2026-2750 is a improper input validation in Centreon Centreon Open Tickets on Central Server. This page lists the verified fix and inlin
CVE-2026-27507 is a hardcoded credentials in Binardat Ltd. 10G08-0800GSM Network Switch. This page lists the verified fix and inline mitigat
CVE-2026-27515 is a cwe-330 use of insufficiently random values in Binardat Ltd. 10G08-0800GSM Network Switch. This page lists the verified
CVE-2026-27540: Unrestricted Upload of File with Dangerous Type in Woocommerce Wholesale Lead Capture. Patch commands and verification.
CVE-2026-27542: Incorrect Privilege Assignment in Woocommerce Wholesale Lead Capture. Patch commands and verification.
CVE-2026-2757 is a cwe-1384 improper handling of physical or environmental conditions in Mozilla Firefox. This page lists the verified fix a
CVE-2026-27574 is a code injection in OneUptime oneuptime. This page lists the verified fix and inline mitigations.
CVE-2026-27575 is a weak password requirements in go-vikunja vikunja. This page lists the verified fix and inline mitigations.
CVE-2026-27577 is a code injection in n8n-io n8n. This page lists the verified fix and inline mitigations.
CVE-2026-2758 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27584 is a missing authentication in actualbudget actual. This page lists the verified fix and inline mitigations.
CVE-2026-2759 is a cwe-1384 improper handling of physical or environmental conditions in Mozilla Firefox. This page lists the verified fix a
CVE-2026-27591: Winter: Privilege escalation by authenticated backend users in winter. Patch commands and verification.
CVE-2026-27593 is a weak password recovery mechanism for forgotten password in statamic cms. This page lists the verified fix and inline mit
CVE-2026-27595 is a missing authentication in parse-community parse-dashboard. This page lists the verified fix and inline mitigations.
CVE-2026-27597 is a code injection in agentfront enclave. This page lists the verified fix and inline mitigations.
CVE-2026-2760 is a cwe-1384 improper handling of physical or environmental conditions in Mozilla Firefox. This page lists the verified fix a
CVE-2026-27608 is a missing authorization in parse-community parse-dashboard. This page lists the verified fix and inline mitigations.
CVE-2026-2761 is a cwe-693 protection mechanism failure in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27613 is a OS command injection in maximmasiutin TinyWeb. This page lists the verified fix and inline mitigations.
CVE-2026-27614 is a cross-site scripting in bugsink bugsink. This page lists the verified fix and inline mitigations.
CVE-2026-2762 is a integer overflow in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27626 is a OS command injection in OliveTin OliveTin. This page lists the verified fix and inline mitigations.
CVE-2026-2763 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27637 is a use of insufficiently random values in freescout-help-desk freescout. This page lists the verified fix and inline mitiga
CVE-2026-2764 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27641 is a improper neutralization of special elements used in a template engine in jugmac00 flask-reuploaded. This page lists the
CVE-2026-2765 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-2766 is a use-after-free in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-2768 is a cwe-693 protection mechanism failure in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27681 is a SQL injection in SAP Business Planning and Consolidation and SAP Business Warehouse. This page lists verified fix comman
CVE-2026-27685: Insecure Deserialization in SAP NetWeaver Enterprise Portal Administration in SAP NetWeaver Enterprise Portal Administration
CVE-2026-27699 is a path traversal in patrickjuchli basic-ftp. This page lists the verified fix and inline mitigations.
CVE-2026-27702 is a improper input validation in Budibase budibase. This page lists the verified fix and inline mitigations.
CVE-2026-2771 is a out-of-bounds read in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27728 is a OS command injection in OneUptime oneuptime. This page lists the verified fix and inline mitigations.
CVE-2026-2773 is a buffer overflow in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27739 is a SSRF in angular angular-cli. This page lists the verified fix and inline mitigations.
CVE-2026-27743 is a SQL injection in SPIP referer_spam. This page lists the verified fix and inline mitigations.
CVE-2026-27744 is a code injection in SPIP tickets. This page lists the verified fix and inline mitigations.
CVE-2026-2775 is a cwe-288 authentication bypass using an alternate path or channel in Mozilla Firefox. This page lists the verified fix and
CVE-2026-27751 is a cwe-1392 use of default credentials in Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) SODOLA SL902-SWTGW12
CVE-2026-27755 is a cwe-330 use of insufficiently random values in Shenzhen Hongyavision Technology Co., Ltd. (Sodola Networks) SODOLA SL902
CVE-2026-2776 is a buffer overflow in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27760 - CWE-94 Improper Control of Generation of Code ('Code Injection') in OpenCATS. Runnable patch commands, mitigation, and veri
CVE-2026-27767 is a missing authentication in SWITCH EV swtchenergy.com. This page lists the verified fix and inline mitigations.
CVE-2026-2777 is a privilege escalation in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27772 is a missing authentication in EV Energy ev.energy. This page lists the verified fix and inline mitigations.
CVE-2026-2778 is a buffer overflow in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-2779 is a buffer overflow in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27804 is a broken cryptography in parse-community parse-server. This page lists the verified fix and inline mitigations.
CVE-2026-27822 is a cross-site scripting in rustfs rustfs. This page lists the verified fix and inline mitigations.
CVE-2026-27825: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in mcp-atlassian. Patch commands and
CVE-2026-2784 is a cwe-288 authentication bypass using an alternate path or channel in Mozilla Firefox. This page lists the verified fix and
CVE-2026-27842: Authentication Bypass Using an Alternate Path or Channel in MR-GM5L-S1. Patch commands and verification.
CVE-2026-27843 - CWE-306 Missing authentication for critical function in X3050. Runnable patch commands, mitigation, and verification on thi
CVE-2026-27847 is a SQL injection in Linksys MR9600. This page lists the verified fix and inline mitigations.
CVE-2026-27848 is a OS command injection in Linksys MR9600. This page lists the verified fix and inline mitigations.
CVE-2026-27849 is a OS command injection in Linksys MR9600. This page lists the verified fix and inline mitigations.
CVE-2026-27876 is a vulnerability in Grafana. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2788 is a buffer overflow in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27886 is a path traversal in strapi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27897: Vociferous Unauthenticated Remote Path Traversal (RCE via CSRF) in Vociferous. Patch commands and verification.
CVE-2026-2791 is a cwe-288 authentication bypass using an alternate path or channel in Mozilla Firefox. This page lists the verified fix and
CVE-2026-2792 is a out-of-bounds write in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-2793 is a out-of-bounds write in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-27941 is a inclusion of functionality from untrusted control sphere in openlit openlit. This page lists the verified fix and inline
CVE-2026-27944 is a missing encryption of sensitive data in 0xJacky nginx-ui. This page lists the verified fix and inline mitigations.
CVE-2026-27947 is a improper neutralization of argument delimiters in a command ('argument injection') in Intermesh groupoffice. This page l
CVE-2026-2796 is a cwe-843 access of resource using incompatible type ('type confusion') in Mozilla Firefox. This page lists the verified fi
CVE-2026-27960 is a improper authentication in opencti. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-27962: Authlib JWS JWK Header Injection: Signature Verification Bypass in authlib. Patch commands and verification.
CVE-2026-27966 is a code injection in langflow-ai langflow. This page lists the verified fix and inline mitigations.
CVE-2026-27969 is a path traversal in vitessio vitess. This page lists the verified fix and inline mitigations.
CVE-2026-27971 is a unsafe deserialization in QwikDev qwik. This page lists the verified fix and inline mitigations.
CVE-2026-27983 is a incorrect privilege assignment in designthemes LMS Elementor Pro. This page lists the verified fix and inline mitigation
CVE-2026-27984 is a code injection in Marketing Fire Widget Options. This page lists the verified fix and inline mitigations.
CVE-2026-2800 is a cwe-290 authentication bypass by spoofing in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-28043 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Heal
CVE-2026-2805 is a cwe-824 access of uninitialized pointer in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-2806 is a cwe-457 use of uninitialized variable in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-2807 is a out-of-bounds write in Mozilla Firefox. This page lists the verified fix and inline mitigations.
CVE-2026-28074 is a unsafe deserialization in ThemeREX Pizza House. This page lists the verified fix and inline mitigations.
CVE-2026-28105 is a unsafe deserialization in ThemeREX Good Energy. This page lists the verified fix and inline mitigations.
CVE-2026-28114 is a unrestricted file upload in firassaidi WooCommerce License Manager. This page lists the verified fix and inline mitigati
CVE-2026-28115 is a SQL injection in loopus WP Attractive Donations System - Easy Stripe & Paypal donations. This page lists the verified fi
CVE-2026-28205 is an insecure default initialization in OpenPLC_V3. This page lists verified fix commands and short-term mitigations you can
CVE-2026-28213 is a information exposure in evershopcommerce evershop. This page lists the verified fix and inline mitigations.
CVE-2026-28215 is a improper access control in hoppscotch hoppscotch. This page lists the verified fix and inline mitigations.
CVE-2026-28229: Argo Workflows has unauthorized access to Argo Workflows Template in argo-workflows. Patch commands and verification.
CVE-2026-28252: CWE-327 Use of a Broken or Risky Cryptographic Algorithm in Tracer SC. Patch commands and verification.
CVE-2026-28268 is a incomplete cleanup in go-vikunja vikunja. This page lists the verified fix and inline mitigations.
CVE-2026-28289 is a unrestricted file upload in freescout-help-desk freescout. This page lists the verified fix and inline mitigations.
CVE-2026-28292: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in simple-git. Patch comm
CVE-2026-2833 is a cwe-444 inconsistent interpretation of http requests ('http request/response smuggling') in Cloudflare.
CVE-2026-2835 is a cwe-444 inconsistent interpretation of http requests ('http request/response smuggling') in Cloudflare.
CVE-2026-28353 is a embedded malicious code in aquasecurity trivy-vscode-extension. This page lists the verified fix and inline mitigations.
CVE-2026-28363 is a cwe-184 incomplete list of disallowed inputs in OpenClaw OpenClaw. This page lists the verified fix and inline mitigatio
CVE-2026-28370 is a cwe-95 improper neutralization of directives in dynamically evaluated code ('eval injection') in OpenStack Vitrage. This
CVE-2026-28373 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-28384: Authenticated RCE via unsanitized compression_algorithm in lxd. Patch commands and verification.
CVE-2026-28386: Out-of-bounds Read in AES-CFB-128 on X86-64 with AVX-512 Support in OpenSSL. Patch commands and verification.
CVE-2026-28391 is a OS command injection in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28408 is a missing authorization in LabRedesCefetRJ WeGIA. This page lists the verified fix and inline mitigations.
CVE-2026-28409 is a OS command injection in LabRedesCefetRJ WeGIA. This page lists the verified fix and inline mitigations.
CVE-2026-28411 is a authentication bypass using an alternate path or channel in LabRedesCefetRJ WeGIA. This page lists the verified fix and
CVE-2026-28430: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in chamilo-lms. Patch commands
CVE-2026-28431: Misskey lacks proper authorization checks and input validation in misskey. Patch commands and verification.
CVE-2026-2844 is a missing authentication in Microchip TimePictra. This page lists the verified fix and inline mitigations.
CVE-2026-28446 is a cwe-303 incorrect implementation of authentication algorithm in OpenClaw OpenClaw. This page lists the verified fix and
CVE-2026-28466 is a incorrect authorization in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28470 is a OS command injection in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28472 is a missing authentication in OpenClaw OpenClaw. This page lists the verified fix and inline mitigations.
CVE-2026-28474 is a incorrect authorization in OpenClaw nextcloud-talk. This page lists the verified fix and inline mitigations.
CVE-2026-28495 is a cwe-352: cross-site request forgery (csrf) in GetSimpleCMS-CE. CVSS 9.7 Critical. Patch commands, mitigations, and verif
CVE-2026-28497 is a integer overflow in maximmasiutin TinyWeb. This page lists the verified fix and inline mitigations.
CVE-2026-28501 is a SQL injection in WWBN AVideo. This page lists the verified fix and inline mitigations.
CVE-2026-28502 is a unrestricted file upload in WWBN AVideo. This page lists the verified fix and inline mitigations.
CVE-2026-28508 is a SSRF in idno idno. This page lists the verified fix and inline mitigations.
CVE-2026-28514 is a authentication bypass in RocketChat Rocket.Chat. This page lists the verified fix and inline mitigations.
CVE-2026-28515 is a missing authorization in openDCIM openDCIM. This page lists the verified fix and inline mitigations.
CVE-2026-28516 is a SQL injection in openDCIM openDCIM. This page lists the verified fix and inline mitigations.
CVE-2026-28517 is a OS command injection in openDCIM openDCIM. This page lists the verified fix and inline mitigations.
CVE-2026-28536 is a cwe-305 authentication bypass by primary weakness in Huawei HarmonyOS. This page lists the verified fix and inline mitig
CVE-2026-28680 is a SSRF in ghostfolio ghostfolio. This page lists the verified fix and inline mitigations.
CVE-2026-28697 is a improper neutralization of special elements used in a template engine in craftcms cms. This page lists the verified fix
CVE-2026-28766 is a gardyn cloud api missing authentication for critical function in Gardyn Cloud API, fixed by the same patch as CVE-2026-2
CVE-2026-28773 is a OS command injection in International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Managemen
CVE-2026-28774 is a OS command injection in International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Managemen
CVE-2026-28775 is a insecure default in International Datacasting Corporation (IDC) SFX2100 Series SuperFlex SatelliteReceiver. This page li
CVE-2026-28777 is a hardcoded credentials in International Datacasting Corporation (IDC) SFX2100 Satellite Receiver. This page lists the ver
CVE-2026-28780 is a heap-based buffer overflow in Apache HTTP Server. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-28783 is a code injection in craftcms cms. This page lists the verified fix and inline mitigations.
CVE-2026-28785 is a SQL injection in ghostfolio ghostfolio. This page lists the verified fix and inline mitigations.
CVE-2026-28792: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in cli. Patch commands and verificati
CVE-2026-28794 is a improperly controlled modification of object prototype attributes ('prototype pollution') in middleapi orpc. This page l
CVE-2026-28798 is a cwe-918: server-side request forgery (ssrf) in Icewhaletech ZimaOS. CVSS 9.1 Critical. Patch commands, mitigations, and
CVE-2026-28806 is a cwe-285 improper authorization in Nerves-hub nerves_hub_web. CVSS 9.4 Critical. Patch commands, mitigations, and verific
CVE-2026-29000 is a cwe-347 improper verification of cryptographic signature in pac4j pac4j-jwt. This page lists the verified fix and inline
CVE-2026-29014 is a metinfo cms unauthenticated php code injection rce in MetInfo CMS. CVSS 9.3 Critical. Patch commands, mitigations, and v
CVE-2026-29046 is a process control in maximmasiutin TinyWeb. This page lists the verified fix and inline mitigations.
CVE-2026-29058 is a OS command injection in WWBN AVideo-Encoder. This page lists the verified fix and inline mitigations.
CVE-2026-29080 improper neutralization of special elements used in an sql command ('sql injecti in rucio. Runnable upgrade commands and veri
CVE-2026-29090 improper neutralization of special elements used in an sql command ('sql injecti in rucio. Runnable upgrade commands and veri
CVE-2026-29103: CWE-94: Improper Control of Generation of Code ('Code Injection') in SuiteCRM. Patch commands and verification.
CVE-2026-29120 is a hardcoded credentials in International Datacasting Corporation IDC SFX2100 SuperFlex Satellite Receiver. This page lists
CVE-2026-29127 is a privilege escalation in International Datacasting Corporation SFX2100 Satellite Receiver. This page lists the verified f
CVE-2026-29145 is an authentication bypass in Apache Tomcat. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-29183 is a cross-site scripting in siyuan-note siyuan. This page lists the verified fix and inline mitigations.
CVE-2026-29188 is a incorrect permission assignment in filebrowser filebrowser. This page lists the verified fix and inline mitigations.
CVE-2026-29191: ZITADEL: 1-Click Account Takeover via XSS in /saml-post Endpoint in zitadel. Patch commands and verification.
CVE-2026-29198 - Security Vulnerability in Rocket.Chat. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-29200 is a insecure direct object reference (idor) in Comet Backup. Patched version, runnable upgrade commands, and how to verify t
CVE-2026-29204: an insecure direct object reference (IDOR) in WHMCS. Patched version and vendor advisory inside.
CVE-2026-2942: Unrestricted Upload of File with Dangerous Type in ProSolution WP Client. Patch commands and verification.
CVE-2026-29515: MiCode FileExplorer SwiFTP Server Authentication Bypass in FileExplorer. Patch commands and verification.
CVE-2026-29646 is a privilege defined with unsafe actions in In OpenXiangShan. This page lists verified fix commands and short-term mitigati
CVE-2026-29649 is a protection mechanism failure in NEMU. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-29789 is a missing authorization in vitodeploy vito. This page lists the verified fix and inline mitigations.
CVE-2026-29792: Feathersjs has an OAuth Callback Account Takeover in feathers. Patch commands and verification.
CVE-2026-29793: NoSQL Injection via WebSocket id Parameter in MongoDB Adapter in mongodb. Patch commands and verification.
CVE-2026-29796 is an authentication bypass in eParking.fi. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-29859 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-29861 is a SQL injection in PHP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-2999 is a cwe-494 download of code without integrity check in Changing IDExpert Windows Logon Agent. This page lists the verified f
CVE-2026-3000 is a cwe-494 download of code without integrity check in Changing IDExpert Windows Logon Agent. This page lists the verified f
CVE-2026-30079 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-3010 is a cross-site scripting in Microchip TimePictra. This page lists the verified fix and inline mitigations.
CVE-2026-30240: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in budibase. Patch commands and verif
CVE-2026-30269 is an improper privilege management in Improper. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-30276 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30278 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30281 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30282 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30283 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30285 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30286 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30310 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30311 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30312 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30314 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30352 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-30402 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-30479 is a code injection in Dynamic. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30496 is a improper authorization in the affected product. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-3059 is a cve-2026-3059 in SGLang. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-3060 is a cve-2026-3060 in SGLang. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-30625 is a command injection in Upsonic. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-30643 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-30694 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-30701 is a n/a in the vendor n/a. CVSS 9.1 Critical. Patch commands, mitigations, and verification.
CVE-2026-30702 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-30703 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-30704 is a n/a in the vendor n/a. CVSS 9.1 Critical. Patch commands, mitigations, and verification.
CVE-2026-30741 is a n/a in the vendor n/a. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-30789 is a cwe-294 authentication bypass by capture-replay in rustdesk-client RustDesk Client. This page lists the verified fix and
CVE-2026-30790 is a cwe-307 improper restriction of excessive authentication attempts in rustdesk-server-pro RustDesk Server Pro. This page
CVE-2026-30792 is a cwe-657 in rustdesk-client RustDesk Client. This page lists the verified fix and inline mitigations.
CVE-2026-30793 is a cwe-285 in rustdesk-client RustDesk Client. This page lists the verified fix and inline mitigations.
CVE-2026-30794 is a improper certificate validation in rustdesk-client RustDesk Client. This page lists the verified fix and inline mitigati
CVE-2026-30797 is a missing authorization in rustdesk-client RustDesk Client. This page lists the verified fix and inline mitigations.
CVE-2026-30805 is an insecure default configuration in Pandora FMS. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-30832 is a SSRF in charmbracelet soft-serve. This page lists the verified fix and inline mitigations.
CVE-2026-30836 is a cwe-287: improper authentication in Smallstep certificates. CVSS 10 Critical. Patch commands, mitigations, and verificat
CVE-2026-30843 is a authorization bypass through user-controlled key in Wekan Wekan. This page lists the verified fix and inline mitigations
CVE-2026-30844 is a SSRF in Wekan Wekan. This page lists the verified fix and inline mitigations.
CVE-2026-30847 is a information exposure in Wekan Wekan. This page lists the verified fix and inline mitigations.
CVE-2026-30849 is an authentication bypass in mantisbt. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-30860 is a SQL injection in Tencent WeKnora. This page lists the verified fix and inline mitigations.
CVE-2026-30861 is a OS command injection in Tencent WeKnora. This page lists the verified fix and inline mitigations.
CVE-2026-30862: Critical Stored XSS & Privilege Escalation in Appsmith in appsmith. Patch commands and verification.
CVE-2026-30863 is a authentication bypass in parse-community parse-server. This page lists the verified fix and inline mitigations.
CVE-2026-30869: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in siyuan. Patch commands and verific
CVE-2026-30871: OpenWrt Project has Stack-based Buffer Overflow in DNS PTR Query in openwrt. Patch commands and verification.
CVE-2026-30872 is a cwe-121: stack-based buffer overflow in openwrt. CVSS 9.5 Critical. Patch commands, mitigations, and verification.
CVE-2026-30877: bundle sibling of CVE-2026-21861. Same patched build closes both.
CVE-2026-30880 is a basercms: os command injection vulnerability in installer in Baserproject basercms, fixed by the same patch as CVE-2026-
CVE-2026-30884: CWE-639: Authorization Bypass Through User-Controlled Key in moodle-mod_customcert. Patch commands and verification.
CVE-2026-30887: CWE-94: Improper Control of Generation of Code ('Code Injection') in oneuptime. Patch commands and verification.
CVE-2026-30893 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in wazuh. Runnable patch commands, m
CVE-2026-30903: CWE-73 External control of file name or path in Zoom Workplace. Patch commands and verification.
CVE-2026-30909: CWE-190 Integer Overflow or Wraparound in Crypt::NaCl::Sodium. Patch commands and verification.
CVE-2026-30921: OneUptime Synthetic Monitor RCE via exposed Playwright browser object in oneuptime. Patch commands and verification.
CVE-2026-30924 is a qui cors misconfiguration: arbitrary origins trusted in Autobrr qui. CVSS 9 Critical. Patch commands, mitigations, and v
CVE-2026-30956 is a cwe-285: improper authorization in oneuptime. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-30957: OneUptime Synthetic Monitor RCE via exposed Playwright browser object in oneuptime. Patch commands and verification.
CVE-2026-30960: CWE-94: Improper Control of Generation of Code ('Code Injection') in rssn. Patch commands and verification.
CVE-2026-30965 is a cwe-863: incorrect authorization in Parse-community parse-server. CVSS 9.9 Critical. Patch commands, mitigations, and ve
CVE-2026-30966: Parse Server role escalation and CLP bypass via direct `_Join` table write in parse-server. Patch commands and verification.
CVE-2026-30993 is a code injection in Slah CMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31017 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-31027 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-31040 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-31048 is a code injection in An. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31049 is a neutralization of formula elements in a in An. This page lists verified fix commands and short-term mitigations you can
CVE-2026-31059 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-3106 is a multiple vulnerabilities in teampass in Teampass. CVSS 9.3 Critical. Patch commands, mitigations, and verification.
CVE-2026-3107 is a multiple vulnerabilities in teampass in Teampass. CVSS 9.3 Critical. Patch commands, mitigations, and verification.
CVE-2026-31151 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-31170 is a command injection in An. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31175 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31177 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31178 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31181 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31271 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-31272 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-31282 is an access control in Totara LMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31283 is an allocation of resources without limits in In Totara. This page lists verified fix commands and short-term mitigations y
CVE-2026-3130 is a improper enforcement of behavioral workflow in Devolutions Server. This page lists the verified fix and inline mitigation
CVE-2026-31402 is a nfsd: fix heap overflow in nfsv4.0 lock replay cache in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31405 is a media: dvb-net: fix oob access in ule extension header tables in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-31414 is a security vulnerability in Linux. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31436 - dmaengine: idxd: fix possible wrong descriptor completion in Linux. Runnable patch commands, mitigation, and verification o
CVE-2026-31444 - ksmbd: fix use-after-free and NULL deref in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31448 - ext4: avoid infinite loops caused by residual data in Linux. Runnable patch commands, mitigation, and verification on this
CVE-2026-31463 - iomap: fix invalid folio access when i_blkbits differs from I/O granularity in Linux. Runnable patch commands, mitigation,
CVE-2026-31478 - ksmbd: replace hardcoded hdr2_len with offsetof() in Linux. Runnable patch commands, mitigation, and verification on this p
CVE-2026-31501 - net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in Linux. Runnable patch commands, mitigation, and verificatio
CVE-2026-31533 - net/tls: fix use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31536 - smb: server: let send_done handle a completion without IB_SEND_SIGNALED in Linux. Runnable patch commands, mitigation, and
CVE-2026-31589 - mm: call ->free_folio() directly in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31607 - usbip: validate number_of_packets in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31608 - smb: server: avoid double-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31609 - smb: client: avoid double-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31633 - rxrpc: Fix integer overflow in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31636 - rxrpc: fix RESPONSE authenticator parser OOB read in Linux. Runnable patch commands, mitigation, and verification on this p
CVE-2026-31637 - rxrpc: reject undecryptable rxkad response tickets in Linux. Runnable patch commands, mitigation, and verification on this
CVE-2026-31649 - net: stmmac: fix integer underflow in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31657 - batman-adv: hold claim backbone gateways by reference in Linux. Runnable patch commands, mitigation, and verification on th
CVE-2026-31659 - batman-adv: reject oversized global TT response buffers in Linux. Runnable patch commands, mitigation, and verification on
CVE-2026-31668 - seg6: separate dst_cache for input and output paths in Linux. Runnable patch commands, mitigation, and verification on this
CVE-2026-31669 - mptcp: fix slab-use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31682 - bridge: br_nd_send: linearize skb before parsing ND options in Linux. Runnable patch commands, mitigation, and verification
CVE-2026-31685 - netfilter: ip6t_eui64: reject invalid MAC header for all packets in Linux. Runnable patch commands, mitigation, and verific
CVE-2026-31705 - ksmbd: fix out-of-bounds write in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-31718 - ksmbd: fix use-after-free in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3179 is a path traversal in ASUSTOR ADM. This page lists the verified fix and inline mitigations.
CVE-2026-31806 is a cwe-122: heap-based buffer overflow in FreeRDP. CVSS 9.3 Critical. Patch commands, mitigations, and verification.
CVE-2026-31816: Budibase Universal Auth Bypass via Webhook Query Param Injection in budibase. Patch commands and verification.
CVE-2026-31818: bundle sibling of CVE-2026-25043. Same patched build closes both.
CVE-2026-31840: Parse Server has a SQL injection via dot-notation field name in PostgreSQL in parse-server. Patch commands and verification.
CVE-2026-31843 is a vulnerability in pay-uz. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-31845 is a cross-site scripting in Rukovoditel CRM. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-31852 is a cwe-269: improper privilege management in Jellyfin code-quality.yml. CVSS 10 Critical. Patch commands, mitigations, and
CVE-2026-31856: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in parse-server. Patch commands
CVE-2026-31862: Cloud CLI has Command Injection via Multiple Parameters in claudecodeui. Patch commands and verification.
CVE-2026-31871: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in parse-server. Patch commands
CVE-2026-31874 is a cwe-284: improper access control in Taskosaur. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-31877 is a frappe sql injection due to improper field sanitization in frappe. CVSS 9.3 Critical. Patch commands, mitigations, and v
CVE-2026-31886: Dagu has a Path Traversal via `dagRunId` in Inline DAG Execution in dagu. Patch commands and verification.
CVE-2026-31896: WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php in WeGIA. Patch commands and verification.
CVE-2026-31908 is a failure to sanitize special elements into in Apache APISIX. This page lists verified fix commands and short-term mitigat
CVE-2026-31920: a SQL injection in Product Rearrange for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-31938 is a jspdf has html injection in new window paths in Parallax jsPDF. CVSS 9.6 Critical. Patch commands, mitigations, and veri
CVE-2026-31946 is an authentication bypass in OpenOLAT. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-31957: CWE-1188: Insecure Default Initialization of Resource in himmelblau. Patch commands and verification.
CVE-2026-31976 is a xygeni-action v5 tag poisoned with c2 backdoor in xygeni-action. CVSS 9.3 Critical. Patch commands, mitigations, and ver
CVE-2026-3199: Nexus Repository 3 - Authenticated Remote Code Execution via Task Property Injection in Nexus Repository. Patch commands and
CVE-2026-32038 is a improper access control in OpenClaw. CVSS 9.3 Critical. Patch commands, mitigations, and verification.
CVE-2026-3204 is a improper input validation in Devolutions Server. This page lists the verified fix and inline mitigations.
CVE-2026-32096 is a cwe-918: server-side request forgery (ssrf) in Useplunk plunk. CVSS 9.3 Critical. Patch commands, mitigations, and verif
CVE-2026-32105 is a cwe-354: improper validation of integrity check in xrdp. This page lists verified fix commands and short-term mitigation
CVE-2026-32136: AdGuard Home: HTTP/2 Cleartext (h2c) Upgrade Authentication Bypass in AdGuardHome. Patch commands and verification.
CVE-2026-32137 is a dataease sql injection in dataease. CVSS 9.3 Critical. Patch commands, mitigations, and verification.
CVE-2026-32140 is a dataease: redshift jdbc rce bypass in dataease. CVSS 9.3 Critical. Patch commands, mitigations, and verification.
CVE-2026-32169: Azure Cloud Shell Elevation of Privilege in Azure Cloud Shell. Patch commands and verification.
CVE-2026-32186 is a microsoft bing elevation of privilege in Microsoft Bing. CVSS 10 Critical. Patch commands, mitigations, and verification
CVE-2026-32191 is a microsoft bing images remote code execution in Microsoft Bing Images. CVSS 9.8 Critical. Patch commands, mitigations, an
CVE-2026-32194 is a microsoft bing images remote code execution in Microsoft Bing Images. CVSS 9.8 Critical. Patch commands, mitigations, an
CVE-2026-32210 - CWE-918: Server-Side Request Forgery (SSRF) in Microsoft Dynamics 365 (online). Runnable patch commands, mitigation, and ve
CVE-2026-32211 is a azure mcp server information disclosure in Microsoft Azure Web Apps. CVSS 9.1 Critical. Patch commands, mitigations, and
CVE-2026-32213 is a azure ai foundry elevation of privilege in Microsoft Azure AI Foundry. CVSS 10 Critical. Patch commands, mitigations, an
CVE-2026-32238 is a openemr has remote code execution in backup functionality in openemr. CVSS 9.1 Critical. Patch commands, mitigations, an
CVE-2026-3224 is a authentication bypass in Devolutions Server. This page lists the verified fix and inline mitigations.
CVE-2026-32242: CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in parse-server. Patch
CVE-2026-32248: CWE-943: Improper Neutralization of Special Elements in Data Query Logic in parse-server. Patch commands and verification.
CVE-2026-32251 is a tolgee has an xxe injection in translation import in tolgee-platform. CVSS 9.3 Critical. Patch commands, mitigations, an
CVE-2026-32253 is an authentication bypass in Sunshine. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32292: GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting in Comet KVM. Patch commands and verification.
CVE-2026-32295 is a jetkvm insufficient login rate limiting in JetKVM. CVSS 9.3 Critical. Patch commands, mitigations, and verification.
CVE-2026-32297: Angeet ES3 KVM unauthenticated arbitrary file write in ES3 KVM. Patch commands and verification.
CVE-2026-32301: CWE-918: Server-Side Request Forgery (SSRF) in centrifugo. Patch commands and verification.
CVE-2026-32304: Locutus: RCE via unsanitized input in create_function() in locutus. Patch commands and verification.
CVE-2026-32306: OneUptime ClickHouse SQL Injection via Aggregate Query Parameters in oneuptime. Patch commands and verification.
CVE-2026-32311 is an OS command injection in flowsint. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32367: Improper Control of Generation of Code ('Code Injection') in Modal Dialog. Patch commands and verification.
CVE-2026-32482 is an unrestricted file upload in Ona. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32499 is a SQL injection in ChatBot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32502 is an unsafe deserialization in Borgholm. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-32512 is an unsafe deserialization in Pelicula. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-32519 is a vulnerability in Bit SMTP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32520 is a vulnerability in RewardsWP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32523 is an unrestricted file upload in WPJAM Basic. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-32524 is an unrestricted file upload in Photo Engine. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-32525 is a code injection in JetFormBuilder. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32536 is an unrestricted file upload in Green Downloads. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-32539 is a SQL injection in PublishPress Revisions. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-3257 is a cwe-1395 dependency on vulnerable third-party component in TOKUHIROM UnQLite. This page lists the verified fix and inline
CVE-2026-32573 is a code injection in Nelio AB Testing. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-32604 is an improper input validation in spinnaker. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-32613 is a code injection in spinnaker. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-32621: Apollo Federation has prototype pollution via incomplete key sanitization in federation-internals. Patch commands and verifi
CVE-2026-32626: AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection in anything-llm. Patch commands and verification.
CVE-2026-32633: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in glances. Patch commands and verification.
CVE-2026-32644 - CWE-321 in MS-Cxx63-PD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-32661: a stack-based buffer overflow in GUARDIANWALL MailSuite (On-premises vers. Patched version and vendor advisory inside.
CVE-2026-32698: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in openproject. Patch commands
CVE-2026-32703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in openproject. Patch commands
CVE-2026-32714 is a scitokens vulnerable to sql injection in keycache in scitokens. CVSS 9.8 Critical. Patch commands, mitigations, and veri
CVE-2026-32731: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in import-export. Patch commands and
CVE-2026-32746: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') in inetutils. Patch commands and verification
CVE-2026-32754: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in freescout. Patch commands an
CVE-2026-32760 is a cwe-269: improper privilege management in filebrowser. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-32767 is a SQL injection in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32817 is a vulnerability in admidio. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32841: Edimax GS-5008PL <= 1.00.54 Global Authentication State Across All Clients in Edimax GS-5008PL. Patch commands and verificat
CVE-2026-32865: OPEXUS eComplaint and eCase insecure password reset in eComplaint. Patch commands and verification.
CVE-2026-32871: FastMCP OpenAPI Provider has an SSRF & Path Traversal in fastmcp. Patch commands and verification.
CVE-2026-32890 is a vulnerability in Anchorr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32891 is a vulnerability in Anchorr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32892 is an OS command injection in chamilo-lms. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-32916 is a cwe-266: incorrect privilege assignment in OpenClaw. CVSS 9.2 Critical. Patch commands, mitigations, and verification.
CVE-2026-32917: bundle sibling of CVE-2026-32916. Same patched build closes both.
CVE-2026-32922 is a vulnerability in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32938 is a path traversal in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32940 is a vulnerability in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-32956 is a heap buffer overflow in AMC Manager. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3296: Everest Forms <= 3.4.3 - Unauthenticated PHP Object Injection via Form Entry Metadata in Everest Forms – Contact Form, Paymen
CVE-2026-32968: an OS command injection in MB connect line mbCONNECT24. Patched version and vendor advisory inside.
CVE-2026-32985 is an authentication bypass in Xerte Online Toolkits. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-32987 is a code injection in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3300: Everest Forms Pro <= 1.9.12 - Unauthenticated Remote Code Execution via Calculation Field in Everest Forms Pro. Patch command
CVE-2026-33000 is an OS command injection in UniFi OS Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-3301 is a OS command injection in Totolink N300RH. This page lists the verified fix and inline mitigations.
CVE-2026-33024 is a vulnerability in AVideo-Encoder. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33026 is a vulnerability in nginx-ui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33032 is an authentication bypass in nginx-ui. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-33054 is a path traversal in mesop. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33057 is a code injection in mesop. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33075 is a code injection in FastGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33102 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in Microsoft 365 Copilot. Runnable patch commands, mitigation,
CVE-2026-33105: Microsoft Azure Kubernetes Service Elevation of Privilege in Azure Kubernetes Service. Patch commands and verification.
CVE-2026-33107 is a azure databricks elevation of privilege in Microsoft Azure Databricks. CVSS 10 Critical. Patch commands, mitigations, an
CVE-2026-33109 improper access control in Azure Managed Instance for Apache Cassandra. Runnable upgrade commands and verification steps for
CVE-2026-33117 is an authentication bypass in Azure SDK for Java. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-33134 is a SQL injection in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33135 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33136 is a vulnerability in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33137 is a missing authorization in xwiki-platform. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33152 is a vulnerability in recipes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33186: gRPC-Go has an authorization bypass via missing leading slash in :path in grpc-go. Patch commands and verification.
CVE-2026-33211 is a path traversal in pipeline. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-3325 - CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') in MegaCMS. Runnable patch comma
CVE-2026-33278 is an use-after-free in Unbound. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33286 is a code injection in graphiti. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33309 is a path traversal in langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33322 is an authentication bypass in minio. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33324 improper neutralization of special elements used in an sql command ('sql injecti in SQLBot. Runnable upgrade commands and ver
CVE-2026-33340 is an authentication bypass in lollms-webui. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-33351 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33352 is a SQL injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33396 is an OS command injection in oneuptime. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-33419 is a vulnerability in minio. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33439: CWE-502: Deserialization of Untrusted Data in OpenAM. Patch commands and verification.
CVE-2026-33453 - CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Camel. Runnable patch comm
CVE-2026-33454 - CWE-502 Deserialization of Untrusted Data in Apache Camel. Runnable patch commands, mitigation, and verification on this pa
CVE-2026-33471 - CWE-20: Improper Input Validation in nimiq-block. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-33475 is an OS command injection in langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-33478 is an OS command injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33494 is a path traversal in oathkeeper. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33502 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33518 - CWE-266: Incorrect Privilege Assignment (4.19.1) in Portal for ArcGIS. Runnable patch commands, mitigation, and verificatio
CVE-2026-33519 - CWE-266: Incorrect Privilege Assignment (4.19.1) in Portal for ArcGIS. Runnable patch commands, mitigation, and verificatio
CVE-2026-33526 is an use-after-free in squid. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33557 is a validation of specified index, position, or in Apache Kafka. This page lists verified fix commands and short-term mitiga
CVE-2026-3356: Missing authentication for critical function in Remote Spectrum Monitor MS27100A. Patch commands and verification.
CVE-2026-33579 is a cwe-863: incorrect authorization in OpenClaw, fixed by the same patch as CVE-2026-32916.
CVE-2026-33587 is a improper input validation in Open Notebook. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-33615: bundle sibling of CVE-2026-33613. Same patched build closes both.
CVE-2026-33640 is a vulnerability in outline. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33642 is a vulnerability in kitty. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33656 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in espocrm. Runnable patch commands,
CVE-2026-33660 is a code injection in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33669 is a path traversal in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33670 is a path traversal in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33696 is a vulnerability in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33698 is a cwe-552: files or directories accessible to in chamilo-lms. This page lists verified fix commands and short-term mitigat
CVE-2026-33701: an unsafe deserialization in opentelemetry-java-instrumentation. Patched version and vendor advisory inside.
CVE-2026-33707 is a cwe-640: weak password recovery mechanism for in chamilo-lms. This page lists verified fix commands and short-term mitig
CVE-2026-33712 is a missing authorization in typebot.io. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-33716 is an authentication bypass in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33728 is an unsafe deserialization in dd-trace-java. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33746: Convoy: JWT Signature Verification Bypass Allows Authentication as Arbitrary Users in panel. Patch commands and verification
CVE-2026-33757 is a vulnerability in openbao. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33758 is an improper input validation in openbao. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-33784 is an use of default password in JSI LWC. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33805 is a cwe-644: improper neutralization of http headers in @fastify/http-proxy. This page lists verified fix commands and short
CVE-2026-33807 is a cwe-436: interpretation conflict in @fastify/express. This page lists verified fix commands and short-term mitigations y
CVE-2026-33808 is a cwe-436: interpretation conflict in @fastify/express. This page lists verified fix commands and short-term mitigations y
CVE-2026-3381 is a cwe-1395 dependency on vulnerable third-party component in PMQS Compress::Raw::Zlib. This page lists the verified fix and
CVE-2026-33815: CVE-2026-33815 in github.com/jackc/pgx in github.com/jackc/pgx/v5/pgproto3. Patch commands and verification.
CVE-2026-33816: CVE-2026-33816 in github.com/jackc/pgx in github.com/jackc/pgx/v5/pgproto3. Patch commands and verification.
CVE-2026-33819 - CWE-502: Deserialization of Untrusted Data in Microsoft Bing. Runnable patch commands, mitigation, and verification on this
CVE-2026-33823 is a improper authorization in Microsoft Teams. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-33824 is a double free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-33843 is an authentication bypass in Microsoft Entra. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-33844 improper input validation in Azure Managed Instance for Apache Cassandra. Runnable upgrade commands and verification steps fo
CVE-2026-33867 is a vulnerability in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33873 is a code injection in langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33875 is a code injection in app-Authenticator. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-33897 is a server-side template injection in incus. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33937 is an unsafe deserialization in handlebars.js. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-33945 is a path traversal in incus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-33950: signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity in signalk-server. Patch commands and verif
CVE-2026-33976 is a vulnerability in Notesnook Web/Desktop. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-33992 is a vulnerability in pyload. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34078 is a cwe-61: unix symbolic link (symlink) following in flatpak. CVSS 9.3 Critical. Patch commands, mitigations, and verificat
CVE-2026-34084 is a deserialization of untrusted data in PhpSpreadsheet. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-34156: CWE-913: Improper Control of Dynamically-Managed Code Resources in nocobase. Patch commands and verification.
CVE-2026-34159: llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend in llama.cpp. Patch commands and v
CVE-2026-34162: FastGPT: Unauthenticated SSRF via httpTools Endpoint Leads to Internal API Key Theft in FastGPT. Patch commands and verifica
CVE-2026-34177 is an incomplete list of disallowed inputs in lxd. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-34178 is an improper input validation in lxd. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34179 is a vulnerability in lxd. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34202: Zebra node crash, V5 transaction hash panic (P2P reachable) in zebra. Patch commands and verification.
CVE-2026-34205: a path traversal in Home Assistant Operating System. Patched version and vendor advisory inside.
CVE-2026-34208 is a sandboxjs: sandbox integrity escape in Nyariv SandboxJS. CVSS 10 Critical. Patch commands, mitigations, and verification
CVE-2026-3422 is a unsafe deserialization in e-Excellence U-Office Force. This page lists the verified fix and inline mitigations.
CVE-2026-34220: MikroORM is vulnerable to SQL Injection via specially crafted object in mikro-orm. Patch commands and verification.
CVE-2026-34234 is an OS command injection in panel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34243: wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body` in wenxian. Patch commands and verification.
CVE-2026-34260: a SQL injection in SAP S/4HANA (SAP Enterprise Search for A. Patched version and vendor advisory inside.
CVE-2026-34263: a vulnerability in SAP Commerce cloud configuration. Patched version and vendor advisory inside.
CVE-2026-34275 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced
CVE-2026-34279 - Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterpri
CVE-2026-34285 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identit
CVE-2026-34286 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identit
CVE-2026-34287 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identit
CVE-2026-3431 is a missing authorization in SimStudioAI sim. This page lists the verified fix and inline mitigations.
CVE-2026-3432 is a missing authorization in SimStudioAI sim. This page lists the verified fix and inline mitigations.
CVE-2026-34361 is a cwe-552: files or directories accessible to external parties in Hapifhir org.hl7.fhir.core, fixed by the same patch as C
CVE-2026-3437 is a buffer overflow in Portwell Portwell Engineering Toolkits. This page lists the verified fix and inline mitigations.
CVE-2026-34374 is a SQL injection in AVideo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34406: APTRS: Privilege Escalation via Mass Assignment of is_superuser in User Edit Endpoint in APTRS. Patch commands and verificat
CVE-2026-34408 weak password recovery mechanism for forgotten password in the affected product. Runnable upgrade commands and verification s
CVE-2026-34415 - CWE-184 Incomplete List of Disallowed Inputs in xerteonlinetoolkits. Runnable patch commands, mitigation, and verification
CVE-2026-34424 is an embedded malicious code in Smart Slider 3 Pro for Joomla. This page lists verified fix commands and short-term mitigati
CVE-2026-34448: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in siyuan. Patch commands and v
CVE-2026-34449: bundle sibling of CVE-2026-34448. Same patched build closes both.
CVE-2026-34456: Reviactyl: OAuth account takeover via auto-linking in panel. Patch commands and verification.
CVE-2026-34457 is a cwe-290: authentication bypass by spoofing in oauth2-proxy. This page lists verified fix commands and short-term mitigat
CVE-2026-34458 improper neutralization of crlf sequences ('crlf injection') in Sandboxie. Runnable upgrade commands and verification steps f
CVE-2026-34532: bundle sibling of CVE-2026-34215. Same patched build closes both.
CVE-2026-34557 is a vulnerability in ci4ms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34558 is a vulnerability in ci4ms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34559: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ci4ms. Patch commands and ve
CVE-2026-34560: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-34563: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-34564: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-34565: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-34566: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-34567: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-34568: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-34569: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-34571: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-34580: Botan has a certificate authentication bypass due to trust anchor confusion in botan. Patch commands and verification.
CVE-2026-3461 is an authentication bypass using an alternate path in Visa Acceptance Solutions. This page lists verified fix commands and sh
CVE-2026-34612 is a kestra: remote code execution via sql injection in Kestra-io kestra. CVSS 10 Critical. Patch commands, mitigations, and
CVE-2026-34615 is a deserialization of untrusted data in Adobe Connect. This page lists verified fix commands and short-term mitigations you
CVE-2026-34659 is an unsafe deserialization in Adobe Connect. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34660 is an access control bypass in Adobe Connect. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34714 is an OS command injection in Vim. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-34717: OpenProject: SQL Injection in Cost Reporting =n Operator via parse_number_string in openproject. Patch commands and verifica
CVE-2026-34745: Unauthenticated Path Traversal Arbitrary File Write in /api/uploadChunked/public in fireshare. Patch commands and verificati
CVE-2026-34751 is a payload has unvalidated input in password recovery endpoints in Payloadcms payload, fixed by the same patch as CVE-2026-
CVE-2026-34758: OneUptime: Missing Authentication on Notification Endpoints in oneuptime. Patch commands and verification.
CVE-2026-34759 is a cwe-862: missing authorization in oneuptime, fixed by the same patch as CVE-2026-34758.
CVE-2026-34838 is a cwe-502: deserialization of untrusted data in Intermesh groupoffice. CVSS 10 Critical. Patch commands, mitigations, and
CVE-2026-34841: Axios npm Supply Chain Incident Impacting @usebruno/cli in bruno. Patch commands and verification.
CVE-2026-3485 is a OS command injection in D-Link DIR-868L. This page lists the verified fix and inline mitigations.
CVE-2026-34865 is a heap buffer overflow in HarmonyOS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34872 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-34873 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-34875 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-34877 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-34908 is an access control bypass in UniFi OS Server. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-34909 is a path traversal in UniFi OS Server. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-34910 is an OS command injection in UniFi OS Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-34934: PraisonAI: Second-Order SQL Injection in `get_all_user_threads` in PraisonAI. Patch commands and verification.
CVE-2026-34935: bundle sibling of CVE-2026-34934. Same patched build closes both.
CVE-2026-34938: bundle sibling of CVE-2026-34934. Same patched build closes both.
CVE-2026-34950: CWE-327: Use of a Broken or Risky Cryptographic Algorithm in fast-jwt. Patch commands and verification.
CVE-2026-34952 is a praisonai: missing authentication in websocket gateway in Mervinpraison PraisonAI, fixed by the same patch as CVE-2026-3
CVE-2026-34953: bundle sibling of CVE-2026-34934. Same patched build closes both.
CVE-2026-34971 is an out-of-bounds read in wasmtime. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34976 is a cwe-862: missing authorization in Dgraph-io dgraph. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-34977: Aperi'Solve Affected by Unauthenticated RCE via JPSeek Analyzer Command in AperiSolve. Patch commands and verification.
CVE-2026-34987 is an out-of-bounds read in wasmtime. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-34989: bundle sibling of CVE-2026-34559. Same patched build closes both.
CVE-2026-35002: Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution in Agno. Patch commands and verification.
CVE-2026-35022: bundle sibling of CVE-2026-35020. Same patched build closes both.
CVE-2026-35030: LiteLLM has an authentication bypass via OIDC userinfo cache key collision in litellm. Patch commands and verification.
CVE-2026-35031 is an improper input validation in jellyfin. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-35033 is a vulnerability in jellyfin. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-35039 is a cwe-345: insufficient verification of data authenticity in Nearform fast-jwt, fixed by the same patch as CVE-2026-34950.
CVE-2026-35047: Brave CMS has Unrestricted File Upload in BraveCMS via CKEditor Endpoint in BraveCMS-2.0. Patch commands and verification.
CVE-2026-35050: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in text-generation-webui. Patch comma
CVE-2026-35053 is a oneuptime: unauthenticated workflow execution via manualapi in oneuptime, fixed by the same patch as CVE-2026-34758.
CVE-2026-35171: Arbitrary Code Execution via Malicious Logging Configuration in Kedro in kedro. Patch commands and verification.
CVE-2026-35174: Chyrp Lite has a Path Traversal to Remote Code Execution in chyrp-lite. Patch commands and verification.
CVE-2026-35178: CWE-94: Improper Control of Generation of Code ('Code Injection') in forceworkbench. Patch commands and verification.
CVE-2026-35216: bundle sibling of CVE-2026-25043. Same patched build closes both.
CVE-2026-3535: Unrestricted Upload of File with Dangerous Type in DSGVO Google Web Fonts GDPR. Patch commands and verification.
CVE-2026-35392: bundle sibling of CVE-2026-34581. Same patched build closes both.
CVE-2026-35393: bundle sibling of CVE-2026-34581. Same patched build closes both.
CVE-2026-35428 improper neutralization of special elements used in a command ('command injectio in Azure Cloud Shell. Runnable upgrade comma
CVE-2026-35431 - CWE-918: Server-Side Request Forgery (SSRF) in Microsoft Entra. Runnable patch commands, mitigation, and verification on th
CVE-2026-3545 is a improper input validation in Google Chrome. This page lists the verified fix and inline mitigations.
CVE-2026-35459 is a pyload has ssrf fix bypass via http redirect in pyload, fixed by the same patch as CVE-2026-35187.
CVE-2026-35471: bundle sibling of CVE-2026-34581. Same patched build closes both.
CVE-2026-35490: changedetection.io has an Authentication Bypass via Decorator Ordering in changedetection.io. Patch commands and verificatio
CVE-2026-35503 - CWE-798 Use of Hard-coded Credentials in X3050. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-35546 is a missing authentication in Anviz CX2 Lite Firmware. This page lists verified fix commands and short-term mitigations you
CVE-2026-35556 is a plaintext storage of a password in OpenPLC_V3. This page lists verified fix commands and short-term mitigations you can
CVE-2026-35573 is a churchcrm has a path traversal leads to rce in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-35580: bundle sibling of CVE-2026-35571. Same patched build closes both.
CVE-2026-35614 is a frappe has a sql injection in bulk_update in frappe. CVSS 9.3 Critical. Patch commands, mitigations, and verification.
CVE-2026-35615 is a praisonai has a path traversal in filetools in Mervinpraison PraisonAI, fixed by the same patch as CVE-2026-34934.
CVE-2026-3564: ScreenConnect Instance Level Cryptographic Material Exposure in ScreenConnect. Patch commands and verification.
CVE-2026-3584: Kali Forms <= 2.4.9 - Unauthenticated Remote Code Execution via form_process in Kali Forms, Contact Form & Drag-and-Drop Buil
CVE-2026-3587 is a vulnerability in Lean Managed Switch 852-1812. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-35903 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3596 is a missing authorization in Riaxe Product Customizer. This page lists verified fix commands and short-term mitigations you c
CVE-2026-3611: Honeywell IQ4x BMS Controller Missing authentication for critical function in IQ4E. Patch commands and verification.
CVE-2026-36232 is a SQL injection in SQL. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-36233 is a SQL injection in SQL. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-36234 is a SQL injection in Online Student. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-36235 is a SQL injection in SQL. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-36236 is a SQL injection in SourceCodester Engineers. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-3630: Stack-based Buffer Overflow Vulnerability in COMMGR2 in COMMGR2. Patch commands and verification.
CVE-2026-36356 improper neutralization of special elements used in an os command ('os command i in the affected product. Runnable upgrade co
CVE-2026-36458 improper control of generation of code ('code injection') in the affected product. Runnable upgrade commands and verification
CVE-2026-36760 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-36767 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-36841 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-3703: Wavlink NU516U1 login.cgi sub_401A10 out-of-bounds write in NU516U1. Patch commands and verification.
CVE-2026-37338 is a SQL injection in SourceCodester Simple. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-37339 is a SQL injection in SourceCodester Simple. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-37340 is a SQL injection in SourceCodester Simple. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-37345 is a SQL injection in SourceCodester Vehicle. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-37347 is a SQL injection in SourceCodester Payroll. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-37431 improper neutralization of special elements used in an sql command ('sql injecti in the affected product. Runnable upgrade co
CVE-2026-37531 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37534 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37539 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37541 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-37709 is a improper access control in the affected product. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-37749 is a SQL injection in SQL. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3823: Atop Technologies|EHG2408 series switch - Stack-based Buffer Overflow in EHG2408. Patch commands and verification.
CVE-2026-3826 is a wellchoose|iftop - local file inclusion in Wellchoose IFTOP. CVSS 9.3 Critical. Patch commands, mitigations, and verifica
CVE-2026-38360 improper limitation of a pathname to a restricted directory ('path traversal') in the affected product. Runnable upgrade comm
CVE-2026-38428 improper neutralization of special elements used in an sql command ('sql injecti in the affected product. Runnable upgrade co
CVE-2026-38429 improper restriction of xml external entity reference in the affected product. Runnable upgrade commands and verification ste
CVE-2026-3843: SQL Injection in Nefteprodukttekhnika BUK TS-G Allows Remote Code Execution in BUK TS-G Gas Station Automation System. Patch
CVE-2026-38431 improper control of generation of code ('code injection') in the affected product. Runnable upgrade commands and verification
CVE-2026-3844 - CWE-434 Unrestricted Upload of File with Dangerous Type in Breeze Cache. Runnable patch commands, mitigation, and verificati
CVE-2026-38526 is an unrestricted file upload in PHP. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-38567 improper neutralization of special elements used in an sql command ('sql injecti in the affected product. Runnable upgrade co
CVE-2026-38835 is a command injection in Tenda W30E. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3891: Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload in Pix for WooCommerce. Patch commands and verification.
CVE-2026-3893 - CWE-306 in VASCO-B GNSS Receiver. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-38992 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-39087 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-39109 is a SQL injection in SQL Injection. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-3916 is a out of bounds read in Google Chrome. CVSS 9.6 Critical. Patch commands, mitigations, and verification.
CVE-2026-39305 is a arbitrary file write / path traversal in action orchestrator in Mervinpraison PraisonAI, fixed by the same patch as CVE-
CVE-2026-39322: PolarLearn: Any password authenticates banned accounts and grants API access in PolarLearn. Patch commands and verification.
CVE-2026-39324 is a cwe-287: improper authentication in rack-session. CVSS 9.3 Critical. Patch commands, mitigations, and verification.
CVE-2026-39337 is a churchcrm affected by unauthenticated rce in install wizard in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39339 is a churchcrm has an api authentication bypass in Churchcrm CRM, fixed by the same patch as CVE-2026-35534.
CVE-2026-39342 is a churchcrm has a sql injection searchwhat parameter via queryview.php in Churchcrm CRM, fixed by the same patch as CVE-20
CVE-2026-39355 is a cwe-862: missing authorization in Mgeurts genealogy. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-39382: dbt has a Command Injection in Reusable Workflow via Unsanitized comment-body Output in dbt-core. Patch commands and verific
CVE-2026-39397 is a cwe-862: missing authorization in Delmaredigital payload-puck. CVSS 9.4 Critical. Patch commands, mitigations, and verif
CVE-2026-39399 is an improper input validation in NuGetGallery. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-39405 is a path traversal in lms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-39440 - CWE-94 Improper Control of Generation of Code ('Code Injection') in FunnelFormsPro. Runnable patch commands, mitigation, an
CVE-2026-39462 - CWE-522 Insufficiently Protected Credentials in X3050. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-39531 is a SQL injection in WP Directory Kit. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-39617 is a cross-site request forgery (csrf) in Priyanshumittal Bluestreet. CVSS 9.6 Critical. Patch commands, mitigations, and ver
CVE-2026-39619 is a cross-site request forgery (csrf) in Priyanshumittal Busiprof. CVSS 9.6 Critical. Patch commands, mitigations, and verif
CVE-2026-39620 is a cross-site request forgery (csrf) in Priyanshumittal Appointment. CVSS 9.6 Critical. Patch commands, mitigations, and ve
CVE-2026-39640 is a cross-site request forgery (csrf) in Mndpsingh287 Theme Editor. CVSS 9.6 Critical. Patch commands, mitigations, and veri
CVE-2026-39808 is an OS command injection in FortiSandbox. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-39813 is an escalation of privilege in FortiSandbox. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-39842 is a code injection in openremote. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39846: bundle sibling of CVE-2026-34448. Same patched build closes both.
CVE-2026-39847: Emmett has a path traversal in internal assets handler in emmett. Patch commands and verification.
CVE-2026-39860: Nix sandbox escape: file write via symlink at FOD `.tmp` copy destination in nix. Patch commands and verification.
CVE-2026-39888: CWE-657: Violation of Secure Design Principles in praisonaiagents. Patch commands and verification.
CVE-2026-39890 is a cwe-502: deserialization of untrusted data in Mervinpraison PraisonAI, fixed by the same patch as CVE-2026-34934.
CVE-2026-39912 is an insertion of sensitive information into sent in Xboard. This page lists verified fix commands and short-term mitigation
CVE-2026-39918 is a code injection in Vvveb. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-39920 - CWE-1188 Initialization of a Resource with an Insecure Default in FileStore. Runnable patch commands, mitigation, and verif
CVE-2026-39980 is a vulnerability in opencti. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-4001: a code injection in Woocommerce Custom Product Addons Pro. Patched version and vendor advisory inside.
CVE-2026-40010 is a session fixation in Apache Wicket. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4003 is a missing authorization in Felixmartinez Users manager – PN. CVSS 9.8 Critical. Patch commands, mitigations, and verificati
CVE-2026-40035: Unfurl - Werkzeug Debugger Exposure via String Config Parsing in unfurl. Patch commands and verification.
CVE-2026-40042 is an exposure of file descriptor to unintended in Pachno. This page lists verified fix commands and short-term mitigations y
CVE-2026-40044 is a deserialization of untrusted data in Pachno. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-40050 is a missing authentication in LogScale Self-Hosted. This page lists verified fix commands and short-term mitigations you can
CVE-2026-40076 improper limitation of a pathname to a restricted directory ('path traversal') in openmrs-core. Runnable upgrade commands and
CVE-2026-40088 is an OS command injection in PraisonAI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40089 is a server-side request forgery in audiostreaming-stack. This page lists verified fix commands and short-term mitigations yo
CVE-2026-40111 is an OS command injection in PraisonAIAgents. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-40154 is a cwe-829: inclusion of functionality from untrusted in PraisonAI. This page lists verified fix commands and short-term mi
CVE-2026-40157 is a path traversal in PraisonAI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40173 is an information disclosure in dgraph. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40177 is an authentication bypass in ajenti. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40189 is a missing authorization in goshs. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40258 is a path traversal in gramps-web-api. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40281 improper neutralization of argument delimiters in a command ('argument injection in gotenberg. Runnable upgrade commands and
CVE-2026-40288 is an OS command injection in PraisonAI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40289 is a missing authentication in PraisonAI. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40313 is a cwe-829: inclusion of functionality from untrusted in PraisonAI. This page lists verified fix commands and short-term mi
CVE-2026-40317 is an improper privilege management in NovumOS. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-40322 is a cross-site scripting in siyuan. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40324 is a cwe-674: uncontrolled recursion in graphql-platform. This page lists verified fix commands and short-term mitigations yo
CVE-2026-40329 improper neutralization of special elements used in an sql command ('sql injecti in MasaCMS. Runnable upgrade commands and ve
CVE-2026-40330 improper neutralization of special elements used in an sql command ('sql injecti in MasaCMS. Runnable upgrade commands and ve
CVE-2026-40331 improper neutralization of special elements used in an sql command ('sql injecti in MasaCMS. Runnable upgrade commands and ve
CVE-2026-40342 is a path traversal in firebird. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40351 is a vulnerability in FastGPT. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40372 is a vulnerability in ASP.NET Core 10.0. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40379 is an information disclosure in Microsoft Entra. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-4038: CWE-862 Missing Authorization in Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit. Patch comm
CVE-2026-40402 is an use-after-free in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-40411: an improper input validation in Azure Virtual Network Gateway. Patched version and vendor advisory inside.
CVE-2026-40412: an unrestricted file upload in Azure Orbital Spatio. Patched version and vendor advisory inside.
CVE-2026-40453 - CWE-178 Improper Handling of Case Sensitivity in Apache Camel JMS. Runnable patch commands, mitigation, and verification on
CVE-2026-40470 - CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') in the affected product. Runnab
CVE-2026-40471 - CWE-352 Cross-Site request forgery (CSRF) in the affected product. Runnable patch commands, mitigation, and verification on
CVE-2026-40472 - CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') in the affected product. Runnab
CVE-2026-40477 is a vulnerability in org.thymeleaf:thymeleaf-spring5. This page lists verified fix commands and short-term mitigations you c
CVE-2026-40478 is a vulnerability in org.thymeleaf:thymeleaf-spring5. This page lists verified fix commands and short-term mitigations you c
CVE-2026-40484 is an improper privilege management in CRM. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-40492 is an out-of-bounds write in sail. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40493 is an out-of-bounds write in sail. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40494 is an out-of-bounds write in sail. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40504 is a heap buffer overflow in gravity. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40525 is a not failing securely in OpenViking. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40569 is a cwe-284: improper access control in freescout. This page lists verified fix commands and short-term mitigations you can
CVE-2026-40572 is an improper privilege management in NovumOS. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-40575 is a cwe-290: authentication bypass by spoofing in oauth2-proxy. This page lists verified fix commands and short-term mitigat
CVE-2026-40576 is a path traversal in excel-mcp-server. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40582 is a cwe-288: authentication bypass using an alternate in CRM. This page lists verified fix commands and short-term mitigatio
CVE-2026-40620 - CWE-306 Missing authentication for critical function in X3050. Runnable patch commands, mitigation, and verification on thi
CVE-2026-40621 is an authentication bypass in WRC-BE72XSD-B. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-40630 - CWE-288 Authentication bypass using an alternate path or channel in X3050. Runnable patch commands, mitigation, and verific
CVE-2026-40636 is a use of hard-coded credentials in ECS. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-40682 improper restriction of xml external entity reference in Apache OpenNLP. Runnable upgrade commands and verification steps for
CVE-2026-40797 improper neutralization of special elements used in an sql command ('sql injecti in WebinarIgnition. Runnable upgrade command
CVE-2026-40860 - CWE-502 Deserialization of Untrusted Data in Apache Camel. Runnable patch commands, mitigation, and verification on this pa
CVE-2026-40872 is a cross-site scripting in mailcow-dockerized. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-40884 is a missing authentication in goshs. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40887 is a SQL injection in vendure. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40903 is a cwe-829: inclusion of functionality from untrusted in goshs. This page lists verified fix commands and short-term mitiga
CVE-2026-40906 is a SQL injection in electric. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40911 is a code injection in AVideo. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40933 is an OS command injection in Flowise. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40946 is an authentication bypass in oxia. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-40959 is an inclusion of functionality from untrusted control in Luanti. This page lists verified fix commands and short-term mitig
CVE-2026-40976 - CWE-862: Missing Authorization in Spring Boot. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-40982 improper limitation of a pathname to a restricted directory ('path traversal') in Spring Cloud Config. Runnable upgrade comma
CVE-2026-41050 is an access control bypass in Rancher. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-41064 is an OS command injection in AVideo. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41070 is a improper authentication in openvpn-auth-oauth2. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-41089: a stack-based buffer overflow in Windows Server 2012. Patched version and vendor advisory inside.
CVE-2026-41090: an OS command injection in Microsoft 365 Copilot for iOS. Patched version and vendor advisory inside.
CVE-2026-41096 is a path traversal in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-41103: a vulnerability in Microsoft Confluence SAML SSO plugin. Patched version and vendor advisory inside.
CVE-2026-41104: an unsafe deserialization in Microsoft Planetary Computer Pro (GeoCat. Patched version and vendor advisory inside.
CVE-2026-41137 - CWE-94: Improper Control of Generation of Code ('Code Injection') in Flowise. Runnable patch commands, mitigation, and veri
CVE-2026-41167 - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Jellystat. Runnable patch c
CVE-2026-41176 - CWE-306: Missing Authentication for Critical Function in rclone. Runnable patch commands, mitigation, and verification on t
CVE-2026-41179 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rclone. Runnable patc
CVE-2026-4119 - CWE-862 Missing Authorization in Create DB Tables. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41193 is a path traversal in freescout. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41196 - CWE-94: Improper Control of Generation of Code ('Code Injection') in luanti. Runnable patch commands, mitigation, and verif
CVE-2026-41197 - CWE-131: Incorrect Calculation of Buffer Size in noir. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41201 improper neutralization of input during web page generation ('cross-site scripti in ci4ms. Runnable upgrade commands and veri
CVE-2026-41202 improper limitation of a pathname to a restricted directory ('path traversal') in ci4ms. Runnable upgrade commands and verifi
CVE-2026-41203 improper limitation of a pathname to a restricted directory ('path traversal') in ci4ms. Runnable upgrade commands and verifi
CVE-2026-41228 - CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in froxlor.
CVE-2026-41229 - CWE-94: Improper Control of Generation of Code ('Code Injection') in froxlor. Runnable patch commands, mitigation, and veri
CVE-2026-41242 is a code injection in protobuf.js. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41248 - CWE-436: Interpretation Conflict in astro. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41258 is a code injection in openmrs-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-41264 - CWE-184: Incomplete List of Disallowed Inputs in Flowise. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-41265 - CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in Flowise. Runnable patch comm
CVE-2026-41274 - CWE-943: Improper Neutralization of Special Elements in Data Query Logic in Flowise. Runnable patch commands, mitigation, a
CVE-2026-41315 is an OS command injection in mdserver-web. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-41327 - CWE-943: Improper Neutralization of Special Elements in Data Query Logic in dgraph. Runnable patch commands, mitigation, an
CVE-2026-41328 - CWE-943: Improper Neutralization of Special Elements in Data Query Logic in dgraph. Runnable patch commands, mitigation, an
CVE-2026-41329 is a cwe-648: incorrect use of privileged apis in OpenClaw. This page lists verified fix commands and short-term mitigations
CVE-2026-41386 - CWE-648: Incorrect Use of Privileged APIs in OpenClaw. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41409 - CWE-502 Deserialization of Untrusted Data in Apache MINA. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-41428 - CWE-287: Improper Authentication in budibase. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41446 - CWE-912 Hidden Functionality in WattBox 800. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-41460 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SocialEngine. Runnable patch
CVE-2026-41462 - CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ProjeQtor. Runnable patch co
CVE-2026-41468 - CWE-1104 Use of Unmaintained Third-Party Components in SicuroWeb (Sicuro24). Runnable patch commands, mitigation, and verif
CVE-2026-41478 - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in saltcorn. Runnable patch co
CVE-2026-4149 is a buffer overflow in Era 300. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-41492 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in dgraph. Runnable patch commands, mitigation, and ver
CVE-2026-41497 improper neutralization of special elements used in an os command ('os command i in PraisonAI. Runnable upgrade commands and
CVE-2026-41500 improper neutralization of special elements used in a command ('command injectio in electerm. Runnable upgrade commands and v
CVE-2026-41501 improper neutralization of special elements used in a command ('command injectio in electerm. Runnable upgrade commands and v
CVE-2026-41507 improper control of generation of code ('code injection') in math-codegen. Runnable upgrade commands and verification steps f
CVE-2026-41512 improper control of generation of code ('code injection') in ai-scanner. Runnable upgrade commands and verification steps for
CVE-2026-41551 is a path traversal in ROS#. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-41552 is a path traversal in PDF Export Module. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-41553 is an OS command injection in PDF Export Module. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-41571 is a improper authentication in note-mark. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-41574 is a improper authentication in nhost. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-41583 is a improper following of specification by caller in zebra. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-41584 is a reachable assertion in zebra. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-41586 is a deserialization of untrusted data in fabric. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-41588 is a observable timing discrepancy in relate. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-41589 improper limitation of a pathname to a restricted directory ('path traversal') in wish. Runnable upgrade commands and verific
CVE-2026-41615: an information disclosure in Microsoft Authenticator for Android. Patched version and vendor advisory inside.
CVE-2026-4163: Wavlink WL-WN579A3 POST Request wireless.cgi GuestWifi command injection in WL-WN579A3. Patch commands and verification.
CVE-2026-41635 - CWE-502 Deserialization of Untrusted Data in Apache MINA. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-4164: Wavlink WL-WN578W2 POST Request wireless.cgi GuestWifi command injection in WL-WN578W2. Patch commands and verification.
CVE-2026-41679 - CWE-287: Improper Authentication in paperclip. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-4170: Topsec TopACM HTTP Request nmc_sync.php os command injection in TopACM. Patch commands and verification.
CVE-2026-4177 is a cwe-122 heap-based buffer overflow in Toddr YAML::Syck. CVSS 9.1 Critical. Patch commands, mitigations, and verification.
CVE-2026-4181: D-Link DIR-816 goahead form2RepeaterStep2.cgi stack-based overflow in DIR-816. Patch commands and verification.
CVE-2026-4182: D-Link DIR-816 goahead form2Wl5RepeaterStep2.cgi stack-based overflow in DIR-816. Patch commands and verification.
CVE-2026-4183: D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow in DIR-816. Patch commands and verification.
CVE-2026-4184: D-Link DIR-816 goahead form2Wl5BasicSetup.cgi stack-based overflow in DIR-816. Patch commands and verification.
CVE-2026-41873 - CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in Pony Mail. Runnable patch comma
CVE-2026-41901 is a server-side template injection in thymeleaf. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-41902 is a insufficient session expiration in freescout. Patched version, runnable upgrade commands, and how to verify the fix land
CVE-2026-41922 improper neutralization of special elements used in an os command ('os command i in WDR201A WiFi Extender. Runnable upgrade c
CVE-2026-41923 improper neutralization of special elements used in an os command ('os command i in WDR201A WiFi Extender. Runnable upgrade c
CVE-2026-41924 improper neutralization of special elements used in an os command ('os command i in WDR201A WiFi Extender. Runnable upgrade c
CVE-2026-41925 improper neutralization of special elements used in an os command ('os command i in WDR201A WiFi Extender. Runnable upgrade c
CVE-2026-41926 improper neutralization of special elements used in an os command ('os command i in WDR201A WiFi Extender. Runnable upgrade c
CVE-2026-41930 is a missing authentication for critical function in Vvveb. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-41947: an insecure direct object reference (IDOR) in dify. Patched version and vendor advisory inside.
CVE-2026-41948 is a path traversal in dify. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42027 use of externally-controlled input to select classes or code ('unsafe reflection in Apache OpenNLP. Runnable upgrade commands
CVE-2026-42048 is a path traversal in langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42062 is an OS command injection in WRC-BE72XSD-B. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-42072 is a use of default credentials in NornicDB. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42076 improper neutralization of special elements used in an os command ('os command i in evolver. Runnable upgrade commands and ve
CVE-2026-42087 improper neutralization of special elements used in an sql command ('sql injecti in cosmos. Runnable upgrade commands and ver
CVE-2026-42088 is a execution with unnecessary privileges in cosmos. Patched version, runnable upgrade commands, and how to verify the fix l
CVE-2026-42090 improper neutralization of input during web page generation ('cross-site scripti in notesnook. Runnable upgrade commands and
CVE-2026-42097: an insecure direct object reference (IDOR) in Pro Cloud Server. Patched version and vendor advisory inside.
CVE-2026-42155 is a vulnerability in magento-lts. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42160 client-side enforcement of server-side security in dataspace-portal. Runnable upgrade commands and verification steps for sys
CVE-2026-42193 improper verification of cryptographic signature in plunk. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-42196 is a path traversal in django-s3file. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42231 improperly controlled modification of object prototype attributes ('prototype po in n8n. Runnable upgrade commands and verifi
CVE-2026-42232 improperly controlled modification of object prototype attributes ('prototype po in n8n. Runnable upgrade commands and verifi
CVE-2026-42238 improper control of generation of code ('code injection') in nginx-ui. Runnable upgrade commands and verification steps for s
CVE-2026-42281: a server-side request forgery (SSRF) in MagicMirror. Patched version and vendor advisory inside.
CVE-2026-42287 improper neutralization of special elements used in an sql command ('sql injecti in emlog. Runnable upgrade commands and veri
CVE-2026-42288 is a code injection in CRM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42298 improper control of generation of code ('code injection') in postiz-app. Runnable upgrade commands and verification steps for
CVE-2026-42300 is an authentication bypass in devguard. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-42302 is a missing authentication for critical function in FastGPT. Patched version, runnable upgrade commands, and how to verify t
CVE-2026-42354 is a authentication bypass by spoofing in sentry. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-42363 - CWE-656 - Reliance on Security Through Obscurity in GV-IP Device Utility. Runnable patch commands, mitigation, and verifica
CVE-2026-42364 improper neutralization of special elements used in an os command ('os command i in Gv-Lpc2011/Lpc2211. Runnable upgrade comm
CVE-2026-42368 is a incorrect privilege assignment in Gv-Lpc2011/Lpc2211. Patched version, runnable upgrade commands, and how to verify the
CVE-2026-42369 is a out-of-bounds write in Gv-Vms V20.0.2. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42370 is a out-of-bounds write in Gv-Vms V20.0.2. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42373 is a use of hard-coded credentials in DIR-605L Firmware. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2026-42374 is a use of hard-coded credentials in DIR-600L Firmware. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2026-42375 is a use of hard-coded credentials in DIR-600L Firmware. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2026-42376 is a use of hard-coded credentials in DIR-456U Firmware. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2026-42454 improper neutralization of special elements used in an os command ('os command i in Termix. Runnable upgrade commands and ver
CVE-2026-42457 is a cross-site scripting (XSS) in loft. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-42472 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42473 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-42484 - n/a in n/a. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-4252: Tenda AC8 IPv6 check_is_ipv6 ip address for authentication in AC8. Patch commands and verification.
CVE-2026-42523 - Security Vulnerability in Jenkins GitHub Plugin. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-4254: Tenda AC8 HTTP Endpoint SysToolChangePwd doSystemCmd stack-based overflow in AC8. Patch commands and verification.
CVE-2026-42555 is a code injection in valtimo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42560 is a improper authentication in auth. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42569 is a improper access control in phpvms. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4257 is a code injection in Contact Form by Supsystic. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-42571 is a incorrect authorization in pelican. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42589 is an OS command injection in gotenberg. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-42596 is a server-side request forgery (SSRF) in gotenberg. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-42601 improper neutralization of argument delimiters in a command ('argument injection in ArchiveBox. Runnable upgrade commands and
CVE-2026-42607 improper control of generation of code ('code injection') in grav. Runnable upgrade commands and verification steps for sysad
CVE-2026-42613 is a improper input validation in grav. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4277 is a privilege abuse in genericinlinemodeladmin in Djangoproject Django, fixed by the same patch as CVE-2026-3902.
CVE-2026-42778 - CWE-502 Deserialization of Untrusted Data in Apache MINA. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-42779 - CWE-502 Deserialization of Untrusted Data in Apache MINA. Runnable patch commands, mitigation, and verification on this pag
CVE-2026-42796 is a missing authentication for critical function in Arelle. Patched version, runnable upgrade commands, and how to verify th
CVE-2026-42809 is a missing authorization in Apache Polaris. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42810 improper encoding or escaping of output in Apache Polaris. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-42811 improper neutralization of special elements used in an expression language state in Apache Polaris. Runnable upgrade commands
CVE-2026-42812 is a incorrect authorization in Apache Polaris. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42822 is an authentication bypass in Azure Local. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-42823 is an access control bypass in Azure Logic Apps. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-42826 exposure of sensitive information to an unauthorized actor in Azure DevOps. Runnable upgrade commands and verification steps
CVE-2026-4283 is a vulnerability in WP DSGVO Tools (GDPR). Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-42833: a path traversal in Microsoft Dynamics 365 (on-premises) ver. Patched version and vendor advisory inside.
CVE-2026-42854 is a stack-based buffer overflow in arduino-esp32. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-42864 missing authentication for critical function in firefighter-incident. Runnable upgrade commands and verification steps for sy
CVE-2026-42869 is a improper authentication in CoPilot. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-42880 exposure of sensitive information to an unauthorized actor in argo-cd. Runnable upgrade commands and verification steps for s
CVE-2026-42882 improper limitation of a pathname to a restricted directory ('path traversal') in s3-proxy. Runnable upgrade commands and ver
CVE-2026-42889 is an access control bypass in relay-server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-42898: a code injection in Microsoft Dynamics 365 (on-premises) ver. Patched version and vendor advisory inside.
CVE-2026-42901 is a vulnerability in Microsoft Entra. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-42996 - CWE-121 Stack-based Buffer Overflow in JS8Call. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43011 - net/x25: Fix potential double free of skb in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43037 - ip6_tunnel: clear skb2->cb[] in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43038 - ipv6: icmp: clear skb2->cb[] in Linux. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-43039 - net: ti: icssg-prueth: fix missing data copy and wrong recycle in Linux. Runnable patch commands, mitigation, and verificat
CVE-2026-43067 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43071 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43083 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43114 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43117 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4312: DrangSoft|GCB/FCB Audit Software - Missing Authentication in GCB/FCB Audit Software. Patch commands and verification.
CVE-2026-43125 is a buffer overflow in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4317: SQL inyection in Umami Software application in Umami Software. Patch commands and verification.
CVE-2026-43185 is a buffer overflow in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43186 is a buffer overflow in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43197 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43198 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-4320: an authentication bypass in ICMS Content Management. Patched version and vendor advisory inside.
CVE-2026-43208 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43304 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43341 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43376 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43378 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43379 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43383 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43384 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43402 is a use-after-free in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43406 is a out-of-bounds read in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43407 is a integer overflow in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43414 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43465 is a security vulnerability in Linux. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43493 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43534 insufficient verification of data authenticity in OpenClaw. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-43566 is a incomplete list of disallowed inputs in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-43575 is a missing authorization in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43578 is a incomplete list of disallowed inputs in OpenClaw. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-43581 initialization of a resource with an insecure default in OpenClaw. Runnable upgrade commands and verification steps for sysad
CVE-2026-43585 operation on a resource after expiration or release in OpenClaw. Runnable upgrade commands and verification steps for sysadmi
CVE-2026-43633 is an unsafe deserialization in hestiacp. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-4365 is a missing authorization in LearnPress – WordPress LMS Plugin for Create and Sell Online Courses. This page lists verified f
CVE-2026-4370 is a improper certificate validation in Canonical Juju. CVSS 10 Critical. Patch commands, mitigations, and verification.
CVE-2026-43899 is a improper input validation in deepchat. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43900 improper neutralization of input during web page generation ('cross-site scripti in deepchat. Runnable upgrade commands and v
CVE-2026-43941 improper neutralization of argument delimiters in a command ('argument injection in electerm. Runnable upgrade commands and v
CVE-2026-43944 is a improper input validation in electerm. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-43948 is an access control bypass in wger. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43992 is an information disclosure in junoclaw. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-43997 is a code injection in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-43999 is an access control bypass in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44005 is a vulnerability in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44006 is a code injection in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44007 is an access control bypass in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44008 is a vulnerability in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44009 is a vulnerability in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44050 is a path traversal in Netatalk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44109 initialization of a resource with an insecure default in OpenClaw. Runnable upgrade commands and verification steps for sysad
CVE-2026-44125 is a missing authorization in Secure Email Gateway. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-44126 deserialization of untrusted data in Secure Email Gateway. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-44128 improper neutralization of directives in dynamically evaluated code ('eval injec in Secure Email Gateway. Runnable upgrade co
CVE-2026-4415 is a path traversal in Gigabyte Control Center. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-44159 is a vulnerability in TID-L. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44183 is an authentication bypass in Cleanuparr. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-44193 is a vulnerability in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44194 is an OS command injection in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44196 is a improper authentication in pingvin-share-x. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-44212 is a cross-site scripting (XSS) in PrestaShop. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-44221 is a incorrect authorization in arcadedb. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44225 improper limitation of a pathname to a restricted directory ('path traversal') in Pulpy. Runnable upgrade commands and verifi
CVE-2026-44257 improper neutralization of special elements used in a command ('command injectio in efw4.X. Runnable upgrade commands and ver
CVE-2026-44258 improper neutralization of special elements used in an os command ('os command i in efw4.X. Runnable upgrade commands and ver
CVE-2026-44262 improper control of generation of code ('code injection') in scramble. Runnable upgrade commands and verification steps for s
CVE-2026-44277 execute unauthorized code or commands in FortiAuthenticator. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-44313 is a server-side request forgery (ssrf) in linkwarden. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-44336 is a improper input validation in PraisonAI. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44343 is a improper input validation in WGDashboard. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44351 is an authentication bypass in fast-jwt. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-44364: a cross-site request forgery (CSRF) in misp-modules. Patched version and vendor advisory inside.
CVE-2026-44377 is a code injection in v6. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44381 is a SQL injection in MISP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44442 is a missing authorization in erpnext. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44482 is an improper input validation in soundcloud-rpc. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-44484 is a vulnerability in pytorch-lightning. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-44497 improper verification of cryptographic signature in zebra. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-44498 is a incorrect calculation in zebra. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44523 is a vulnerability in note-mark. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44542 is a path traversal in filebrowser. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44547 is a improper authentication in CRM. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-44551 is an authentication bypass in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-44588 is a cross-site scripting (XSS) in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-44592 is an authentication bypass in gradient. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-44643 improper neutralization of directives in dynamically evaluated code ('eval injec in angular-expressions. Runnable upgrade com
CVE-2026-44666 is an OS command injection in HRConvert2. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-44670 is a cross-site scripting (XSS) in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-44699 is a weak cryptography in libjwt. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-44717 is a code injection in mcp_calculate_server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-4478: Yi Technology YI Home Camera HTTP Firmware Update ipc signature verification in YI Home Camera. Patch commands and verificati
CVE-2026-45010 is a vulnerability in phpmyfaq. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45035 is an OS command injection in tabby. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45053 is an unrestricted file upload in v6. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45091 exposure of sensitive information to an unauthorized actor in sealed-env. Runnable upgrade commands and verification steps fo
CVE-2026-45158 is a vulnerability in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45185 is a use after free in Exim. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-45321 is a embedded malicious code in arktype-adapter. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-45375 is a cross-site scripting (XSS) in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-45391 is a improper input validation in Cribl Edge. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-45392 is a improper input validation in Cribl Stream. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-45393 is a improper input validation in Cribl Edge. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-45411 is a vulnerability in vm2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45444: an unrestricted file upload in Gift Cards For WooCommerce Pro. Patched version and vendor advisory inside.
CVE-2026-4567 is a stack-based buffer overflow in A15. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-45714 is a code injection in v6. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-45829 is a code injection in ChromaDB. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4585: an OS command injection in Easy7 Integrated Management Platform. Patched version and vendor advisory inside.
CVE-2026-4599 is a path traversal in jsrsasign. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4606 is a path traversal in GV-Edge Recording Manager. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-4631: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Red Hat Enterprise Linux 10. Pa
CVE-2026-46364 is a SQL injection in phpmyfaq. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4670 - CWE-305 Authentication bypass by primary weakness in MOVEit Automation. Runnable patch commands, mitigation, and verificatio
CVE-2026-46725: an unsafe deserialization in Extension "Content Element Selector". Patched version and vendor advisory inside.
CVE-2026-4681 is an unsafe deserialization in Windchill PDMLink. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-47280: an authentication bypass in Azure Resource Manager. Patched version and vendor advisory inside.
CVE-2026-4734 is a memory corruption in modizer. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4738 is a memory corruption in gdal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4739 is a vulnerability in ITK. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4744 is a path traversal in Notepad3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4745 is a code injection in perf-ninja. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4746 is an OS command injection in proton. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4750 is a path traversal in woof. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4753 is a path traversal in RetroDebugger. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4755 is a vulnerability in Android-ImageMagick7. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-4809 is an unrestricted file upload in laravel-mediable. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-4810 is a missing authentication in Agent Development Kit (ADK). This page lists verified fix commands and short-term mitigations y
CVE-2026-48172 is a vulnerability in cPanel Plugin. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-48241 is a cross-site scripting (XSS) in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-48242 is a cross-site scripting (XSS) in Tickets. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-48700 is a code injection in PCManFM-Qt. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-4880 is an improper privilege management in Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point
CVE-2026-4882 - CWE-434 Unrestricted Upload of File with Dangerous Type in User Registration Advanced Fields. Runnable patch commands, mitig
CVE-2026-4883 is an unrestricted file upload in Piotnet Forms. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-4885: an unrestricted file upload in Piotnet Addons For Elementor Pro. Patched version and vendor advisory inside.
CVE-2026-5058 is an OS command injection in aws-mcp-server. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-5059 is an OS command injection in aws-mcp-server. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-5081 generation of predictable numbers or identifiers in Apache::Session::Generate::ModUniqueId. Runnable upgrade commands and veri
CVE-2026-5085 is a generation of predictable numbers or identifiers in Solstice::Session. This page lists verified fix commands and short-te
CVE-2026-5118 is a local privilege escalation in Divi Form Builder. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-5166 - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Pardus Software Center. Runnable pa
CVE-2026-5189 is a hard-coded credentials in Nexus Repository. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-5194 is a certificate validation in wolfSSL. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5229: an authentication bypass in Receive Notifications After Form Submitt. Patched version and vendor advisory inside.
CVE-2026-5288 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5289 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5290 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5294 missing authorization in GeekyBot, AI Copilot, Chatbot, WooCommerce Lead Gen & Zero-Prompt Content. Runnable upgrade commands
CVE-2026-5387 is a missing authorization in Pipeline Simulation 2025. This page lists verified fix commands and short-term mitigations you c
CVE-2026-5412 is an improper authorization in Juju. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5433: an OS command injection in Control Network Module (CNM). Patched version and vendor advisory inside.
CVE-2026-5442 is an integer overflow in DICOM Server. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5443 is an integer overflow in DICOM Server. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5450 is a heap buffer overflow in glibc. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5463: Improper neutralization of special elements leading to command injection in pymetasploit3. Patch commands and verification.
CVE-2026-5627: Path Traversal in mintplex-labs/anything-llm in mintplex-labs/anything-llm. Patch commands and verification.
CVE-2026-5652 is a vulnerability in Crafty Controller. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5722 is a improper authentication in MoreConvert Pro. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-5731 is a remote code execution in Mozilla Firefox. CVSS 9.8 Critical. Patch commands, mitigations, and verification.
CVE-2026-5752 is a code injection in cohere-terrarium. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5760 is a code injection in SGLang. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5779 - CWE-284 Improper Access Control in Minerva. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-5850 is a totolink a7100ru cgi cstecgi.cgi setvpnpasscfg os command injection in Totolink A7100RU, fixed by the same patch as CVE-2
CVE-2026-5851 is a totolink a7100ru cgi cstecgi.cgi setupnpcfg os command injection in Totolink A7100RU, fixed by the same patch as CVE-2026
CVE-2026-5852 is a totolink a7100ru cgi cstecgi.cgi setiptvcfg os command injection in Totolink A7100RU, fixed by the same patch as CVE-2026
CVE-2026-5853 is a totolink a7100ru cgi cstecgi.cgi setipv6lancfg os command injection in Totolink A7100RU, fixed by the same patch as CVE-2
CVE-2026-5854 is a totolink a7100ru cgi cstecgi.cgi setwifieasycfg os command injection in Totolink A7100RU, fixed by the same patch as CVE-
CVE-2026-5874 is a use after free in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5902 is a race in Google Chrome, fixed by the same patch as CVE-2026-5272.
CVE-2026-5963 is a SQL injection in EasyFlow .NET. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5964 is a SQL injection in EasyFlow .NET. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5965 is an OS command injection in NewSoftOA. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5975 is a totolink a7100ru cgi cstecgi.cgi setdmzcfg os command injection in Totolink A7100RU, fixed by the same patch as CVE-2026-
CVE-2026-5976 is a totolink a7100ru cgi cstecgi.cgi setstoragecfg os command injection in Totolink A7100RU, fixed by the same patch as CVE-2
CVE-2026-5977 is a totolink a7100ru cgi cstecgi.cgi setwifibasiccfg os command injection in Totolink A7100RU, fixed by the same patch as CVE
CVE-2026-5978 is a totolink a7100ru cgi cstecgi.cgi setwifiaclrules os command injection in Totolink A7100RU, fixed by the same patch as CVE
CVE-2026-5993 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5994 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5995 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5996 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-5997 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6025 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6026 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6027 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6028 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6029 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6057 is a path traversal in FalkorDB Browser. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6074 - CWE-35 Path traversal: '.../...//' in 911 Emergency Gateway. Runnable patch commands, mitigation, and verification on this p
CVE-2026-6100 is an use-after-free in CPython. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6112 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6113 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6114 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6115 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6116 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6131 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6132 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6138 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6139 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6140 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6154 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6155 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6156 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6195 is an OS command injection in A7100RU. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6213 reliance on untrusted inputs in a security decision in SparkView. Runnable upgrade commands and verification steps for sysadmi
CVE-2026-6235 - CWE-862 Missing Authorization in Sendmachine for WordPress. Runnable patch commands, mitigation, and verification on this pa
CVE-2026-6257 is an unrestricted file upload in Vvveb CMS. This page lists verified fix commands and short-term mitigations you can run toda
CVE-2026-6264 is a missing authentication in Talend JobServer. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-6270 is a cwe-436: interpretation conflict in @fastify/middie. This page lists verified fix commands and short-term mitigations you
CVE-2026-6271 is an unrestricted file upload in Career Section. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-6279 is a vulnerability in Avada (Fusion) Builder. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-6284 is a cwe-521 in Cscape. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6296 is a heap buffer overflow in Chrome. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6348 is a missing authentication in WinMatrix. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6349 is an OS command injection in iSherlock-audit-4.5. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-6350 is a stack buffer overflow in MailAudit. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6356 - CWE-1220: Insufficient Granularity of Access Control in Augmentt. Runnable patch commands, mitigation, and verification on t
CVE-2026-6388 is an insufficient granularity of access control in Red Hat OpenShift GitOps. This page lists verified fix commands and short-
CVE-2026-6443 is an embedded malicious code in Accordion and Accordion Slider. This page lists verified fix commands and short-term mitigati
CVE-2026-6508 is a origin validation error in Liderahenk. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-6510 is a missing authorization in InfusedWoo Pro. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-6512 is a missing authorization in InfusedWoo Pro. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-6555: an unrestricted file upload in ProSolution WP Client. Patched version and vendor advisory inside.
CVE-2026-6644 is an OS command injection in ADM. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-6722 is a use after free in PHP. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-6748 is an use of uninitialized variable in Firefox. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-6760 is an authentication bypass using an alternate path in Firefox. This page lists verified fix commands and short-term mitigatio
CVE-2026-6768 is an authentication bypass using an alternate path in Firefox. This page lists verified fix commands and short-term mitigatio
CVE-2026-6771 is an authentication bypass using an alternate path in Firefox. This page lists verified fix commands and short-term mitigatio
CVE-2026-6795 url redirection to untrusted site ('open redirect') in DivvyDrive. Runnable upgrade commands and verification steps for sysadm
CVE-2026-6885 - CWE-434 Unrestricted upload of file with dangerous type in Borg SPM 2007. Runnable patch commands, mitigation, and verificat
CVE-2026-6886 - CWE-1390 Weak Authentication in Borg SPM 2007. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-6887 - CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') in Borg SPM 2007. Runnable patch
CVE-2026-6911 - CWE-347 Improper verification of cryptographic signature in AWS Ops Wheel. Runnable patch commands, mitigation, and verifica
CVE-2026-6919 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-6920 - Out of bounds read in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-6942 - CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection') in radare2. Runnable patch
CVE-2026-6951 - Remote Code Execution (RCE) in simple-git. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-6960: an unrestricted file upload in BookingPress Appointment Booking Pro. Patched version and vendor advisory inside.
CVE-2026-7037 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7121 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7122 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7123 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7124 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7125 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7136 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7137 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7138 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7139 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7140 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7152 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7153 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7154 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7155 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7156 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7161 - reliance on security through obscurity in GV-IP Device Utility. Runnable upgrade commands and verification steps for sysadmi
CVE-2026-7182 is a path traversal in Diagram. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-7202 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7203 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7204 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7240 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7241 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7242 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7243 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7244 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7248 - Buffer Overflow in DI-8100. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7284: a local privilege escalation in Easy Elements for Elementor – Addons & W. Patched version and vendor advisory inside.
CVE-2026-7321 - Sandbox escape due to incorrect boundary conditions in Firefox. Runnable patch commands, mitigation, and verification on thi
CVE-2026-7333 - Use after free in Chrome. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7372 is a out-of-bounds write in Gv-Vms V20.0.2. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7381 - CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in Plack::Middleware::XSendfile. Runnable patch commands,
CVE-2026-7411 improper limitation of a pathname to a restricted directory in Eclipse BaSyx. Runnable upgrade commands and verification steps
CVE-2026-7414 is a use of hard-coded credentials in Firmware. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7415 is a missing authentication for critical function in Firmware. Patched version, runnable upgrade commands, and how to verify t
CVE-2026-7428 is a use of default credentials in AlloyDB for PostgreSQL. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-7458 - CWE-288 Authentication Bypass Using an Alternate Path or Channel in User Verification by PickPlugins. Runnable patch command
CVE-2026-7482 is a out-of-bounds read in ollama. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7538 - OS Command Injection in A8000RU. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7546 - Stack-based Buffer Overflow in NR1800X. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-7567 - CWE-288 Authentication Bypass Using an Alternate Path or Channel in Temporary Login. Runnable patch commands, mitigation, an
CVE-2026-7637 is an unsafe deserialization in Boost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-7719 is a buffer overflow in Wa300. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7747 is a buffer overflow in N300Rh. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7813 is a improper access control in pgAdmin 4. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7823 is a os command injection in A8000Ru. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7834 is a stack-based buffer overflow in ipTIME NAS1dual. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-7853 is a buffer overflow in Di-8100. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7854 is a buffer overflow in Di-8100. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-7891 is a insecure inherited permissions in VerySecureApp. Patched version, runnable upgrade commands, and how to verify the fix la
CVE-2026-7908 is a use after free in Chrome. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8043 is a external control of file name or path in Xtraction. Patched version, runnable upgrade commands, and how to verify the fix
CVE-2026-8072 use of a broken or risky cryptographic algorithm in Ingecon Sun EMS Board. Runnable upgrade commands and verification steps fo
CVE-2026-8076 is a use of weak credentials in CashDro 3 Administration Panel. Patched version, runnable upgrade commands, and how to verify
CVE-2026-8091 improper check for unusual or exceptional conditions in Firefox. Runnable upgrade commands and verification steps for sysadmin
CVE-2026-8094 improper control of generation of code ('code injection') in Firefox. Runnable upgrade commands and verification steps for sys
CVE-2026-8134 is a path traversal in Concrete CMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8153 improper neutralization of special elements used in an os command ('os command i in PolyScope 5. Runnable upgrade commands and
CVE-2026-8181: an authentication bypass in Burst Statistics – Privacy-Friendly Word. Patched version and vendor advisory inside.
CVE-2026-8398 is a vulnerability in DAEMON Tools Lite. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-8401 is a protection mechanism failure in Firefox. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-8431 improper neutralization of special elements used in a command ('command injectio in Ops Manager. Runnable upgrade commands and
CVE-2026-8467 is a code injection in phoenix_storybook. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-8598: an authentication bypass in SSC335-GC2063-Face-0b77 Solution Camera. Patched version and vendor advisory inside.
CVE-2026-8631: a path traversal in HP Linux Imaging and Printing Software. Patched version and vendor advisory inside.
CVE-2026-8634 is a code injection in crabbox. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8670 is a vulnerability in Avantra. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-8836 is a stack-based buffer overflow in lwIP. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-8838: a code injection in Amazon Redshift connector for Python. Patched version and vendor advisory inside.
CVE-2026-9054 is a vulnerability in 9front. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-9059 is a SQL injection in NextGEN Gallery. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-9065 is a SQL injection in Surecart. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-9102 is a path traversal in Altium Enterprise Server. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-9129 is a path traversal in Altium Enterprise Server. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-9139: a cross-site scripting (XSS) in AG1000-01A SMS Alert Gateway. Patched version and vendor advisory inside.
CVE-2026-9141: an authentication bypass in AG1000-01A SMS Alert Gateway. Patched version and vendor advisory inside.
CVE-2026-9152 is an authentication bypass in Altium 365. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0007 is a cwe-1021 improper restriction of rendered ui layers or frames in Google Android. This page lists the verified fix and inl
CVE-2026-0008 is a cwe-441 unintended proxy or intermediary ('confused deputy') in Google Android. This page lists the verified fix and inli
CVE-2026-0010 is a out-of-bounds write in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0011 is a cwe-693 protection mechanism failure in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0013 is a cwe-441 unintended proxy or intermediary ('confused deputy') in Google Android. This page lists the verified fix and inli
CVE-2026-0017 is a cwe-693 protection mechanism failure in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0020 is a cwe-639 authorization bypass through user-controlled key in Google Android. This page lists the verified fix and inline m
CVE-2026-0021 is a cwe-441 unintended proxy or intermediary ('confused deputy') in Google Android. This page lists the verified fix and inli
CVE-2026-0023 is a privilege escalation in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0025 is a information exposure in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0026 is a missing authorization in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0028 is a integer overflow in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0029 is a privilege escalation in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0030 is a out-of-bounds write in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0031 is a integer overflow in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0032 is a privilege escalation in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0034 is a improper input validation in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0035 is a out-of-bounds read in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0037 is a security vulnerability in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0038 is a security vulnerability in Google Android. This page lists the verified fix and inline mitigations.
CVE-2026-0047 is a cwe-280 improper handling of insufficient permissions or privileges in Google Android. This page lists the verified fix a
CVE-2026-0073 incorrect implementation of authentication algorithm in Android. Runnable upgrade commands and verification steps for sysadmin
CVE-2026-0107 is a elevation of privilege in Google Android. CVSS 8.4 High. Patch commands, mitigations, and verification.
CVE-2026-0109 is a denial of service in Google Android. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-0112 is a elevation of privilege in Google Android. CVSS 7.4 High. Patch commands, mitigations, and verification.
CVE-2026-0117 is a elevation of privilege in Google Android. CVSS 8.4 High. Patch commands, mitigations, and verification.
CVE-2026-0118 is a elevation of privilege in Google Android. CVSS 8.4 High. Patch commands, mitigations, and verification.
CVE-2026-0122 is a remote code execution in Google Android. CVSS 8.4 High. Patch commands, mitigations, and verification.
CVE-2026-0123 is a elevation of privilege in Google Android. CVSS 8.4 High. Patch commands, mitigations, and verification.
CVE-2026-0204 - CWE-1390 Weak Authentication in SonicOS. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-0207 is an insertion of sensitive information into log in FlashBlade. This page lists verified fix commands and short-term mitigati
CVE-2026-0234 is a verification of cryptographic signature in Cortex XSIAM Microsoft Teams Marketplace. This page lists verified fix command
CVE-2026-0236 is a code injection in Prisma Browser. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0237 is an authentication bypass in Prisma Browser. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0263 is an OS command injection in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0264 is a path traversal in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0265 is an authentication bypass in Cloud NGFW. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-0383 is an OS command injection in Fabric OS. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0386: an access control bypass in Windows Server 2008 R2 Service Pack 1. Patched version and vendor advisory inside.
CVE-2026-0421 is a path traversal in ThinkPad L13 Gen 6 BIOS. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0432: a vulnerability in AMD Ryzen™ 4000 Series Mobile Processors. Patched version and vendor advisory inside.
CVE-2026-0485 is a vulnerability in SAP BusinessObjects BI Platform. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0490 is a vulnerability in SAP BusinessObjects BI Platform. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0492 is an authentication bypass in SAP HANA database. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-0506: a vulnerability in SAP NetWeaver Application Server ABAP an. Patched version and vendor advisory inside.
CVE-2026-0507: an OS command injection in SAP Application Server for ABAP and SAP . Patched version and vendor advisory inside.
CVE-2026-0508: a vulnerability in SAP BusinessObjects Business Intelligenc. Patched version and vendor advisory inside.
CVE-2026-0511: a vulnerability in SAP Fiori App (Intercompany Balance Reco. Patched version and vendor advisory inside.
CVE-2026-0522 is a local file inclusion in the file upload/download process in VertiGIS FM. CVSS 7.4 High. Patch commands, mitigations, and
CVE-2026-0532 is a vulnerability in Kibana. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0533 is a vulnerability in Fusion. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0534 is a vulnerability in Fusion. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0535 is a vulnerability in Fusion. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0536 is an OS command injection in 3ds Max. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0537 is an OS command injection in 3ds Max. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0538 is an OS command injection in 3ds Max. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0539 - CWE-276 Incorrect Default Permissions in pcvisit Remote Host Modul. Runnable patch commands, mitigation, and verification on
CVE-2026-0558 is an authentication bypass in parisneo/lollms. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0560 is a vulnerability in parisneo/lollms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0562 is an access control bypass in parisneo/lollms. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0573 is a vulnerability in Enterprise Server. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0595 is a vulnerability in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0599: a vulnerability in huggingface/text-generation-inference. Patched version and vendor advisory inside.
CVE-2026-0603 is a SQL injection in the product. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0617: a vulnerability in LatePoint – Calendar Booking Plugin for . Patched version and vendor advisory inside.
CVE-2026-0621 is a vulnerability in MCP TypeScript SDK. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0629: an authentication bypass in VIGI InSight Sx45 Series (S245/S345/S445. Patched version and vendor advisory inside.
CVE-2026-0630 is an OS command injection in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0631 is an OS command injection in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0634: Code Execution in AssistFeedbackService on TECNO Pova7 Pro 5G in TECNO Pova7 Pro 5G. Patch commands and verification.
CVE-2026-0640 is a vulnerability in AC23. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0648 is a path traversal in Eclipse ThreadX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0652 is an OS command injection in Tapo C260 v1. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-0653 is an access control bypass in Tapo C260 v1. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0654 is a OS command injection in TP-Link Systems Inc. Deco BE25 v1.0. This page lists the verified fix and inline mitigations.
CVE-2026-0656: a vulnerability in iPaymu Payment Gateway for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-0659 is an OS command injection in USD for Arnold. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0660 is a stack-based buffer overflow in 3ds Max. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-0661 is an OS command injection in 3ds Max. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0662 is a vulnerability in 3ds Max. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0686: Webmention <= 5.6.2 - Unauthenticated Blind Server-Side Request Forgery in Webmention. Patch commands and verification.
CVE-2026-0692: a vulnerability in BlueSnap Payment Gateway for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-0695 is a vulnerability in PSA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0702: a SQL injection in VidShop – Shoppable Videos for WooCommer. Patched version and vendor advisory inside.
CVE-2026-0708: Libucl: libucl: denial of service via embedded null byte in ucl input in libucl. Patch commands and verification.
CVE-2026-0709 is a vulnerability in DS-3WAP521-SI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0710 is a vulnerability in the product. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0714 is a vulnerability in UC-1200A Series. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0715 is a path traversal in UC-1200A Series. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0719: a stack-based buffer overflow in Red Hat Enterprise Linux 10. Patched version and vendor advisory inside.
CVE-2026-0723 is a path traversal in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0726: an unsafe deserialization in Nexter Extension – Security. Patched version and vendor advisory inside.
CVE-2026-0750 is an authentication bypass in Drupal Commerce Paybox. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-0752 is a cross-site scripting in GitLab GitLab. This page lists the verified fix and inline mitigations.
CVE-2026-0753 is a vulnerability in Super Simple Contact Form. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0754 is a cwe-321 in HP Inc VVX. This page lists the verified fix and inline mitigations.
CVE-2026-0757: an OS command injection in MCP Manager for Claude Desktop. Patched version and vendor advisory inside.
CVE-2026-0758: an OS command injection in mcp-server-siri-shortcuts. Patched version and vendor advisory inside.
CVE-2026-0762 is an unsafe deserialization in GPT Academic. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0765 is an OS command injection in Open WebUI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0766 is an OS command injection in Open WebUI. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0771 is a code injection in Langflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0772 is an unsafe deserialization in Langflow. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0774 is a vulnerability in WatchYourLAN. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0775 is an arbitrary file read in cli. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0776 is a vulnerability in Client. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0777 is a product ui does not warn user of unsafe actions in Xmind Xmind. This page lists the verified fix and inline mitigations.
CVE-2026-0778 is an authentication bypass in JuiceBox 40. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-0779 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0780 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0781 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0782 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0783 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0784 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0785 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0786 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0787 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0791: a stack-based buffer overflow in 8180 IP Audio Alerter. Patched version and vendor advisory inside.
CVE-2026-0792: a stack-based buffer overflow in 8180 IP Audio Alerter. Patched version and vendor advisory inside.
CVE-2026-0793 is a path traversal in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0794 is an use-after-free in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0795 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0796 is an OS command injection in 8180 IP Audio Alerter. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-0797 is a heap buffer overflow in GIMP GIMP. This page lists the verified fix and inline mitigations.
CVE-2026-0800: a vulnerability in User Submitted Posts – Enable Users to S. Patched version and vendor advisory inside.
CVE-2026-0805 is a path traversal in Crafty Controller. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-0807: a vulnerability in Frontis Blocks, Block Library for the B. Patched version and vendor advisory inside.
CVE-2026-0810 is a vulnerability in gitoxide. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0830 is an OS command injection in Kiro IDE. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0832 is a vulnerability in New User Approve. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0834 is an authentication bypass in Archer C20 v6.0. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-0836 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0837 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0838 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0839 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0840 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0841 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0844: an access control bypass in Simple User Registration. Patched version and vendor advisory inside.
CVE-2026-0845: a vulnerability in WCFM – Frontend Manager for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-0846: Arbitrary File Read via Absolute Path Input in nltk.util.filestring() in nltk/nltk. Patch commands and verification.
CVE-2026-0847 is a path traversal in nltk nltk/nltk. This page lists the verified fix and inline mitigations.
CVE-2026-0854 is an OS command injection in DH032. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0855 is an OS command injection in P2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0856: an access control bypass in Meona Client Launcher Component. Patched version and vendor advisory inside.
CVE-2026-0863 is a code injection in the product. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0869 is a authentication bypass by primary weakness in Brocade ASCG. This page lists the verified fix and inline mitigations.
CVE-2026-0870 is a path traversal in MacroHub. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0874 is an OS command injection in Shared Components. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0875 is an OS command injection in Shared Components. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0897 is an OS command injection in Keras. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0910 is an unsafe deserialization in wpForo Forum. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-0911: an unrestricted file upload in Hustle – Email Marketing. Patched version and vendor advisory inside.
CVE-2026-0912 is a vulnerability in Toret Manager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0918 is a vulnerability in Tapo C220 v1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0919 is an improper input validation in Tapo C220 v1. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-0924 is a vulnerability in BuhoCleaner. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0933 is an OS command injection in Wrangler. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0940 is a cwe-665: improper initialization in Lenovo ThinkPad T14 Gen 5 BIOS. CVSS 8.4 High. Patch commands, mitigations, and verif
CVE-2026-0954: Out-Of-Bounds Write When Opening a Corrupt DSB File in Digilent DASYLab in DASYLab. Patch commands and verification.
CVE-2026-0955: Out-Of-Bounds Read When Opening a Corrupt File in Digilent DASYLab in DASYLab. Patch commands and verification.
CVE-2026-0956 is a out-of-bounds read in digilent dasylab in Digilent DASYLab. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-0957 is a out-of-bounds write in digilent dasylab in Digilent DASYLab. CVSS 7.8 High. Patch commands, mitigations, and verification
CVE-2026-0958 is an interpretation conflict in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-0969 is a code injection in Shared library. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0974: a vulnerability in Orderable – Restaurant & Food Ordering S. Patched version and vendor advisory inside.
CVE-2026-0975 is an OS command injection in DIAView. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0980 is a OS command injection in Red Hat Red Hat Satellite 6.16 for RHEL 8. This page lists the verified fix and inline mitigation
CVE-2026-0983 is a vulnerability in M-Files Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-0994 is a vulnerability in Protobuf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1008 is a vulnerability in Altium Live. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1010 is a vulnerability in Altium Enterprise Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1018: a path traversal in Police Statistics Database System. Patched version and vendor advisory inside.
CVE-2026-1022 is a path traversal in Statistics Database System. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1023: an authentication bypass in Statistics Database System. Patched version and vendor advisory inside.
CVE-2026-1046 is an access control bypass in Mattermost. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1058: a vulnerability in Form Maker by 10Web – Mobile-Friendly Dr. Patched version and vendor advisory inside.
CVE-2026-1065: an unrestricted file upload in Form Maker by 10Web – Mobile-Friendly Dr. Patched version and vendor advisory inside.
CVE-2026-1069 is a uncontrolled recursion in gitlab in GitLab. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-1074: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in WP App Bar. Patch commands and
CVE-2026-1078 is a cwe-284: improper access control in Pegasystems Pega Robot Studio. CVSS 7.2 High. Patch commands, mitigations, and verifi
CVE-2026-1090: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab. Patch commands and ve
CVE-2026-1092 is a improper validation of specified quantity in input in gitlab in GitLab. CVSS 7.5 High. Patch commands, mitigations, and v
CVE-2026-1104: a vulnerability in FastDup – Fastest WordPress Migration & . Patched version and vendor advisory inside.
CVE-2026-1116 is a cross-site scripting in parisneo/lollms. This page lists verified fix commands and short-term mitigations you can run tod
CVE-2026-1117 is an access control bypass in parisneo/lollms. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1137 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1138 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1139 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1140 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1143 is a vulnerability in A3700R. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1155 is a vulnerability in LR350. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1156 is a vulnerability in LR350. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1157 is a vulnerability in LR350. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1158 is a vulnerability in LR350. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1186 is a path traversal in EAP Legislator. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1198 is a SQL injection in Simple SA Simple.ERP. This page lists the verified fix and inline mitigations.
CVE-2026-1216 is a vulnerability in RSS Aggregator – RSS Import. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1222: an unrestricted file upload in PrismX MX100 AP controller. Patched version and vendor advisory inside.
CVE-2026-1226: a code injection in EcoStruxure Building Operation Workstati. Patched version and vendor advisory inside.
CVE-2026-1227: a XML external entity (XXE) in EcoStruxure Building Operation Workstati. Patched version and vendor advisory inside.
CVE-2026-1233 is a use of hard-coded credentials in Mvirik Text to Speech – TTSWP. CVSS 7.5 High. Patch commands, mitigations, and verificat
CVE-2026-1238: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in SlimStat Analytics. Patch comm
CVE-2026-1241 is a cwe-288 authentication bypass using an alternate path or channel in Pelco, Inc. Sarix Professional IMP 3 Series. This pag
CVE-2026-1250: a SQL injection in Court Reservation – Manage Your Court Bo. Patched version and vendor advisory inside.
CVE-2026-1257 is a vulnerability in Administrative Shortcodes. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1260 is a memory corruption in Sentencepiece. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-1261: MetForm Pro <= 3.9.6 - Unauthenticated Stored Cross-Site Scripting in MetForm Pro. Patch commands and verification.
CVE-2026-1264: CWE-306 Missing authentication for critical function in Sterling B2B Integrator. Patch commands and verification.
CVE-2026-1273 is a SSRF in wpxpo Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX. This page lists the verified fix and
CVE-2026-1280 is a vulnerability in Frontend File Manager Plugin. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1283 is a path traversal in SOLIDWORKS eDrawings. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1284 is an OS command injection in SOLIDWORKS eDrawings. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1286: CWE-502 Deserialization of untrusted data in EcoStruxure™ Foxboro DCS. Patch commands and verification.
CVE-2026-1294: a vulnerability in All In One Image Viewer Block – Gutenber. Patched version and vendor advisory inside.
CVE-2026-1311 is a path traversal in bearsthemes Worry Proof Backup. This page lists the verified fix and inline mitigations.
CVE-2026-1313 is a vulnerability in MimeTypes Link Icons. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1315 is an improper input validation in Tapo C220 v1. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1316: a vulnerability in Customer Reviews for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-1320: a vulnerability in Secure Copy Content Protection and Conte. Patched version and vendor advisory inside.
CVE-2026-1321 is a missing authorization in stellarwp Membership Plugin – Restrict Content. This page lists the verified fix and inline miti
CVE-2026-1324: an OS command injection in Operation and Maintenance Management Sys. Patched version and vendor advisory inside.
CVE-2026-1328 is a vulnerability in NR1800X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1329 is a stack-based buffer overflow in AX1803. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1330 is a path traversal in MeetingHub. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1333 is a vulnerability in SOLIDWORKS eDrawings. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1334 is a path traversal in SOLIDWORKS eDrawings. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1335 is an OS command injection in SOLIDWORKS eDrawings. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1342: Inclusion of Functionality from Untrusted Control Sphere in Verify Identity Access Container. Patch commands and verification
CVE-2026-1343 is a server-side request forgery (ssrf) in IBM Verify Identity Access Container, fixed by the same patch as CVE-2026-1342.
CVE-2026-1345: bundle sibling of CVE-2026-1342. Same patched build closes both.
CVE-2026-1361 is a stack-based buffer overflow in ASDA-Soft. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1367 is a SQL injection in Zohocorp ManageEngine ADSelfService Plus. This page lists the verified fix and inline mitigations.
CVE-2026-1375: a vulnerability in Tutor LMS – eLearning and online course . Patched version and vendor advisory inside.
CVE-2026-1376 is a ibm i denial of service in IBM i. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-1388 is a regex denial of service in GitLab GitLab. This page lists the verified fix and inline mitigations.
CVE-2026-1400: an unrestricted file upload in AI Engine – The Chatbot. Patched version and vendor advisory inside.
CVE-2026-1420 is a vulnerability in AC23. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1426: an unsafe deserialization in Advanced AJAX Product Filters. Patched version and vendor advisory inside.
CVE-2026-1427: an OS command injection in Single Sign-On Portal System. Patched version and vendor advisory inside.
CVE-2026-1428: an OS command injection in Single Sign-On Portal System. Patched version and vendor advisory inside.
CVE-2026-1436 is a vulnerability in Graylog Web Interface. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-1442 is a use of hard-coded cryptographic key in Unitree UPK. This page lists the verified fix and inline mitigations.
CVE-2026-1448 is an OS command injection in DIR-615. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1454: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Lead Form Builder & Contact Fo
CVE-2026-1457 is a stack-based buffer overflow in VIGI C485 V1. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-1459 is a OS command injection in Zyxel VMG3625-T50B firmware. This page lists the verified fix and inline mitigations.
CVE-2026-1460 - CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection') in DX3301-T0 firmware. Run
CVE-2026-1462 is a deserialization of untrusted data in keras-team/keras. This page lists verified fix commands and short-term mitigations y
CVE-2026-1463: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in Photo Galle
CVE-2026-1465 is a memory corruption in anyRTC-RTMP-OpenSource. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-1486 is a vulnerability in Red Hat build of Keycloak 26.4. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-1498 is a vulnerability in Fireware OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1499: a path traversal in WP Duplicate – WordPress Migration Plugi. Patched version and vendor advisory inside.
CVE-2026-1505 is an OS command injection in DIR-615. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1506 is an OS command injection in DIR-615. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1507 is a vulnerability in PI Data Archive PI Server. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-1514: an access control bypass in Official Document Management System. Patched version and vendor advisory inside.
CVE-2026-1519 is a vulnerability in BIND 9. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1523 is a path traversal in Digitek ADT1100. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1526: CWE-409 Improper handling of highly compressed data (data amplification) in undici. Patch commands and verification.
CVE-2026-1528 is a cwe-248 uncaught exception in undici. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-1529: an authentication bypass in Red Hat build of Keycloak 26.2. Patched version and vendor advisory inside.
CVE-2026-1530: a code injection in Red Hat Satellite 6.16 for RHEL 8. Patched version and vendor advisory inside.
CVE-2026-1531: a code injection in Red Hat Satellite 6.16 for RHEL 8. Patched version and vendor advisory inside.
CVE-2026-1540: Spam Protect for Contact Form 7 < 1.2.10 - Editor+ Remote Code Execution in Spam Protect for Contact Form 7. Patch commands a
CVE-2026-1557 is a path traversal in stuartbates WP Responsive Images. This page lists the verified fix and inline mitigations.
CVE-2026-1560: a code injection in Custom Block Builder – Lazy Blocks. Patched version and vendor advisory inside.
CVE-2026-1565 is a unrestricted file upload in wedevs User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User
CVE-2026-1566 is a privilege escalation in latepoint LatePoint – Calendar Booking Plugin for Appointments and Events. This page lists the ve
CVE-2026-1567 is a XML external entity in IBM InfoSphere Information Server. This page lists the verified fix and inline mitigations.
CVE-2026-1580 is an improper input validation in ingress-nginx. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-1581 is a SQL injection in wpForo Forum. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1584 is a null pointer dereference in Red Hat Enterprise Linux 10. This page lists verified fix commands and short-term mitigations
CVE-2026-1585 is a unquoted search path or element in Canon Inc. IJ Scan Utility. This page lists the verified fix and inline mitigations.
CVE-2026-1605 is a denial of service via resource consumption in Eclipse Foundation Eclipse Jetty. This page lists the verified fix and inli
CVE-2026-1616 is a path traversal in osim. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1618 is an authentication bypass in FlexCity/Kiosk. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-1619 is a vulnerability in FlexCity/Kiosk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1620 is a control of filename for include/require statement in Livemesh Addons by Elementor. This page lists verified fix commands
CVE-2026-1637 is a stack-based buffer overflow in AC21. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-1648 is a vulnerability in Performance Monitor. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-1659 is a denial of service in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1662 is a resource exhaustion in GitLab GitLab. This page lists the verified fix and inline mitigations.
CVE-2026-1668: Input Validation Vulnerability on Multiple Omada Switches in SG2008P 3.2x. Patch commands and verification.
CVE-2026-1669 is an arbitrary file read in Keras. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1679 is a vulnerability in Zephyr. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1680 is a path traversal in Local Admin Service. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1686 is a vulnerability in A3600R. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1707 is a vulnerability in pgAdmin 4. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1708: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Appointment Booking Calendar,
CVE-2026-1714: a vulnerability in ShopLentor – All-in-One WooCommerce Grow. Patched version and vendor advisory inside.
CVE-2026-1719 improper neutralization of special elements used in an sql command ('sql injecti in Gravity Bookings. Runnable upgrade command
CVE-2026-1720 is a missing authorization in wpxpo WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation. Th
CVE-2026-1730 is an unrestricted file upload in OS DataHub Maps. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1741 is a vulnerability in ipTIME A8004T. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1750: a vulnerability in Ecwid by Lightspeed Ecommerce Shopping C. Patched version and vendor advisory inside.
CVE-2026-1756 is an unrestricted file upload in WP FOFT Loader. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-1761: a stack-based buffer overflow in Red Hat Enterprise Linux 10. Patched version and vendor advisory inside.
CVE-2026-1773 is a cwe-184 incomplete list of disallowed inputs in Hitachi Energy RTU500 series CMU firmware. This page lists the verified f
CVE-2026-1775 is a missing authentication in Labkotec LID-3300IP. This page lists the verified fix and inline mitigations.
CVE-2026-1777 is a vulnerability in SageMaker Python SDK. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-1779 is a cwe-288 authentication bypass using an alternate path or channel in wpeverest User Registration & Membership – Free & Pai
CVE-2026-1800 is a SQL injection in Fonts Manager | Custom Fonts. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1819 is a vulnerability in ViPort. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1837 is a vulnerability in libjxl. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1841: a vulnerability in PixelYourSite – Your smart PIXEL (TAG) &. Patched version and vendor advisory inside.
CVE-2026-1843 is a vulnerability in Super Page Cache. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1844: a vulnerability in PixelYourSite Pro – Your smart PIXEL (TA. Patched version and vendor advisory inside.
CVE-2026-1847 is an OS command injection in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1848 is an OS command injection in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1849 is a vulnerability in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1850 is an OS command injection in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-1866 is a vulnerability in Name Directory. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1874 is a cwe-670 always-incorrect control flow implementation in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Et
CVE-2026-1875 is a cwe-404 improper resource shutdown or release in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP M
CVE-2026-1876 is a cwe-404 improper resource shutdown or release in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet
CVE-2026-1916 is a missing authorization in javmah WPGSI: Spreadsheet Integration. This page lists the verified fix and inline mitigations.
CVE-2026-1929 is a code injection in mihail-barinov Advanced Woo Labels – Product Labels & Badges for WooCommerce. This page lists the verif
CVE-2026-1931 is a vulnerability in Rent Fetch. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1937: a vulnerability in YayMail – WooCommerce Email Customizer. Patched version and vendor advisory inside.
CVE-2026-1945 is a cross-site scripting in iqonicdesign WPBookit. This page lists the verified fix and inline mitigations.
CVE-2026-1947: CWE-639 Authorization Bypass Through User-Controlled Key in NEX-Forms – Ultimate Forms Plugin for WordPress. Patch commands a
CVE-2026-1953 is a vulnerability in Nukegraphic CMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-1958 is a hard-coded credentials in KlinikaXP Insertino. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-1961: an OS command injection in Red Hat Satellite 6.16 for RHEL 8. Patched version and vendor advisory inside.
CVE-2026-1988: a vulnerability in Flexi Product Slider and Grid for WooCom. Patched version and vendor advisory inside.
CVE-2026-1992: CWE-639 Authorization Bypass Through User-Controlled Key in ExactMetrics – Google Analytics Dashboard for WordPress (Website
CVE-2026-1993: CWE-269 Improper Privilege Management in ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin). Patc
CVE-2026-1999 is an access control bypass in Enterprise Server. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20002 is a SQL injection in Cisco Cisco Secure Firewall Management Center (FMC). This page lists the verified fix and inline mitiga
CVE-2026-20004 is an OS command injection in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-2001: a vulnerability in WowRevenue – Product Bundles & Bulk Disc. Patched version and vendor advisory inside.
CVE-2026-20010 is a buffer access with incorrect length value in Cisco Cisco NX-OS Software. This page lists the verified fix and inline mit
CVE-2026-20012 is a denial of service in IOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20014 is a missing release of memory after effective lifetime in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft
CVE-2026-20033 is a buffer access with incorrect length value in Cisco Cisco NX-OS System Software in ACI Mode. This page lists the verified
CVE-2026-20034 is a path traversal: ' in Cisco Unity Connection. Patched version, runnable upgrade commands, and how to verify the fix lande
CVE-2026-20035 server-side request forgery (ssrf) in Cisco Unity Connection. Runnable upgrade commands and verification steps for sysadmins.
CVE-2026-20039 is a improper clearing of heap memory before release ('heap inspection') in Cisco Cisco Secure Firewall Adaptive Security App
CVE-2026-2004 is an authentication bypass in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-20040 is a cisco ios xr software cli privilege escalation in Cisco IOS XR Software. CVSS 8.8 High. Patch commands, mitigations, and
CVE-2026-20046 is a cisco ios xr software cli privilege escalation in Cisco IOS XR Software. CVSS 8.8 High. Patch commands, mitigations, and
CVE-2026-20048 is a uncontrolled memory allocation in Cisco Cisco NX-OS System Software in ACI Mode. This page lists the verified fix and in
CVE-2026-20049 is a incorrect calculation of buffer size in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This pag
CVE-2026-2005 is a path traversal in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20051 is a use of uninitialized variable in Cisco Cisco NX-OS Software. This page lists the verified fix and inline mitigations.
CVE-2026-2006 is a vulnerability in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20062 is a incorrect execution-assigned permissions in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This
CVE-2026-2007 is a path traversal in PostgreSQL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20074 is a improper validation of specified type of input in Cisco IOS XR Software. CVSS 7.4 High. Patch commands, mitigations, and
CVE-2026-20082 is a missing release of resource after effective lifetime in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) So
CVE-2026-20084 is a denial of service in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20086 is a denial of service in Cisco IOS XE Software. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20094: Cisco Integrated Management Controller Command Injection in Cisco Unified Computing System (Standalone). Patch commands and
CVE-2026-20098: an unrestricted file upload in Cisco Meeting Management. Patched version and vendor advisory inside.
CVE-2026-20100 is a buffer overflow in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page lists the verified
CVE-2026-20101 is a use of insufficiently random values in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page
CVE-2026-20103 is a resource exhaustion in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Software. This page lists the verif
CVE-2026-20105 is a missing release of memory after effective lifetime in Cisco Cisco Secure Firewall Adaptive Security Appliance (ASA) Soft
CVE-2026-20119 is an authentication bypass in Cisco RoomOS Software. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-20125 is a path traversal in IOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20126 is a incorrect use of privileged apis in Cisco Cisco Catalyst SD-WAN Manager. This page lists the verified fix and inline mit
CVE-2026-20151: Cisco Smart Software Manager On-Prem Privilege Escalation in Cisco Smart Software Manager On-Prem. Patch commands and verifi
CVE-2026-20155: Cisco Evolved Programmable Network Manager Improper Authorization in Cisco Evolved Programmable Network Manager (EPNM). Patc
CVE-2026-20163: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does n
CVE-2026-20167 improper access control in Cisco IoT Field Network Director (IoT-FND). Runnable upgrade commands and verification steps for s
CVE-2026-20185 heap-based buffer overflow in Cisco Small Business Smart and Managed Switches. Runnable upgrade commands and verification ste
CVE-2026-2019 is a vulnerability in Cart All In One For WooCommerce. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-2020 is a unsafe deserialization in skatox JS Archive List. This page lists the verified fix and inline mitigations.
CVE-2026-20204 is a creating and using insecure temporary files in Splunk Cloud Platform. This page lists verified fix commands and short-te
CVE-2026-20205 is an information written to log files can in Splunk MCP Server. This page lists verified fix commands and short-term mitigat
CVE-2026-20224: an improper input validation in Cisco Catalyst SD-WAN Manager. Patched version and vendor advisory inside.
CVE-2026-20239 is an information disclosure in Splunk Enterprise. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-2024 is a SQL injection in PhotoStack Gallery. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-20240 is a vulnerability in Splunk Enterprise. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2025 is a information exposure in Unknown Mail Mint. This page lists the verified fix and inline mitigations.
CVE-2026-2033 is a path traversal in MLflow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2034 is a vulnerability in DICOM Viewer Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2036 is an unsafe deserialization in Archiver. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2037 is an unsafe deserialization in Archiver. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2038 is a vulnerability in Archiver. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2039 is a vulnerability in Archiver. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2040 is a vulnerability in PDF-XChange Editor. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2041 is an OS command injection in Host. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20416 is a out-of-bounds write in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-2042 is an OS command injection in Host. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20423 is a cwe-749 exposed dangerous method or function in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and in
CVE-2026-2043 is an OS command injection in Host. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20430 is a out-of-bounds write in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-20432 is a out-of-bounds write in Mediatek, Inc. MediaTek chipset, fixed by the same patch as CVE-2026-20431.
CVE-2026-20433 is a out-of-bounds write in Mediatek, Inc. MediaTek chipset, fixed by the same patch as CVE-2026-20431.
CVE-2026-20434 is a out-of-bounds write in MediaTek, Inc. MediaTek chipset. This page lists the verified fix and inline mitigations.
CVE-2026-2044 is a vulnerability in GIMP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2045 is an OS command injection in GIMP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2047 is a path traversal in GIMP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2048 is an OS command injection in GIMP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2052 - CWE-94 Improper Control of Generation of Code ('Code Injection') in Widget Options – Advanced Conditional Visibility for Gut
CVE-2026-2066 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2067 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2068 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2070 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2071 is a vulnerability in 进取 520W. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20714: an out-of-bounds write in Intel(R) QAT software drivers for Window. Patched version and vendor advisory inside.
CVE-2026-2072: a vulnerability in Hitachi Infrastructure Analytics Advisor. Patched version and vendor advisory inside.
CVE-2026-20738: a vulnerability in Intel(R) QuickAssist Adapter 8960 softwa. Patched version and vendor advisory inside.
CVE-2026-20742 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-20748 is a cwe-613 in Everon api.everon.io. This page lists the verified fix and inline mitigations.
CVE-2026-20751: a vulnerability in Intel(R) Data Center Graphics Driver for. Patched version and vendor advisory inside.
CVE-2026-20753: a vulnerability in Slim Bootloader may allow an escalation . Patched version and vendor advisory inside.
CVE-2026-20759: an OS command injection in Multiple Network Cameras TRIFORA 3 serie. Patched version and vendor advisory inside.
CVE-2026-20761 is a command injection in EnOcean Edge Inc SmartServer IoT. This page lists the verified fix and inline mitigations.
CVE-2026-20764 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-20766 - CWE-122 in MS-Cxx63-PD. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-20767: a vulnerability in Intel(R) QAT software drivers for Window. Patched version and vendor advisory inside.
CVE-2026-20777 is a heap buffer overflow in The Biosig Project libbiosig. This page lists the verified fix and inline mitigations.
CVE-2026-20792 is a cwe-307 in Chargemap chargemap.com. This page lists the verified fix and inline mitigations.
CVE-2026-2080 is an OS command injection in HiPER 810. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-20803: an authentication bypass in Microsoft SQL Server 2022 (GDR). Patched version and vendor advisory inside.
CVE-2026-20804 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20808 is a vulnerability in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20809 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20810 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20811 is a vulnerability in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20814 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20815 is a vulnerability in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20816 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20817 is a vulnerability in Windows 10 Version 21H2. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20820 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20822 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20826 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20830 is a vulnerability in Windows Server 2025. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-20831 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20832 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20836 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20837 is a path traversal in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2084 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20840 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20841 is an OS command injection in Windows Notepad. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20842 is an use-after-free in Windows 10 Version 21H2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20843: an access control bypass in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20844 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20846 is a vulnerability in Microsoft Office for Android. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-20848 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20849 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2085 is an OS command injection in DWR-M921. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20852 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20853 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20854 is an use-after-free in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20856: an improper input validation in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-20857 is a path traversal in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20858 is an use-after-free in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20859 is an use-after-free in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-2086 is a vulnerability in HiPER 810G. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20860 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20861 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20863 is a vulnerability in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20864 is a path traversal in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20865 is an use-after-free in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20866 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20867 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20868 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20869 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20870 is an use-after-free in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20871 is an use-after-free in Windows 10 Version 21H2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20873 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20874 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20875 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20877 is an use-after-free in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20879: an out-of-bounds write in Intel(R) Data Center Graphics Driver for. Patched version and vendor advisory inside.
CVE-2026-20882 is a cwe-307 in Mobiliti e-mobi.hu. This page lists the verified fix and inline mitigations.
CVE-2026-20884 is a cwe-190: integer overflow or wraparound in LibRaw. CVSS 8.1 High. Patch commands, mitigations, and verification.
CVE-2026-20887 is a denial of service in Intel Vision software. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20892 is a code injection in Micro Research Ltd. MR-GM5L-S1. CVSS 7.2 High. Patch commands, mitigations, and verification.
CVE-2026-20893: a vulnerability in Fujitsu Security Solution AuthConductor . Patched version and vendor advisory inside.
CVE-2026-20895 is a cwe-613 in EV2GO ev2go.io. This page lists the verified fix and inline mitigations.
CVE-2026-20902 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-20910 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-20915 is a stored cross-site scripting in pending changes sidebar in Checkmk Gmbh Checkmk, fixed by the same patch as CVE-2026-3466
CVE-2026-20916 is a path traversal in BIG-IQ. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20918 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20919 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2092: Improper Validation of Specified Type of Input in Red Hat build of Keycloak 26.2. Patch commands and verification.
CVE-2026-20920 is an use-after-free in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20921 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20922 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20923 is an use-after-free in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20924 is an use-after-free in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-20926 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20929: an access control bypass in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-2093 is a SQL injection in Docpedia. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20930 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-20931 is an arbitrary file read in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-20934 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20938 is a path traversal in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2094 is a SQL injection in Docpedia. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20940 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20941 is a vulnerability in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20943 is a vulnerability in Microsoft Office 2016. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-20944: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-20946: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-20947: a SQL injection in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-20948: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-20949: an access control bypass in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-20950: an use-after-free in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-20951: an improper input validation in Microsoft SharePoint Enterprise Server 2. Patched version and vendor advisory inside.
CVE-2026-20952: an use-after-free in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-20953: an use-after-free in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-20955: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-20956: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-20957: a vulnerability in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-20960: an access control bypass in Microsoft Power Apps Desktop Client. Patched version and vendor advisory inside.
CVE-2026-20965: an authentication bypass in Windows Admin Center in Azure Portal. Patched version and vendor advisory inside.
CVE-2026-20967: System Center Operations Manager (SCOM) Elevation of Privilege in System Center Operations Manager 2019. Patch commands and
CVE-2026-2097 is an unrestricted file upload in Agentflow. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-20971 is an use-after-free in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-20979 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20980 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20983 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-20985 is a vulnerability in Samsung Members. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-20987 is an access control bypass in GalaxyDiagnostics. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-20990: Improper Export of Android Application Components in Samsung Mobile Devices. Patch commands and verification.
CVE-2026-20996: CWE-327 Use of a Broken or Risky Cryptographic Algorithm in Smart Switch. Patch commands and verification.
CVE-2026-20998 is a cwe-287 - improper authentication in Samsung Mobile Smart Switch. CVSS 7.1 High. Patch commands, mitigations, and verifi
CVE-2026-20999 is a cwe-294 - authentication bypass by replay in Samsung Mobile Smart Switch. CVSS 7.1 High. Patch commands, mitigations, an
CVE-2026-21000 is a improper access control in Samsung Mobile Galaxy Store. CVSS 7 High. Patch commands, mitigations, and verification.
CVE-2026-21005: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Smart Switch. Patch command
CVE-2026-2101 is a vulnerability in ENOVIAvpm Web Access. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21019 is a vulnerability in Samsung Mobile Devices. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2103 is a hard-coded credentials in SyteLine ERP. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2118 is an OS command injection in HiPER 810. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2120 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21218 is a vulnerability in .NET 10.0. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21219 is an use-after-free in Windows SDK. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21221 is a vulnerability in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21223: a vulnerability in Microsoft Edge (Chromium-based). Patched version and vendor advisory inside.
CVE-2026-21224: a stack-based buffer overflow in Azure Connected Machine Agent. Patched version and vendor advisory inside.
CVE-2026-21226: an unsafe deserialization in Azure Core shared client library for Pyt. Patched version and vendor advisory inside.
CVE-2026-21227 is a path traversal in Azure Logic Apps. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21228 is a code injection in Azure Local. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21229: an improper input validation in Power BI Report Server. Patched version and vendor advisory inside.
CVE-2026-2123: Privilege escalation vulnerability in Operations Agent in Operations Agent. Patch commands and verification.
CVE-2026-21231 is a vulnerability in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21232 is a path traversal in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21234 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21235 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-21236 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21237 is a vulnerability in Windows 10 Version 21H2. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21238: an access control bypass in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-21239 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21240 is a vulnerability in Windows 10 Version 1809. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21241 is an use-after-free in Windows 11 version 22H3. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-21242 is an use-after-free in Windows 10 Version 21H2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-21243 is a vulnerability in Windows Server 2019. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21244 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21245 is a path traversal in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21246 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21247: an improper input validation in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-21248 is a path traversal in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21250 is a path traversal in Windows 11 Version 24H2. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21251 is an use-after-free in Windows Server 2016. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21253 is an use-after-free in Windows 10 Version 1607. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-21255: an access control bypass in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-21256: an OS command injection in Microsoft Visual Studio 2022 version 17.. Patched version and vendor advisory inside.
CVE-2026-21257: an OS command injection in Microsoft Visual Studio 2022 version 17.. Patched version and vendor advisory inside.
CVE-2026-21259: a path traversal in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-21260: an information disclosure in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-21262: SQL Server Elevation of Privilege in Microsoft SQL Server 2016 Service Pack 3 (GDR). Patch commands and verification.
CVE-2026-21267 is an OS command injection in Dreamweaver Desktop. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-21268: an improper input validation in Dreamweaver Desktop. Patched version and vendor advisory inside.
CVE-2026-21271: an improper input validation in Dreamweaver Desktop. Patched version and vendor advisory inside.
CVE-2026-21272: an improper input validation in Dreamweaver Desktop. Patched version and vendor advisory inside.
CVE-2026-21274 is an access control bypass in Dreamweaver Desktop. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-21275 is a vulnerability in InDesign Desktop. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21276 is a vulnerability in InDesign Desktop. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21277 is a path traversal in InDesign Desktop. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21280 is a vulnerability in Illustrator. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21281 is a path traversal in InCopy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21283 is a path traversal in Bridge. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21284: Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Commerce. Patch commands and verification.
CVE-2026-21287 is an use-after-free in Substance3D - Stager. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21289 is a adobe commerce | incorrect authorization (cwe-863) in Adobe Commerce. CVSS 7.5 High. Patch commands, mitigations, and ve
CVE-2026-2129 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21290: Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Commerce. Patch commands and verification.
CVE-2026-21298 is an OS command injection in Substance3D - Modeler. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-21299 is an OS command injection in Substance3D - Modeler. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-21304 is a path traversal in InDesign Desktop. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21305 is an OS command injection in Substance3D - Painter. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-21306 is an OS command injection in Substance3D - Sampler. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-21307 is an OS command injection in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-21309 is a adobe commerce | incorrect authorization (cwe-863) in Adobe Commerce. CVSS 7.5 High. Patch commands, mitigations, and ve
CVE-2026-21311: Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Commerce. Patch commands and verification.
CVE-2026-21312 is an OS command injection in Audition. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21318 is an OS command injection in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21320 is an use-after-free in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21321 is a vulnerability in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21322 is a path traversal in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21323 is an use-after-free in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21324 is a path traversal in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21325 is a path traversal in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21326 is an use-after-free in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21327 is an OS command injection in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21328 is an OS command injection in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21329 is an use-after-free in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21330 is a vulnerability in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21333 is a illustrator | untrusted search path (cwe-426) in Adobe Illustrator. CVSS 8.6 High. Patch commands, mitigations, and veri
CVE-2026-21334 is an OS command injection in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-21335 is an OS command injection in Substance3D - Designer. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-21341 is an OS command injection in Substance3D - Stager. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-21342 is an OS command injection in Substance3D - Stager. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-21343 is a path traversal in Substance3D - Stager. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21344 is a path traversal in Substance3D - Stager. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21345 is a path traversal in Substance3D - Stager. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21346 is an OS command injection in Bridge. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21347 is a vulnerability in Bridge. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21349 is an OS command injection in Lightroom Desktop. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-21351 is an use-after-free in After Effects. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21352 is an OS command injection in DNG SDK. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21353 is a vulnerability in DNG SDK. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21357 is a path traversal in InDesign Desktop. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21361: Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Commerce. Patch commands and verification.
CVE-2026-21362 is a illustrator | out-of-bounds write (cwe-787) in Adobe Illustrator. CVSS 7.8 High. Patch commands, mitigations, and verifi
CVE-2026-21367 is a buffer over-read in wlan firmware in Qualcomm, Inc. Snapdragon. CVSS 7.6 High. Patch commands, mitigations, and verifica
CVE-2026-2137 is a vulnerability in TX3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21371 is a buffer over-read in winblast driver in Qualcomm, Inc. Snapdragon, fixed by the same patch as CVE-2026-21367.
CVE-2026-21372 is a heap-based buffer overflow in power management ic in Qualcomm, Inc. Snapdragon, fixed by the same patch as CVE-2026-2136
CVE-2026-21373 is a buffer over-read in camera in Qualcomm, Inc. Snapdragon, fixed by the same patch as CVE-2026-21367.
CVE-2026-21374 is a buffer over-read in camera in Qualcomm, Inc. Snapdragon, fixed by the same patch as CVE-2026-21367.
CVE-2026-21375 is a buffer over-read in camera in Qualcomm, Inc. Snapdragon, fixed by the same patch as CVE-2026-21367.
CVE-2026-21376 is a buffer over-read in camera in Qualcomm, Inc. Snapdragon, fixed by the same patch as CVE-2026-21367.
CVE-2026-21378 is a buffer over-read in camera in Qualcomm, Inc. Snapdragon, fixed by the same patch as CVE-2026-21367.
CVE-2026-2138 is a vulnerability in TX9. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21380 is a use after free in dsp service in Qualcomm, Inc. Snapdragon, fixed by the same patch as CVE-2026-21367.
CVE-2026-21381 is a buffer over-read in wlan firmware in Qualcomm, Inc. Snapdragon, fixed by the same patch as CVE-2026-21367.
CVE-2026-21382: bundle sibling of CVE-2026-21367. Same patched build closes both.
CVE-2026-21389 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-2139 is a vulnerability in TX9. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2140 is a vulnerability in TX9. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21408 is a vulnerability in beat-access for Windows. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21411: an authentication bypass in OpenBlocks IoT DX1 (FW5.0.x). Patched version and vendor advisory inside.
CVE-2026-21417 is a path traversal in CloudBoost Virtual Appliance. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-21418 is an OS command injection in Unity. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2142 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21420 is a uncontrolled search path element in Dell Repository Manager. This page lists the verified fix and inline mitigations.
CVE-2026-21427 is a vulnerability in USB DAC Amplifier APS-DA101JS. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-21428 is a vulnerability in cpp-httplib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2143 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21430 is a vulnerability in emlog. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21433 is a vulnerability in emlog. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2144 is a vulnerability in Magic Login Mail or QR Code. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-21441 is a vulnerability in urllib3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21445 is an authentication bypass in langflow. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21446 is an authentication bypass in bagisto. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21447 is an access control bypass in bagisto. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21448 is a server-side template injection in bagisto. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21449 is a server-side template injection in bagisto. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21450 is a server-side template injection in bagisto. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21452 is an unsafe deserialization in msgpack-java. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21485 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21486 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21507 is a denial of service in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21508: an authentication bypass in Windows 10 Version 1607. Patched version and vendor advisory inside.
CVE-2026-2151 is an OS command injection in DIR-615. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21511: an unsafe deserialization in Microsoft 365 Apps for Enterprise. Patched version and vendor advisory inside.
CVE-2026-21516: an OS command injection in GitHub Copilot Plugin for JetBrains IDEs. Patched version and vendor advisory inside.
CVE-2026-21518: an OS command injection in Microsoft Visual Studio Code CoPilot Cha. Patched version and vendor advisory inside.
CVE-2026-2152 is an OS command injection in DIR-615. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21520: an OS command injection in Microsoft Copilot Studio. Patched version and vendor advisory inside.
CVE-2026-21521 is a vulnerability in Microsoft 365 Word Copilot. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-21523: a vulnerability in Microsoft Visual Studio Code CoPilot Cha. Patched version and vendor advisory inside.
CVE-2026-21524 is an information disclosure in Azure Data Explorer. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-21532 is an information disclosure in Azure Functions. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-21535 is an access control bypass in Microsoft Teams. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-21537: a code injection in Microsoft Defender for Endpoint for Linu. Patched version and vendor advisory inside.
CVE-2026-2155 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21569 is a XML external entity (XXE) in Crowd Data Center. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-2157 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21570 is a rce (remote code execution) in Atlassian Bamboo Data Center. CVSS 8.6 High. Patch commands, mitigations, and verificatio
CVE-2026-21618 is a vulnerability in hexpm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21621 is a incorrect authorization in hexpm hexpm. This page lists the verified fix and inline mitigations.
CVE-2026-21633 is a vulnerability in UniFi Protect Application. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-21638 is a vulnerability in UBB-XG. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21641 is a vulnerability in Revive Adserver. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21654 is a OS command injection in Johnson Controls Frick Controls Quantum HD. This page lists the verified fix and inline mitigati
CVE-2026-21656 is a code injection in Johnson Controls Frick Controls Quantum HD. This page lists the verified fix and inline mitigations.
CVE-2026-21657 is a code injection in Johnson Controls Frick Controls Quantum HD. This page lists the verified fix and inline mitigations.
CVE-2026-21658 is a code injection in Johnson Controls Frick Controls Quantum HD. This page lists the verified fix and inline mitigations.
CVE-2026-21659 is a relative path traversal in Johnson Controls Frick Controls Quantum HD. This page lists the verified fix and inline mitig
CVE-2026-21661 is a uncontrolled search path element in Ac2000. Patched version, runnable upgrade commands, and how to verify the fix landed
CVE-2026-21665 is a unsafe deserialization in Fiserv Originate Loans Peripherals (formerly Velocity Services) -- Print Service component. Th
CVE-2026-21668 is a security vulnerability in Veeam Backup and Replication. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-21670 is a security vulnerability in Veeam Backup and Replication. CVSS 7.7 High. Patch commands, mitigations, and verification.
CVE-2026-21672: CWE-538 File and Directory Information Exposure in Backup and Replication. Patch commands and verification.
CVE-2026-21673 is a vulnerability in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21676 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21677 is a vulnerability in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21678 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21679 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21681 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21682 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21683 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21684 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21685 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21686 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21687 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21688 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21692 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21693 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21696 is a vulnerability in wings. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21697 is a vulnerability in axios4go. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21710 is a vulnerability in node. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21719 is an OS command injection in CubeCart. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-21720 is a vulnerability in grafana/grafana-enterprise. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-21721 is a vulnerability in grafana/grafana. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21728 - Tempo query limit results in Tempo. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-21733 is an improper input validation in Graphics DDK. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-2175 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21765: HCL BigFix Platform is affected by insecure permissions on private cryptographic keys in BigFix Platform. Patch commands and
CVE-2026-2180 is a stack-based buffer overflow in RX3. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2181 is a stack-based buffer overflow in RX3. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2182 is an OS command injection in 进取 521G. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21821: a cross-site scripting (XSS) in BigFix SCM Reporting. Patched version and vendor advisory inside.
CVE-2026-2185 is a stack-based buffer overflow in RX3. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21853 is a code injection in toeverything AFFiNE. This page lists the verified fix and inline mitigations.
CVE-2026-21856 is a SQL injection in tarkov-data-manager. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-21857 is a path traversal in redaxo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2186 is a stack-based buffer overflow in RX3. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21862 is an authentication bypass in rustfs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21863 is a out-of-bounds read in valkey-io valkey. This page lists the verified fix and inline mitigations.
CVE-2026-21868 is a vulnerability in flagForge. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21869 is an OS command injection in llama.cpp. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2187 is a stack-based buffer overflow in RX3. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21873 is a vulnerability in nicegui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21878 is a path traversal in bacnet-stack. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2188 is an OS command injection in 进取 521G. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21882 is a improper check for dropped privileges in AsfhtgkDavid theshit. This page lists the verified fix and inline mitigations.
CVE-2026-21884 is a vulnerability in react-router. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21887 is a cwe-918: server-side request forgery (ssrf) in Opencti-platform opencti. CVSS 7.7 High. Patch commands, mitigations, and
CVE-2026-21888: MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() in nanomq. Patch commands and verification.
CVE-2026-21897 is an OS command injection in CryptoLib. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-21898 is a path traversal in CryptoLib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21900 is a path traversal in CryptoLib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21905 is a denial of service in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21906 is a vulnerability in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21908 is an use-after-free in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2191 is a stack-based buffer overflow in AC9. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21913 is a vulnerability in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21914 is a vulnerability in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21916 is an unix symbolic link (symlink) following in Junos OS. This page lists verified fix commands and short-term mitigations yo
CVE-2026-21917 is a vulnerability in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21918 is a vulnerability in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2192 is a stack-based buffer overflow in AC9. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21920 is a path traversal in Junos OS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21926 is a vulnerability in Siebel CRM Deployment. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-21932 is a vulnerability in Oracle Java SE. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21939 is a vulnerability in Oracle Database Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-21940 is a vulnerability in Oracle Agile PLM. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-21945 is a vulnerability in Oracle Java SE. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-21955 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21956 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21957 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21967 is a vulnerability in Oracle Hospitality OPERA 5. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-21973: a vulnerability in Oracle FLEXCUBE Investor Servicing. Patched version and vendor advisory inside.
CVE-2026-21976: a vulnerability in Oracle Business Intelligence Enterprise . Patched version and vendor advisory inside.
CVE-2026-21982 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21983 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21984 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21986 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21987 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21988 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21989 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21990 is a vulnerability in Oracle VM VirtualBox. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-21997 - Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life Scie
CVE-2026-22010 - Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financia
CVE-2026-22011 - Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applic
CVE-2026-22016 - Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise O
CVE-2026-2202 is a vulnerability in AC8. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22023 is a path traversal in CryptoLib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22026 is an OS command injection in CryptoLib. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22028 is a vulnerability in preact. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22029 is a vulnerability in react-router. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2203 is a vulnerability in AC8. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22031 is an OS command injection in middie. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22033 is a vulnerability in label-studio. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22035 is an OS command injection in greenshot. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22037 is an OS command injection in fastify-express. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22038 is a vulnerability in AutoGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22046 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22047 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22048: a vulnerability in StorageGRID (formerly StorageGRID Websca. Patched version and vendor advisory inside.
CVE-2026-22069 is a vulnerability in O+ Connect. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22070 - CWE-23 Relative path traversal in ColorOS Assistant. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-22079: a vulnerability in 300Mbps Wireless Router F3 and N300 Easy. Patched version and vendor advisory inside.
CVE-2026-22080: a vulnerability in 300Mbps Wireless Router F3 and N300 Easy. Patched version and vendor advisory inside.
CVE-2026-22081: a vulnerability in 300Mbps Wireless Router F3 and N300 Easy. Patched version and vendor advisory inside.
CVE-2026-22082: a vulnerability in 300Mbps Wireless Router F3 and N300 Easy. Patched version and vendor advisory inside.
CVE-2026-2210 is an OS command injection in DIR-823X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22153 is an access control bypass in FortiOS. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22165 - CWE-416: Use After Free in Graphics DDK. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-22166 - CWE-416: Use After Free in Graphics DDK. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-22167 - CWE - CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer (4.18) in Graphics DDK. Runnable pat
CVE-2026-22168 is a cwe-88 argument injection or modification in OpenClaw. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-22169: OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins in OpenClaw. Patch commands and verification.
CVE-2026-22171: OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming in OpenClaw. Patch commands and verification.
CVE-2026-22175 is a cwe-184: incomplete list of disallowed inputs in OpenClaw. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-22179: OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run in OpenClaw. Patch commands and verification.
CVE-2026-22182 is a missing authorization in Gvectors wpDiscuz. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-2219 is a cwe-835 loop with unreachable exit condition ('infinite loop') in Debian dpkg. This page lists the verified fix and inlin
CVE-2026-22192: Voltronic Power SNMP Web Pro 1.1 Authentication Bypass via localStorage in SNMP Web Pro. Patch commands and verification.
CVE-2026-22194 is a vulnerability in GestSup. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22195 is a SQL injection in GestSup. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22196 is a SQL injection in GestSup. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22197 is a SQL injection in GestSup. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22199: Voltronic Power SNMP Web Pro 1.1 Path Traversal via upload.cgi in SNMP Web Pro. Patch commands and verification.
CVE-2026-22200 is a vulnerability in osTicket. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22205 is a cwe-288 authentication bypass using an alternate path or channel in SPIP SPIP. This page lists the verified fix and inli
CVE-2026-22206 is a SQL injection in SPIP SPIP. This page lists the verified fix and inline mitigations.
CVE-2026-22218 is a path traversal in Chainlit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22219 is a vulnerability in Chainlit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22221 is an OS command injection in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22222 is an OS command injection in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22223 is an OS command injection in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22224 is an OS command injection in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22225 is an OS command injection in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22226 is an OS command injection in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22227 is an OS command injection in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22229 is an OS command injection in Archer BE230 v1.2. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22230 is an access control bypass in eCASE Audit. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-22235 is a vulnerability in eComplaint. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22241 is an unrestricted file upload in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-22243 is a SQL injection in egroupware. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22244 is a server-side template injection in OpenMetadata. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-22245 is a vulnerability in mastodon. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22248: GLPI affected by Remote Code Execution via malicious upload in glpi. Patch commands and verification.
CVE-2026-22249 is a path traversal in docmost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22255 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22256 is a vulnerability in salvo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22257 is a vulnerability in salvo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22258 is a vulnerability in suricata. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22259 is a vulnerability in suricata. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22260 is a vulnerability in suricata. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22264 is an use-after-free in suricata. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22265 is an OS command injection in roxy-wi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22267 is a vulnerability in PowerProtect Data Manager. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22271 is a vulnerability in ObjectScale. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22273 is a vulnerability in ObjectScale. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22277 is an OS command injection in UnityVSA. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22278 is a vulnerability in PowerScale OneFS. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2229 is a cwe-248 uncaught exception in undici. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-2231: a vulnerability in Fluent Booking – The Ultimate Appointmen. Patched version and vendor advisory inside.
CVE-2026-22315: a vulnerability in Meona Client Launcher Component. Patched version and vendor advisory inside.
CVE-2026-22317: Command Injection Vulnerability in Root CA Certificate Transfer Workflow in FL SWITCH 2005. Patch commands and verification.
CVE-2026-2232: a SQL injection in Product Table and List Builder for WooCo. Patched version and vendor advisory inside.
CVE-2026-22322: Stored Cross‑Site Scripting in Link Aggregation Name Handling in FL SWITCH 2005. Patch commands and verification.
CVE-2026-22323: Cross‑Site Request Forgery in Link Aggregation Configuration in FL SWITCH 2005. Patch commands and verification.
CVE-2026-22324 is a vulnerability in Melania. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22333: an unsafe deserialization in YITH WooCommerce Compare. Patched version and vendor advisory inside.
CVE-2026-22344 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22345 is a unsafe deserialization in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery. This pa
CVE-2026-22346 is a unsafe deserialization in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow. This page lists the v
CVE-2026-2235 is a SQL injection in C&Cm@il package olln-base. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-22351 is a missing authorization in Marcus (aka @msykes) WP FullCalendar. This page lists the verified fix and inline mitigations.
CVE-2026-22352 is a cross-site scripting in PersianScript Persian Woocommerce SMS. This page lists the verified fix and inline mitigations.
CVE-2026-22354 is a unsafe deserialization in Dotstore Woocommerce Category Banner Management. This page lists the verified fix and inline m
CVE-2026-22355 is a vulnerability in Simple XML Sitemap. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22356 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Automattic Je
CVE-2026-22357 is a cross-site scripting in Spencer Haws Link Whisper Free. This page lists the verified fix and inline mitigations.
CVE-2026-2236 is a SQL injection in C&Cm@il package olln-base. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-22361 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes A
CVE-2026-22362 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes P
CVE-2026-22363 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes R
CVE-2026-22364 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes S
CVE-2026-22365 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes S
CVE-2026-22366 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes J
CVE-2026-22367 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22368 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes R
CVE-2026-22369 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22370 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in axiomthemes M
CVE-2026-22371 is a vulnerability in Gustavo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22372 is a vulnerability in Isida. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22373 is a vulnerability in Fooddy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22374 is a vulnerability in Zio Alberto. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22375 is a vulnerability in Impacto Patronus. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22376 is a vulnerability in Parkivia. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22377 is a vulnerability in Saveo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22378 is a vulnerability in Blabber. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22379 is a vulnerability in Netmix. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22380 is a vulnerability in UnlimHost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22381: a vulnerability in PawFriends - Pet Shop and Veterinary Wor. Patched version and vendor advisory inside.
CVE-2026-22383: a vulnerability in PawFriends - Pet Shop and Veterinary Wor. Patched version and vendor advisory inside.
CVE-2026-22385 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in don-themes Wo
CVE-2026-22387 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22389 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22392 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22394 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22395 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22397 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22399 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22401 is a vulnerability in Freshio. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22402 is a vulnerability in Triply. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22403 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22405 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22408 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22410 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22412 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22413 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22414 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22415 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22416 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22418 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22419 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22420 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22421 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22423 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Select-Themes
CVE-2026-22424 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22425 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Elated-Themes
CVE-2026-22427 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22428 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22429 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22431 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22432 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22433 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22434 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22435 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22436 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Elated-Themes
CVE-2026-22437 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22438 is a cross-site scripting in foreverpinetree TheBi. This page lists the verified fix and inline mitigations.
CVE-2026-22439 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-2244 is a information exposure in Google Cloud Vertex AI Workbench. This page lists the verified fix and inline mitigations.
CVE-2026-22440 is a cross-site scripting in foreverpinetree Thecs. This page lists the verified fix and inline mitigations.
CVE-2026-22441 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Elated-Themes
CVE-2026-22442 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in LaunchandSell
CVE-2026-22443 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Alli
CVE-2026-22446 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Select-Themes
CVE-2026-22448 is a path traversal in PitchPrint. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22449 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Select-Themes
CVE-2026-22452 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in ThemeREX Hove
CVE-2026-22455 is a cross-site scripting in foreverpinetree Thebe. This page lists the verified fix and inline mitigations.
CVE-2026-22456 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Elated-Themes
CVE-2026-22457 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Mikado-Themes
CVE-2026-22460 is a path traversal in wpWax FormGent. This page lists the verified fix and inline mitigations.
CVE-2026-22464 is a vulnerability in My auctions allegro. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22465 is a cross-site scripting in SeventhQueen BuddyApp. This page lists the verified fix and inline mitigations.
CVE-2026-22467 is a cross-site scripting in mwtemplates DeepDigital. This page lists the verified fix and inline mitigations.
CVE-2026-2247 is a SQL injection in SaaS platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22470: a SQL injection in FireStorm Professional Real Estate. Patched version and vendor advisory inside.
CVE-2026-22471 is a unsafe deserialization in maximsecudeal Secudeal Payments for Ecommerce. This page lists the verified fix and inline mit
CVE-2026-22473 is a unsafe deserialization in designthemes Dental Clinic. This page lists the verified fix and inline mitigations.
CVE-2026-22476 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Elated-Themes
CVE-2026-22477 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in AncoraThemes
CVE-2026-22478 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in Elated-Themes
CVE-2026-22479 is a missing authorization in ThemeRuby Easy Post Submission. This page lists the verified fix and inline mitigations.
CVE-2026-22480: an unsafe deserialization in Product Feed for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-22491 is a vulnerability in My auctions allegro. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22493 is a vulnerability in Gaspard. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22494 is a vulnerability in Good Homes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22495 is a vulnerability in Greenville. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22496 is a vulnerability in Hypnotherapy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22498 is a vulnerability in Laurent. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22499 is a vulnerability in Lella. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2250 is an access control bypass in METIS WIC. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22502 is a vulnerability in Mr. Cobbler. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22503 is a vulnerability in Nelson. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22504 is a vulnerability in ProLingua. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22505 is an unsafe deserialization in Morning Records. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22506 is a vulnerability in Amoli. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22508 is a vulnerability in Dentalux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22509 is a vulnerability in Gioia. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22510 is an unsafe deserialization in Melody. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22511 is a vulnerability in NeoBeat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22512 is a vulnerability in Roisin. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22513 is a vulnerability in Triompher. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22514 is a vulnerability in Unica. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22515 is a vulnerability in VegaDays. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22516 is a vulnerability in Wizor's. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2252 is a XML external entity in Xerox FreeFlow Core. This page lists the verified fix and inline mitigations.
CVE-2026-22520 is a vulnerability in Handmade Framework. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22521 is a vulnerability in Handmade Framework. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22523 is a vulnerability in Ultra WordPress Admin. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22524 is a vulnerability in Legacy Admin. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22535 is a vulnerability in QC 60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22536 is a vulnerability in QC 60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22541 is a denial of service in QC 60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22544 is a vulnerability in QC 60/90/120. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22550 is an OS command injection in WRC-X6000XS-G. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-22554 is a path traversal in MediaInfoLib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22558 is a sql injection in Ubiquiti Inc UniFi Network Application. CVSS 7.7 High. Patch commands, mitigations, and verification.
CVE-2026-22559 is a vulnerability in UniFi Network Server. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-22565 is an improper input validation in UniFi Play Audio Port. This page lists verified fix commands and short-term mitigations yo
CVE-2026-22566 is an access control - generic in UniFi Play Audio Port. This page lists verified fix commands and short-term mitigations you
CVE-2026-22567 is a improper input validation in Zscaler ZIA Admin UI. This page lists the verified fix and inline mitigations.
CVE-2026-22589 is a vulnerability in spree. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22593 is a stack-based buffer overflow in everest-core. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-22594 is an authentication bypass in Ghost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22595 is an access control bypass in Ghost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22598 is an improper input validation in manageiq. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-2260 is an OS command injection in DCS-931L. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22601 is an OS command injection in openproject. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22606 is an unsafe deserialization in fickling. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22607 is an unsafe deserialization in fickling. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22608 is a vulnerability in fickling. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22609 is a vulnerability in fickling. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2261 is a blocklistd(8) socket leak in FreeBSD. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-22610 is a vulnerability in angular. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22612 is an unsafe deserialization in fickling. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-22619 is an uncontrolled search path element in IPP software. This page lists verified fix commands and short-term mitigations you
CVE-2026-2262 is an information disclosure in Easy Appointments. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-22623 is a vulnerability in HS-AFS-S1H1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22627 is a execute unauthorized code or commands in Fortinet FortiSwitchAXFixed. CVSS 7.7 High. Patch commands, mitigations, and ve
CVE-2026-2266: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting') in Enterprise Server. Patch comma
CVE-2026-22661 is a prompts.chat path traversal via skill file handling in F prompts.chat. CVSS 8.6 High. Patch commands, mitigations, and v
CVE-2026-22663 is a prompts.chat authorization bypass information disclosure in F prompts.chat, fixed by the same patch as CVE-2026-22661.
CVE-2026-22664 is a prompts.chat ssrf via fal.ai media status polling in F prompts.chat, fixed by the same patch as CVE-2026-22661.
CVE-2026-22665 is a prompts.chat identity confusion via case-sensitive username handling in F prompts.chat, fixed by the same patch as CVE-2
CVE-2026-22666: Dolibarr ERP/CRM < 23.0.2 Authenticated RCE via dol_eval_standard() in Dolibarr ERP/CRM. Patch commands and verification.
CVE-2026-22676 is an incorrect permission assignment in RMM. This page lists verified fix commands and short-term mitigations you can run to
CVE-2026-2268: an information disclosure in Ninja Forms – The Contact Form Builder T. Patched version and vendor advisory inside.
CVE-2026-22682 is a openharness improper access control via file tools in Hkuds OpenHarness. CVSS 8.4 High. Patch commands, mitigations, and
CVE-2026-22683: Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE in Windmill CE (Community Edition). Patch commands and ver
CVE-2026-22685 is a path traversal in DevToys. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2269 is a unrestricted file upload in uncannyowl Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plug
CVE-2026-22697 is a path traversal in CryptoLib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22698 is a vulnerability in elliptic-curves. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22699 is an improper input validation in elliptic-curves. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-22700 is an improper input validation in elliptic-curves. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-22704 is a vulnerability in issues. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22708 is a vulnerability in cursor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22720 is a cross-site scripting in VMware VMware Aria Operations. This page lists the verified fix and inline mitigations.
CVE-2026-22727: Cloud Foundry unprotected internal endpoints in Cloud Foundry. Patch commands and verification.
CVE-2026-22729 is a security vulnerability in VMWARE Spring AI. CVSS 8.6 High. Patch commands, mitigations, and verification.
CVE-2026-2273: CWE-94 Improper Control of Generation of Code ('Code Injection') in EcoStruxure™ Automation Expert. Patch commands and verifi
CVE-2026-22730: CVE-2026-22730: SQL Injection in Spring AI MariaDBFilterExpressionConverter in Spring AI. Patch commands and verification.
CVE-2026-22731 is a authentication bypass under actuator health groups paths in Spring Boot. CVSS 8.2 High. Patch commands, mitigations, and
CVE-2026-22733: Authentication Bypass under Actuator CloudFoundry endpoints in Spring Security. Patch commands and verification.
CVE-2026-22734 is an authentication bypass by spoofing in UUA. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-22739 is a vulnerability in Spring Cloud. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2274 is a vulnerability in AppSheet Web (Main Server). Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-22742 is a vulnerability in Spring AI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22743 is a vulnerability in Spring AI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22744 is a vulnerability in Spring AI. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22750 is an external control of system or configuration in Spring Cloud Gateway. This page lists verified fix commands and short-te
CVE-2026-22753 - Servlet Path Not Correctly Included in Spring Security. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-22754 - ervlet Path Not Correctly Included in Spring Security. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-22765 is a missing authorization in Dell Wyse Management Suite. This page lists the verified fix and inline mitigations.
CVE-2026-22766 is a unrestricted file upload in Dell Wyse Management Suite. This page lists the verified fix and inline mitigations.
CVE-2026-22767 is a cwe-61: unix symbolic link (symlink) following in Dell AppSync. CVSS 7.3 High. Patch commands, mitigations, and verifica
CVE-2026-22768: CWE-732: Incorrect Permission Assignment for Critical Resource in AppSync. Patch commands and verification.
CVE-2026-22771 is a code injection in gateway. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22774 is a vulnerability in devalue. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22775 is a vulnerability in devalue. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22776 is a vulnerability in cpp-httplib. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22777 is a vulnerability in ComfyUI-Manager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22786 is a path traversal in gin-vue-admin. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22787 is a vulnerability in html2pdf.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22788 is an authentication bypass in WebErpMesv2. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2279 is a SQL injection in myLinksDump. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22790 is a stack-based buffer overflow in everest-core. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-22803 is an OS command injection in kit. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22804 is a vulnerability in Termix. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22807 is a code injection in vllm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22810 is a path traversal in joplin. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22812 is an authentication bypass in opencode. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-22814 is a vulnerability in lucid. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22816 is a local privilege escalation in gradle. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22817 is an authentication bypass in hono. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22818 is an authentication bypass in hono. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22828 is a heap buffer overflow in FortiAnalyzer Cloud. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-22849 is a vulnerability in saleor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22850 is a SQL injection in koko-analytics. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22860 is a path traversal in rack. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22861 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22862 is an improper input validation in go-ethereum. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-22864 is an OS command injection in deno. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22865 is a code injection in gradle. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22867 is a vulnerability in docs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22868 is an improper input validation in go-ethereum. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-22869 is a code injection in eigent. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22870 is a vulnerability in guarddog. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22871 is a path traversal in guarddog. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22897 is an OS command injection in QuNetSwitch. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-22905 is a path traversal in 0852-1322. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22909 is an access control bypass in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-2291 is a integer overflow or wraparound in dnsmasq. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-22910 is a vulnerability in TDC-X401GL. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22923 is a stack-based buffer overflow in NX. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-22925 is a denial of service in SIMATIC CN 4100. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-2293 is a incorrect authorization in nest.js nest.js. This page lists the verified fix and inline mitigations.
CVE-2026-2296: a code injection in Product Addons for Woocommerce – Product. Patched version and vendor advisory inside.
CVE-2026-22980 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22988 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22990 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22991 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22992 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22997 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22998 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-22999 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23001 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23003 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23004 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23010 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23013 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23014 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23066 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23074 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23077 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23095 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23098 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23103 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23105 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23111 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23136 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23139 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23148 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23161 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23169 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23171 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23172 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23175 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23178 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23180 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23184 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23185 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23191 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23192 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23193 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23195 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23198 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23204 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23209 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23222 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23224 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23225 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23226 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23227 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23230 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23231 is a security vulnerability in Linux Linux. This page lists the verified fix and inline mitigations.
CVE-2026-23236 is a security vulnerability in Linux Linux. This page lists the verified fix and inline mitigations.
CVE-2026-23239 is a espintcp: fix race condition in espintcp_close() in Linux. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing in Linux. Patch commands and verification.
CVE-2026-23243 is a rdma/umad: reject negative data_len in ib_umad_write in Linux. CVSS 7.8 High. Patch commands, mitigations, and verificat
CVE-2026-23245 is a net/sched: act_gate: snapshot parameters with rcu on replace in Linux. CVSS 7.8 High. Patch commands, mitigations, and v
CVE-2026-23246: wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration in Linux. Patch commands and verification.
CVE-2026-23248 is a perf/core: fix refcount bug and potential uaf in perf_mmap in Linux. CVSS 7.8 High. Patch commands, mitigations, and ver
CVE-2026-23253: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen in Linux. Patch commands and verification.
CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management in Linux. Patch commands and verification.
CVE-2026-23269 is a apparmor: validate dfa start states are in bounds in unpack_pdb in Linux. CVSS 7.1 High. Patch commands, mitigations, an
CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks in Linux. Patch commands and verification.
CVE-2026-23271 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23272 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23273 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23274 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23275 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23278 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2328 is a path traversal in Device Sphere. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23280 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23288 is an out-of-bounds write in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23294 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23306 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23317 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2332 is an inconsistent interpretation of http requests in Eclipse Jetty. This page lists verified fix commands and short-term miti
CVE-2026-23336 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23340 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23350 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23351 is a denial of service in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2336 is an insufficient entropy in IStaX. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23364 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2337 is a vulnerability in Plunet BusinessManager. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-23372 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23378 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23383 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2339: RCE in TUBITAK BILGEM's Liderahenk in Liderahenk. Patch commands and verification.
CVE-2026-23391 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23392 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23393 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23395 is a vulnerability in Linux. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23406 is a apparmor: fix side-effect bug in match_char() macro usage in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23407 is a apparmor: fix missing bounds check on default table in verify_dfa() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23408 is a apparmor: fix double free of ns_name in aa_replace_profiles() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23410 is a apparmor: fix race on rawdata dereference in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23411 is a apparmor: fix race between freeing data and fs accessing it in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23412 is a netfilter: bpf: defer hook memory release until rcu readers are done in Linux, fixed by the same patch as CVE-2026-23401
CVE-2026-23413 is a clsact: fix use-after-free in init/destroy rollback asymmetry in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23414 is a tls: purge async_hold in tls_decrypt_async_wait() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23415 is a futex: fix uaf between futex_key_to_node_opt() and vma_replace_policy() in Linux, fixed by the same patch as CVE-2026-23
CVE-2026-23419 is a net/rds: fix circular locking dependency in rds_tcp_tune in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23424 is a accel/amdxdna: validate command buffer payload count in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23425 is a kvm: arm64: fix id register initialization for non-protected pkvm guests in Linux, fixed by the same patch as CVE-2026-2
CVE-2026-23429 is a iommu/sva: fix crash in iommu_sva_unbind_device() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23432 is a mshv: fix use-after-free in mshv_map_user_memory error path in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23434 is a mtd: rawnand: serialize lock/unlock against other nand operations in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23437 is a net: shaper: protect late read accesses to the hierarchy in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-2344 is a vulnerability in Plunet BusinessManager. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-23440 is a net/mlx5e: fix race condition during ipsec esn update in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23444 is a wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure in Linux, fixed by the same patch as CVE-2026-2340
CVE-2026-23445 is a igc: fix page fault in xdp tx timestamps handling in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23449 is a net/sched: teql: fix double-free in teql_master_xmit in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23451 is a bonding: prevent potential infinite loop in bond_header_parse() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23453 is a net: ti: icssg-prueth: fix memory leak in xdp_drop for non-zero-copy mode in Linux, fixed by the same patch as CVE-2026-
CVE-2026-23456 is a netfilter: nf_conntrack_h323: fix oob read in decode_int() cons case in Linux, fixed by the same patch as CVE-2026-23401
CVE-2026-23457 is a netfilter: nf_conntrack_sip: fix content-length u32 truncation in sip_help_tcp() in Linux, fixed by the same patch as CV
CVE-2026-23458 is a netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23459 is a ip_tunnel: adapt iptunnel_xmit_stats() to netdev_pcpu_stat_dstats in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23461 is a bluetooth: l2cap: fix use-after-free in l2cap_unregister_user in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23462 is a bluetooth: hidp: fix possible uaf in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23466 is a drm/xe: open-code ggtt mmio access protection in Linux, fixed by the same patch as CVE-2026-23401.
CVE-2026-23477 is a vulnerability in Rocket.Chat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23479 is a use after free in redis. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-23482 is a path traversal in blinko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23490 is an OS command injection in pyasn1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23492 is a SQL injection in pimcore. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23493 is a vulnerability in pimcore. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23498 is a code injection in shopware. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23499 is a vulnerability in saleor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23512 is a vulnerability in sumatrapdf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23514 is a vulnerability in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23516 is a vulnerability in cvat. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23519 is a vulnerability in utils. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23526 is a local privilege escalation in cvat. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23527 is a vulnerability in h3. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23529: an arbitrary file read in bigquery-connector-for-apache-kafka. Patched version and vendor advisory inside.
CVE-2026-23530 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23531 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23532 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23533 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23534 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23535 is a path traversal in wlc. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23536 is a path traversal in Red Hat OpenShift AI (RHOAI). Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-23541 is a vulnerability in Mail Mint. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23544 is an unsafe deserialization in Valenti. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23547 is a vulnerability in CMSMasters Content Composer. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-23572 is an access control bypass in Remote. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2359 is a cwe-772 in expressjs multer. This page lists the verified fix and inline mitigations.
CVE-2026-23592: a vulnerability in HPE Aruba Networking Fabric Composer. Patched version and vendor advisory inside.
CVE-2026-23593: a vulnerability in HPE Aruba Networking Fabric Composer. Patched version and vendor advisory inside.
CVE-2026-23595: a vulnerability in HPE Aruba Networking Private 5G Core. Patched version and vendor advisory inside.
CVE-2026-23599: a vulnerability in HPE Aruba Networking ClearPass Policy Ma. Patched version and vendor advisory inside.
CVE-2026-2360 is a vulnerability in PostgreSQL Anonymizer. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-2361 is a vulnerability in PostgreSQL Anonymizer. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-23622 is a vulnerability in easyappointments. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23625 is a vulnerability in openproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23627 is a SQL injection in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-2364 is a codesys installer toctou privilege escalation in CODESYS Installer. CVSS 7.3 High. Patch commands, mitigations, and verif
CVE-2026-23644 is a path traversal in esm.sh. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23648 is an arbitrary file read in RBG-100. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2365 is a cross-site scripting in techjewel Fluent Forms Pro Add On Pack. This page lists the verified fix and inline mitigations.
CVE-2026-23654: GitHub: Zero Shot SCFoundation Remote Code Execution in GitHub Repo: Zero Shot scFoundation. Patch commands and verification
CVE-2026-23657 is an use-after-free in Microsoft Office. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23658: Azure DevOps: msazure Elevation of Privilege in Azure DevOps: msazure. Patch commands and verification.
CVE-2026-23659: Azure Data Factory Information Disclosure in Azure Data Factory. Patch commands and verification.
CVE-2026-23660: Windows Admin Center in Azure Portal Elevation of Privilege in Windows Admin Center in Azure Portal. Patch commands and veri
CVE-2026-23661: Azure IoT Explorer Information Disclosure in Azure IoT Explorer. Patch commands and verification.
CVE-2026-23662: Azure IoT Explorer Information Disclosure in Azure IoT Explorer. Patch commands and verification.
CVE-2026-23663: a local privilege escalation in Microsoft Global Secure Access (GSA). Patched version and vendor advisory inside.
CVE-2026-23664: Azure IoT Explorer Information Disclosure in Azure IoT Explorer. Patch commands and verification.
CVE-2026-23665: Linux Azure Diagnostic extension (LAD) Elevation of Privilege in Azure Linux Virtual Machines with Azure Diagnostics extensi
CVE-2026-23666 is a vulnerability in Microsoft .NET Framework 3.5. This page lists verified fix commands and short-term mitigations you can
CVE-2026-23667 is a broadcast dvr elevation of privilege in Microsoft Windows 10 Version 1809. CVSS 7 High. Patch commands, mitigations, and
CVE-2026-23668: Windows Graphics Component Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-23669: RPC Runtime Library Remote Code Execution in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-23671: Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-23672 is a cwe-125: out-of-bounds read in Microsoft Windows 10 Version 1607. CVSS 7.8 High. Patch commands, mitigations, and verifi
CVE-2026-23673: Windows Resilient File System (ReFS) Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-23674: MapUrlToZone Security Feature Bypass in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-23678 is a OS command injection in Binardat Ltd. 10G08-0800GSM Network Switch. This page lists the verified fix and inline mitigati
CVE-2026-2368 is a cwe-295: improper certificate validation in Lenovo FileZ. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-23687: an authentication bypass in SAP NetWeaver AS ABAP and ABAP Platform. Patched version and vendor advisory inside.
CVE-2026-23689: a denial of service in SAP Supply Chain Management. Patched version and vendor advisory inside.
CVE-2026-23699 is an OS command injection in AP180(JA) V1.xx. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2370 is a path traversal in GitLab. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23702 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-23703 is a incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series. This page lists the verified fix and inline m
CVE-2026-23715 is an OS command injection in Simcenter Femap. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-23716 is a path traversal in Simcenter Femap. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23717 is a path traversal in Simcenter Femap. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23718 is a path traversal in Simcenter Femap. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23719 is a path traversal in Simcenter Femap. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23720 is a path traversal in Simcenter Femap. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23723 is a SQL injection in WeGIA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23735 is a vulnerability in graphql-modules. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23736 is an unsafe deserialization in seroval. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23737 is an unsafe deserialization in seroval. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23742 is a code injection in skipper. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23745 is a path traversal in node-tar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23750 is a heap buffer overflow in Golioth Pouch. This page lists the verified fix and inline mitigations.
CVE-2026-23754 is a vulnerability in D-View 8. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23755 is a vulnerability in D-View 8. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23759: Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps' in IOLAN STS. Patch commands and verification.
CVE-2026-23763 is a vulnerability in Matrix. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23772 is an improper privilege management in Storage Manager. This page lists verified fix commands and short-term mitigations you
CVE-2026-23774 is an OS command injection in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations you
CVE-2026-23775 is a cwe-532: insertion of sensitive information into in PowerProtect Data Domain appliances. This page lists verified fix co
CVE-2026-23776 is a cwe-295: improper certificate validation in PowerProtect Data Domain. This page lists verified fix commands and short-te
CVE-2026-23778 is a command injection in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations you can
CVE-2026-2378 is a vulnerability in ArcSearch. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23780 is a SQL injection in An. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23782 is an access control in An. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-23798 is a unsafe deserialization in blubrry PowerPress Podcasting. This page lists the verified fix and inline mitigations.
CVE-2026-23801 is a improper control of filename for include/require statement in php program ('php remote file inclusion') in fuelthemes Th
CVE-2026-23803 is a vulnerability in Smart Auto Upload Images. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-23805 is a SQL injection in Media Search Enhanced. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-23806 is a vulnerability in Jobs for WordPress. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-23807: a vulnerability in WP Telegram Widget and Join Link. Patched version and vendor advisory inside.
CVE-2026-23814: Authenticated Command Injection found in AOS-CX CLI Command in AOS-CX. Patch commands and verification.
CVE-2026-23815: Authenticated Command Injection found in AOS-CX Administrative CLI Command in AOS-CX. Patch commands and verification.
CVE-2026-23816: Authenticated Command Injection found in admin AOS-CX CLI command in AOS-CX. Patch commands and verification.
CVE-2026-23818: Open Redirect Vulnerability in HPE Aruba Networking Private 5G Core On-Prem in Private 5G Core. Patch commands and verificat
CVE-2026-23819 is a vulnerability in ArubaOS (AOS). Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23820 is a vulnerability in ArubaOS (AOS). Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23821 is a vulnerability in ArubaOS (AOS). Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23823 is an OS command injection in ArubaOS (AOS). Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-23824: a vulnerability in HPE Aruba Networking Wireless Operating . Patched version and vendor advisory inside.
CVE-2026-23825: a vulnerability in HPE Aruba Networking Wireless Operating . Patched version and vendor advisory inside.
CVE-2026-23826: a vulnerability in HPE Aruba Networking Wireless Operating . Patched version and vendor advisory inside.
CVE-2026-23827: a vulnerability in HPE Aruba Networking Wireless Operating . Patched version and vendor advisory inside.
CVE-2026-23838 is a vulnerability in nixpkgs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23842 is a vulnerability in ChatterBot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23843 is a vulnerability in teklifolustur_app. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23846 is a vulnerability in tugtainer. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23850 is a path traversal in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23851 is a path traversal in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23853 is a cwe-1391: use of weak credentials in PowerProtect Data Domain. This page lists verified fix commands and short-term miti
CVE-2026-23856 is an access control bypass in iDRAC Service Module. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-23857 is a vulnerability in Update Package. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23862: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in ThinOS 10. Patch commands and
CVE-2026-23869: (CWE-502) Deserialization of Untrusted Data, (CWE-400) Uncontrolled Resource Consumption in react-server-dom-turbopack. Patc
CVE-2026-23870 (cwe-502) deserialization of untrusted data, (cwe-400) uncontrolled resource con in react-server-dom-turbopack. Runnable upgr
CVE-2026-23876 is a path traversal in ImageMagick. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23880 is an improper input validation in OnboardLite. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-23881 is an OS command injection in kyverno. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23882 is an OS command injection in blinko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23883 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23884 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23896 is a vulnerability in immich. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23897 is a vulnerability in apollo-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23898: bundle sibling of CVE-2026-21629. Same patched build closes both.
CVE-2026-23899: bundle sibling of CVE-2026-21629. Same patched build closes both.
CVE-2026-23902 - CWE-863 Incorrect Authorization in Apache DolphinScheduler. Runnable patch commands, mitigation, and verification on this p
CVE-2026-23918 is a double free in Apache HTTP Server. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-23919 is a vulnerability in Zabbix. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23920 is an OS command injection in Zabbix. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23921 is a SQL injection in Zabbix. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23926 improper neutralization of input during web page generation ('cross-site scripti in Zabbix. Runnable upgrade commands and ver
CVE-2026-23928 improper neutralization of input during web page generation ('cross-site scripti in Zabbix. Runnable upgrade commands and ver
CVE-2026-2393 is a server-side request forgery (ssrf) in mlflow/mlflow. Patched version, runnable upgrade commands, and how to verify the fi
CVE-2026-23940 is a denial of service via oversized package upload in hexpm. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-23941: Request smuggling via first-wins Content-Length parsing in inets httpd in OTP. Patch commands and verification.
CVE-2026-23944 is an authentication bypass in arcane. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23949 is a path traversal in jaraco.context. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23950 is a vulnerability in node-tar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23953 is a vulnerability in incus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23954 is a path traversal in incus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23956 is an unsafe deserialization in seroval. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23957 is an unsafe deserialization in seroval. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-23958 is a path traversal in dataease. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23960 is a vulnerability in argo-workflows. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23962 is an OS command injection in mastodon. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-23965 is an authentication bypass in sm-crypto. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-23967 is an authentication bypass in sm-crypto. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-23971 is an unsafe deserialization in WoodMart. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-23973 is a vulnerability in Golo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23975 is a vulnerability in Golo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23977: a vulnerability in Helpdesk Support Ticket System for WooCo. Patched version and vendor advisory inside.
CVE-2026-23978 is a vulnerability in Gyan Elements. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23979 is a vulnerability in Gyan Elements. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23982 is a incorrect authorization in Apache Software Foundation Apache Superset. This page lists the verified fix and inline mitig
CVE-2026-23984 is a incorrect authorization in Apache Software Foundation Apache Superset. This page lists the verified fix and inline mitig
CVE-2026-23988 is a vulnerability in rufus. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23989 is an access control bypass in reva. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23995 is a stack-based buffer overflow in everest-core. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-23997 is a vulnerability in facturascripts. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-23998 is an authentication bypass in fleet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24006 is an unsafe deserialization in seroval. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24009 is an unsafe deserialization in docling-core. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24010 is a vulnerability in horilla. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24016 is a vulnerability in ServerView Agents for Windows. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-24017 is a improper access control in Fortinet FortiWeb. CVSS 7.3 High. Patch commands, mitigations, and verification.
CVE-2026-24018 is a escalation of privilege in Fortinet FortiClientLinux. CVSS 7.4 High. Patch commands, mitigations, and verification.
CVE-2026-24031 is a SQL injection in OX Dovecot Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24032 is a vulnerability in SINEC NMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-24038 is an authentication bypass in horilla. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24045 is a vulnerability in docmost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24046 is a path traversal in backstage. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24049 is a path traversal in wheel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24051 is a vulnerability in opentelemetry-go. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24052 is a vulnerability in claude-code. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24053 is a path traversal in claude-code. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24054 is a denial of service in kata-containers. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24058 is a vulnerability in soft-serve. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24062: CWE-306 Missing authentication for critical function in Software Center. Patch commands and verification.
CVE-2026-24063: World-writable uninstall script executed as root in Arturia Software Center in Software Center. Patch commands and verificat
CVE-2026-24072 is a improper privilege management in Apache HTTP Server. Patched version, runnable upgrade commands, and how to verify the f
CVE-2026-24082 is a use after free in Snapdragon. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-24112 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24114 is a buffer overflow in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-24123 is a path traversal in BentoML. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24124 is an authentication bypass in dragonfly. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24129 is an OS command injection in runtipi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2413: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Ally – Web Accessibility & Usa
CVE-2026-24132 is an OS command injection in orval. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24133 is an OS command injection in jsPDF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24135 is a path traversal in gogs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24136 is a vulnerability in saleor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24138 is a vulnerability in fogproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24139 is a vulnerability in MyTube. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24141: an unsafe deserialization in NVIDIA Model Optimizer. Patched version and vendor advisory inside.
CVE-2026-24146: Memory Allocation with Excessive Size Value in Triton Inference Server. Patch commands and verification.
CVE-2026-24148: Initialization of a Resource with an Insecure Default in Jetson Xavier Series and Jetson Orin Series. Patch commands and ver
CVE-2026-24149 is a code injection in Megatron-LM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2415 is a vulnerability in pretix. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24150 is an unsafe deserialization in Megatron LM. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24151 is an unsafe deserialization in Megatron LM. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24152 is an unsafe deserialization in Megatron LM. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24154: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Jetson Xavier Series, Jetson O
CVE-2026-24156 is a deserialization of untrusted data in Nvidia DALI. CVSS 7.3 High. Patch commands, mitigations, and verification.
CVE-2026-24157 is an unsafe deserialization in NeMo Framework. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24158: an OS command injection in Triton Inference Server. Patched version and vendor advisory inside.
CVE-2026-24159 is an unsafe deserialization in NeMo Framework. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-2416 is a SQL injection in cyberhobo Geo Mashup. This page lists the verified fix and inline mitigations.
CVE-2026-24163 is an unsafe deserialization in TensorRT-LLM. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24164 is a deserialization of untrusted data in Nvidia BioNeMo Framework. CVSS 8.8 High. Patch commands, mitigations, and verificat
CVE-2026-24165 is a deserialization of untrusted data in Nvidia BioNeMo Framework. CVSS 7.8 High. Patch commands, mitigations, and verificat
CVE-2026-24173 is a integer overflow or wraparound in Nvidia Triton Inference Server, fixed by the same patch as CVE-2026-24146.
CVE-2026-24174 is a incorrect conversion between numeric types in Nvidia Triton Inference Server, fixed by the same patch as CVE-2026-24146.
CVE-2026-24175 is a uncaught exception in Nvidia Triton Inference Server, fixed by the same patch as CVE-2026-24146.
CVE-2026-24177 - CWE-306 Missing Authentication for Critical Function in KAI Scheduler. Runnable patch commands, mitigation, and verificatio
CVE-2026-24186 - CWE-502 Deserialization of Untrusted Data in FLARE SDK. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-24188 is an OS command injection in TensorRT. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24189 - CWE-125 Out-of-bounds Read in CUDA-Q. Runnable patch commands, mitigation, and verification on this page.
CVE-2026-24206: an authentication bypass in Triton Inference Server. Patched version and vendor advisory inside.
CVE-2026-24209 is a path traversal in Triton Inference Server. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24210 is a vulnerability in Triton Inference Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24213 is an out-of-bounds read in Triton Inference Server. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-24214 is a vulnerability in Triton Inference Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24216 is an unsafe deserialization in BioNeMo Framework. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24217 is a path traversal in BioNeMo Framework. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24218 is a vulnerability in DGX Spark. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24222 - CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere in NemoClaw. Runnable patch commands, mi
CVE-2026-2428 is a cwe-345 insufficient verification of data authenticity in techjewel Fluent Forms Pro Add On Pack. This page lists the ver
CVE-2026-24283: Multiple UNC Provider Kernel Driver Elevation of Privilege in Windows 11 Version 24H2. Patch commands and verification.
CVE-2026-24285 is a win32k elevation of privilege in Microsoft Office for Android. CVSS 7 High. Patch commands, mitigations, and verificatio
CVE-2026-24287: Windows Kernel Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2026-24289: Windows Kernel Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-24290: Windows Projected File System Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2026-24291: CWE-732: Incorrect Permission Assignment for Critical Resource in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-24292: Windows Connected Devices Platform Service Elevation of Privilege in Windows 10 Version 1809. Patch commands and verificatio
CVE-2026-24293 is a cwe-476: null pointer dereference in Microsoft Windows 10 Version 21H2. CVSS 7.8 High. Patch commands, mitigations, and
CVE-2026-24294: Windows SMB Server Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-24295: Windows Device Association Service Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-24296: Windows Device Association Service Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-24302 is an access control bypass in Azure ARC. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-24322: a vulnerability in SAP Solution Tools Plug-In (ST-PI). Patched version and vendor advisory inside.
CVE-2026-24344 is a vulnerability in EZCast Pro II. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24346 is a hard-coded credentials in EZCast Pro II. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24348 is an improper input validation in EZCast Pro II. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24359 is an authentication bypass in Dokan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24363: a vulnerability in WP Cost Estimation & Payment Forms Build. Patched version and vendor advisory inside.
CVE-2026-24367 is a SQL injection in Traveler. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24369 is a vulnerability in The Grid. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24372: an authentication bypass in Subscriptions for WooCommerce. Patched version and vendor advisory inside.
CVE-2026-24373 is a vulnerability in RegistrationMagic. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24382 is a vulnerability in News Magazine X. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24385 is a unsafe deserialization in gerritvanaaken Podlove Web Player. This page lists the verified fix and inline mitigations.
CVE-2026-24390 is a vulnerability in Kentha Elementor Widgets. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24391 is a vulnerability in Car Dealer. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2440: a vulnerability in SurveyJS: Drag & Drop Form Builder. Patched version and vendor advisory inside.
CVE-2026-24400 is a XML external entity (XXE) in assertj. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24403 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24404 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24405 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24406 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24407 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24409 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24410 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24411 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24412 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24416 is a SQL injection in openstamanager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24417 is a SQL injection in openstamanager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24418 is a SQL injection in openstamanager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24419 is a SQL injection in openstamanager. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24425 is an authentication bypass in Twig. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24428 is an access control bypass in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24430 is a vulnerability in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24431 is a vulnerability in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24435 is a code injection in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24440 is a vulnerability in W30E V2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24441 is a vulnerability in Tenda AC7. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24443 is a cwe-620 unverified password change in NETIKUS.NET ltd EventSentry. This page lists the verified fix and inline mitigatio
CVE-2026-24445 is a cwe-307 in EV Energy ev.energy. This page lists the verified fix and inline mitigations.
CVE-2026-24450 is a cwe-190: integer overflow or wraparound in LibRaw, fixed by the same patch as CVE-2026-20884.
CVE-2026-24452 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-24455 is a vulnerability in USR-W610. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24458: DoS attack via login attempts with multi-megabyte passwords in Mattermost. Patch commands and verification.
CVE-2026-24469 is a path traversal in http-server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24470 is a vulnerability in skipper. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24477 is a vulnerability in anything-llm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24478 is a path traversal in anything-llm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2448 is a path traversal in gpriday Page Builder by SiteOrigin. This page lists the verified fix and inline mitigations.
CVE-2026-24480 is an access control bypass in QGIS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24481 is a out-of-bounds read in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-24485 is a denial of service via resource consumption in ImageMagick ImageMagick. This page lists the verified fix and inline mitig
CVE-2026-24486 is a path traversal in python-multipart. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24490: a vulnerability in Mobile-Security-Framework-MobSF. Patched version and vendor advisory inside.
CVE-2026-24491 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24497 is a stack buffer overflow in SimTech Systems, Inc. ThinkWise. This page lists the verified fix and inline mitigations.
CVE-2026-2450 is a .net misconfiguration: use of impersonation in upKeeper Instant Privilege Access. This page lists verified fix commands a
CVE-2026-24502 is a uncontrolled search path element in Dell Dell Command | Intel vPro Out of Band. This page lists the verified fix and inl
CVE-2026-24504 is an improper input validation in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations
CVE-2026-24505 is an improper input validation in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations
CVE-2026-24506 is an OS command injection in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations you
CVE-2026-2451 is a vulnerability in pretix-doistep. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24512 is an improper input validation in ingress-nginx. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24517 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-2452 is a vulnerability in pretix-newsletter. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24531 is a vulnerability in Prowess. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24538 is a vulnerability in Omnipress. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24572 is a SQL injection in Nelio Content. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2459 is a cwe-267 privilege defined with unsafe actions in Hitachi Energy Relion REB500. This page lists the verified fix and inlin
CVE-2026-2460 is a cwe-267 privilege defined with unsafe actions in Hitachi Energy Relion REB500. This page lists the verified fix and inlin
CVE-2026-24608 is a vulnerability in Laurent Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24609 is a vulnerability in Laurent. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24623 is a vulnerability in Neoforum. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24624 is a SQL injection in Neoforum. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24635 is a vulnerability in EduBlink Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2464: a path traversal in AMR Printer Management Beta web service. Patched version and vendor advisory inside.
CVE-2026-2465 is an access control bypass in Turboard FOR-S. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2466 is a dukapress <= 3.2.4 - reflected xss in the vendor DukaPress. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-24660 is a cwe-190: integer overflow or wraparound in LibRaw, fixed by the same patch as CVE-2026-20884.
CVE-2026-24665 is a vulnerability in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24669 is a vulnerability in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24672 is a vulnerability in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24675 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24676 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24677 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24678 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24679 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2468 is a SQL injection in Quentn WP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24680 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24681 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24682 is a path traversal in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24683 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24684 is an use-after-free in FreeRDP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24689 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-2469 is a vulnerability in directorytree/imapengine. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24694 is a vulnerability in Roland Cloud Manager. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24695 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-24696 is a cwe-307 in Everon api.everon.io. This page lists the verified fix and inline mitigations.
CVE-2026-24708 is a vulnerability in Nova. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2471 is a unsafe deserialization in smub WP Mail Logging. This page lists the verified fix and inline mitigations.
CVE-2026-24714 is a vulnerability in NETGEAR products. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2472 is a vulnerability in Vertex AI SDK for Python. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2473 is a vulnerability in Vertex AI Experiments. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24737 is a vulnerability in jsPDF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24740 is an access control bypass in dozzle. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24741 is a path traversal in ConvertX. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24747 is an unsafe deserialization in pytorch. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24750 is a vulnerability in Secure Data Forms. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2476: MS Teams plugin sensitive config values not properly masked in support packets in Mattermost. Patch commands and verification
CVE-2026-24763 is an OS command injection in clawdbot. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24765 is an unsafe deserialization in phpunit. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-24769 is a vulnerability in nocodb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24772 is a vulnerability in openproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24773 is a vulnerability in openeclass. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24778 is a vulnerability in Ghost. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24779 is a vulnerability in vllm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24780 is an access control bypass in AutoGPT. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24783 is a vulnerability in soroban-fixed-point-math. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24785 is a vulnerability in clatter. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24788 is an OS command injection in raspap-webgui. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24790: an authentication bypass in OdorEyes EcoSystem Pulse Bypass System w. Patched version and vendor advisory inside.
CVE-2026-24792 is a race condition in OpenHarmony. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24808 is a vulnerability in RawTherapee. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24813 is a vulnerability in SKRoot-linuxKernelRoot. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24817 is an OS command injection in UEVR. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24827 is an OS command injection in Commander-Genius. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24828 is a vulnerability in is-Engine. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24831 is a denial of service in ixray-1.6-stcop. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24833 is a vulnerability in Dnn.Platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24835 is an access control bypass in podman-desktop. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24836 is a vulnerability in Dnn.Platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24837 is a vulnerability in Dnn.Platform. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24840 is a hard-coded credentials in dokploy. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24842 is a path traversal in node-tar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24843 is a path traversal in melange. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24844 is an OS command injection in melange. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24848 is a path traversal in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-24853 is an authentication bypass in caido. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24854 is a SQL injection in CRM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24855 is a vulnerability in CRM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24856 is an improper input validation in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24873 is a path traversal in lpp-vita. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24875 is a vulnerability in modizer. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24880 is an inconsistent interpretation of http requests in Apache Tomcat. This page lists verified fix commands and short-term mit
CVE-2026-24881 is a stack-based buffer overflow in GnuPG. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24882 is a stack-based buffer overflow in GnuPG. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24884 is a vulnerability in compressing. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24887 is an OS command injection in claude-code. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24890 is a improper authorization in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-24891 is an unsafe deserialization in openITCOCKPIT. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24892 is an unsafe deserialization in openITCOCKPIT. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-24893 is an improper input validation in openITCOCKPIT. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-24894 is a vulnerability in frankenphp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24895 is a vulnerability in frankenphp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24899 is an authentication bypass in fleet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24901 is a cwe-639: authorization bypass through user-controlled key in outline. CVSS 8.1 High. Patch commands, mitigations, and ve
CVE-2026-24902 is a vulnerability in TrustTunnel. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24912 is a cwe-613 in ePower epower.ie. This page lists the verified fix and inline mitigations.
CVE-2026-24913: Improper neutralization of special elements used in an SQL command ('SQL Injection') in MATCHA INVOICE. Patch commands and v
CVE-2026-2492 is a vulnerability in TensorFlow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24925 is a path traversal in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24926 is an OS command injection in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-2493: IceWarp collaboration Directory Traversal Information Disclosure in IceWarp. Patch commands and verification.
CVE-2026-24930 is a vulnerability in HarmonyOS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24932 is a code injection in ADM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24933 is a code injection in ADM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24941 is a vulnerability in WP Job Portal. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24943 is a vulnerability in Grand Conference. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24948 is a vulnerability in Reflector. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24949 is a vulnerability in PhotoMe. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2495: a SQL injection in WPNakama – Team and multi-Client Collabo. Patched version and vendor advisory inside.
CVE-2026-24950 is a vulnerability in Authorsy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24954 is an unsafe deserialization in WpEvently. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-24955 is a vulnerability in Whizz Plugins. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24959 is a SQL injection in JS Help Desk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24963 is a incorrect privilege assignment in ameliabooking Amelia. This page lists the verified fix and inline mitigations.
CVE-2026-24969 is a path traversal in Instant VA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24970 is a path traversal in Energox. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24973 is a vulnerability in CitiLights. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24974 is an unsafe deserialization in CitiLights. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-24975 is a vulnerability in Organici Library. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24976 is an unsafe deserialization in Organici Library. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-24977 is a SQL injection in Organici Library. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-24978 is an unsafe deserialization in Jobica Core. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-24979 is a vulnerability in Jobica Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24980 is a vulnerability in Visionary Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-24981 is an unsafe deserialization in Visionary Core. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-24983 is a vulnerability in UpSolution Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25001 is a code injection in Post Snippets. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25002: an authentication bypass in LearnPress – Sepay Payment. Patched version and vendor advisory inside.
CVE-2026-25007: a SQL injection in ElementInvader Addons for Elementor. Patched version and vendor advisory inside.
CVE-2026-25013 is a vulnerability in Phox Hosting. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25017 is a vulnerability in NaturaLife Extensions. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25018 is a vulnerability in NaturaLife Extensions. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25022 is a SQL injection in KiviCare. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25025 is a vulnerability in VikRestaurants. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25026 is a vulnerability in Team. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25027 is a vulnerability in Unicamp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25033 is a vulnerability in Motta Addons. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25037 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-25041 is a budibase has a command injection in postgresql dump command in budibase. CVSS 8.6 High. Patch commands, mitigations, and
CVE-2026-25044 is a budibase: command injection in bash automation step in budibase, fixed by the same patch as CVE-2026-25043.
CVE-2026-25045 is a cwe-862: missing authorization in budibase. CVSS 8.7 High. Patch commands, mitigations, and verification.
CVE-2026-25048 is a uncontrolled recursion in mlc-ai xgrammar. This page lists the verified fix and inline mitigations.
CVE-2026-25051 is a vulnerability in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25054 is a vulnerability in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25055 is a path traversal in n8n. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25058 is a missing authentication in vexa. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25059 is a path traversal in OpenList. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25060 is a vulnerability in OpenList. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25063 is an OS command injection in gradle-completion. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-2507 is a vulnerability in BIG-IP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25071: XikeStor SKS8310-8X switch_config.src Missing Authentication in XikeStor SKS8310-8X. Patch commands and verification.
CVE-2026-25072: XikeStor SKS8310-8X Predictable Session Identifiers in XikeStor SKS8310-8X. Patch commands and verification.
CVE-2026-25075 is a vulnerability in strongSwan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25076: Anchore Enterprise GraphQL Reports API SQL injection in Anchore Enterprise. Patch commands and verification.
CVE-2026-25077 improper control of generation of code ('code injection') in Apache CloudStack. Runnable upgrade commands and verification st
CVE-2026-25083 is a missing authorization in Growi, Inc. GROWI. CVSS 8.3 High. Patch commands, mitigations, and verification.
CVE-2026-25085 is a cwe-394 in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-25086 is a vulnerability in WebCTRL Premium Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25099 is an unrestricted file upload in Bludit. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25105 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-25109 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-2511: a SQL injection in JS Help Desk – AI-Powered Support & Tick. Patched version and vendor advisory inside.
CVE-2026-25111 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-25113 is a cwe-307 improper restriction of excessive authentication attempts in SWITCH EV swtchenergy.com. This page lists the veri
CVE-2026-25114 is a cwe-307 in CloudCharge cloudcharge.se. This page lists the verified fix and inline mitigations.
CVE-2026-25116 is a path traversal in runtipi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25117 is an improper input validation in dojo. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25121 is a path traversal in apko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25126 is an improper input validation in PolarLearn. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25127 is a incorrect authorization in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-25128 is an improper input validation in fast-xml-parser. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-2513: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Flowmon ADS. Patch commands an
CVE-2026-25131 is a missing authorization in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-25136 is a cross-site scripting in rucio rucio. This page lists the verified fix and inline mitigations.
CVE-2026-25139 is a path traversal in RIOT. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2514: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Flowmon ADS. Patch commands an
CVE-2026-25140 is a vulnerability in apko. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25143 is an OS command injection in melange. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25147 is a authorization bypass through user-controlled key in openemr openemr. This page lists the verified fix and inline mitigat
CVE-2026-25153 is a code injection in backstage. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25156 is a vulnerability in hotcrp. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25157 is an OS command injection in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-2516 is a vulnerability in ezPDF DRM Reader. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25161 is a path traversal in alist. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25164 is a missing authorization in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-25165: Performance Counters for Windows Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-25166: CWE-502: Deserialization of Untrusted Data in Windows ADK for Windows 10, version 2004. Patch commands and verification.
CVE-2026-25167: Microsoft Brokering File System Elevation of Privilege in Windows 11 Version 24H2. Patch commands and verification.
CVE-2026-25170: Windows Hyper-V Elevation of Privilege in Windows 11 version 22H3. Patch commands and verification.
CVE-2026-25171: Windows Authentication Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-25172: CWE-190: Integer Overflow or Wraparound in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-25173: CWE-190: Integer Overflow or Wraparound in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-25174: Windows Extensible File Allocation Table Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-25175 is a windows ntfs elevation of privilege in Microsoft Windows 10 Version 1607. CVSS 7.8 High. Patch commands, mitigations, an
CVE-2026-25176 is a cwe-284: improper access control in Microsoft Windows 10 Version 1607. CVSS 7.8 High. Patch commands, mitigations, and v
CVE-2026-25177: Active Directory Domain Services Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-25178 is a cwe-416: use after free in Microsoft Windows 10 Version 1607. CVSS 7 High. Patch commands, mitigations, and verification
CVE-2026-25179: CWE-1287: Improper Validation of Specified Type of Input in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-25181 is a gdi+ information disclosure in Microsoft Windows 10 Version 1607. CVSS 7.5 High. Patch commands, mitigations, and verifi
CVE-2026-25184 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25187 is a winlogon elevation of privilege in Microsoft Windows 10 Version 1607. CVSS 7.8 High. Patch commands, mitigations, and ve
CVE-2026-25188: Windows Telephony Service Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-25189: Windows DWM Core Library Elevation of Privilege in Windows 10 Version 1809. Patch commands and verification.
CVE-2026-25190 is a windows gdi remote code execution in Microsoft Windows 10 Version 1607. CVSS 7.8 High. Patch commands, mitigations, and
CVE-2026-25191 is a uncontrolled search path element in Digital Arts Inc. FinalCode Ver.5 series. This page lists the verified fix and inlin
CVE-2026-25195 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-25196 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-25201 is an unrestricted file upload in MagicINFO 9 Server. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-25203 is a default permissions in MagicINFO 9 Server. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-25205 is a heap buffer overflow in Escargot. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25207 is an out-of-bounds write in Escargot. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25208 is an integer overflow in Escargot. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25223 is an interpretation conflict in fastify. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25231 is an access control bypass in FileRise. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25232 is an access control bypass in gogs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25233 is an OS command injection in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25235 is a vulnerability in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25239 is a SQL injection in pearweb. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25243 is a heap-based buffer overflow in redis. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-25253 is a vulnerability in OpenClaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25304 is a vulnerability in Jaroti. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25306 is a vulnerability in XStore Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25309 is a vulnerability in PublishPress Authors. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25312: WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass in EventPrime. Patch commands and verification.
CVE-2026-25316 is an unsafe deserialization in CartFlows. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25317: a vulnerability in Print Invoice & Delivery Notes for WooCo. Patched version and vendor advisory inside.
CVE-2026-25326 is a vulnerability in CMSMasters Content Composer. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-25334 is a vulnerability in Salon Booking System Pro. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25341 is a vulnerability in RSFirewall!. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25342 is a vulnerability in Boutique. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25346 is a vulnerability in FAQ Builder AYS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25347 is a vulnerability in WP REST Cache. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25349 is a vulnerability in Loobek. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25350 is a vulnerability in Miti. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25351 is a vulnerability in MyMedi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25352 is a vulnerability in MyDecor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25353 is a vulnerability in Nooni. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25354 is a vulnerability in Reebox. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25356 is a vulnerability in Yobazar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25357: an authentication bypass in Ultimate Membership Pro. Patched version and vendor advisory inside.
CVE-2026-25358 is an unsafe deserialization in Meloo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25359 is an unsafe deserialization in Pendulum. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25360 is an unsafe deserialization in Vex. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25361 is a vulnerability in WpEvently. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25369: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Flexmls® IDX. Patch commands and ver
CVE-2026-25373 is a vulnerability in Vayvo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25376 is a vulnerability in Addon Jobsearch Chat. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25378 is a SQL injection in Nelio AB Testing. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25379 is a vulnerability in StreamVid. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2538 is a vulnerability in Notepad2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25380 is a vulnerability in Feedy. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25381 is a vulnerability in LoveDate. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25382 is a vulnerability in IdealAuto. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25383 is a vulnerability in KiviCare. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25396: a vulnerability in Commerce Coinbase For WooCommerce. Patched version and vendor advisory inside.
CVE-2026-25397 is a path traversal in File Uploader for WooCommerce. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-2540 is an authentication bypass in Car Alarm System KE700. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-25400 is an unsafe deserialization in Apicona. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25401 is a vulnerability in WPCargo Track & Trace. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25406 is an authentication bypass in Tutor LMS Pro. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25414 is a vulnerability in WPBookit Pro. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25418 is a SQL injection in Bit Form. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2542 is a vulnerability in Total VPN. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25435 is a vulnerability in Booking calendar. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25438: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Gutenberg Blocks. Patch commands and
CVE-2026-25442: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kentha. Patch commands and verificat
CVE-2026-25443 is a missing authorization in Dotstore Fraud Prevention For Woocommerce. CVSS 7.5 High. Patch commands, mitigations, and veri
CVE-2026-25445: CWE-502 Deserialization of Untrusted Data in WishList Member X. Patch commands and verification.
CVE-2026-25452 is a vulnerability in Remoji. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25456: a vulnerability in Automated FedEx live/manual rates with s. Patched version and vendor advisory inside.
CVE-2026-25457 is a vulnerability in Mixtape. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25458 is a vulnerability in Moments. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25461 is a vulnerability in Listeo Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25464 is a vulnerability in Jannah. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25471: Authentication Bypass Using an Alternate Path or Channel in Admin Safety Guard. Patch commands and verification.
CVE-2026-25474 is a vulnerability in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25476 is a insufficient session expiration in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-25478 is a code injection in litestar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25495 is a SQL injection in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25497 is a vulnerability in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25498 is a vulnerability in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25499: an insecure default configuration in terraform-provider-proxmox. Patched version and vendor advisory inside.
CVE-2026-25502 is a stack-based buffer overflow in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25503 is a vulnerability in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25506 is an OS command injection in munge. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25511 is a vulnerability in groupoffice. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25513 is a SQL injection in facturascripts. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25514 is an improper input validation in facturascripts. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-25519 is an access control bypass in OpenSlides. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25524 is a deserialization of untrusted data in magento-lts. This page lists verified fix commands and short-term mitigations you c
CVE-2026-25529 is a postal has html injection / xss in message view in Postalserver postal. CVSS 8.1 High. Patch commands, mitigations, and
CVE-2026-25535 is a vulnerability in jsPDF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25536 is a vulnerability in typescript-sdk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25538 is a vulnerability in devtron. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2554 - CWE-639 Authorization Bypass Through User-Controlled Key in WCFM – Frontend Manager for WooCommerce. Runnable patch commands
CVE-2026-25546 is an OS command injection in godot-mcp. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25554 is a SQL injection in OpenSIPS OpenSIPS. This page lists the verified fix and inline mitigations.
CVE-2026-25560 is a vulnerability in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25561 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25563 is a vulnerability in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25564 is a vulnerability in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25565 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25566 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25568 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25569 is a cwe-787: out-of-bounds write in Siemens SICAM SIAPP SDK. CVSS 7.4 High. Patch commands, mitigations, and verification.
CVE-2026-25570 is a cwe-121: stack-based buffer overflow in Siemens SICAM SIAPP SDK. CVSS 7.4 High. Patch commands, mitigations, and verific
CVE-2026-25573 is a cwe-73: external control of file name or path in Siemens SICAM SIAPP SDK. CVSS 7.4 High. Patch commands, mitigations, an
CVE-2026-25575 is a path traversal in NavigaTUM. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25577 is a vulnerability in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25580 is a vulnerability in pydantic-ai. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25582 is a path traversal in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25583 is a memory corruption in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25584 is an out-of-bounds write in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25585 is a memory corruption in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25588 is a heap-based buffer overflow in RedisTimeSeries. Patched version, runnable upgrade commands, and how to verify the fix lan
CVE-2026-25589 is a heap-based buffer overflow in RedisBloom. Patched version, runnable upgrade commands, and how to verify the fix landed.
CVE-2026-25591 is a improper neutralization of special elements in data query logic in QuantumNous new-api. This page lists the verified fix
CVE-2026-25593 is an OS command injection in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25606 is a SQL injection in STER. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25610 is a vulnerability in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25611 is a vulnerability in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25612 is a vulnerability in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25613 is a vulnerability in MongoDB Server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25614 is an unsafe deserialization in Blesta. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25615 is an unsafe deserialization in Blesta. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25628 is an arbitrary file read in qdrant. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25634 is a memory corruption in iccDEV. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25635 is a path traversal in calibre. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25636 is a path traversal in calibre. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25639 is a denial of service in axios. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25640 is a path traversal in pydantic-ai. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25644 is a code injection in datahub. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25646 is a path traversal in libpng. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25648 is a cross-site scripting in traccar traccar. This page lists the verified fix and inline mitigations.
CVE-2026-25649 is a CSRF in traccar traccar. This page lists the verified fix and inline mitigations.
CVE-2026-2565 is a stack-based buffer overflow in WL-NU516U1. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25654 is a vulnerability in SINEC NMS. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-25655 is a vulnerability in SINEC NMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25656 is a vulnerability in SINEC NMS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2566 is a stack-based buffer overflow in WL-NU516U1. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25667 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-2567 is a stack-based buffer overflow in WL-NU516U1. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25673 is a denial of service via resource consumption in djangoproject Django. This page lists the verified fix and inline mitigati
CVE-2026-25676 is a vulnerability in M-Track Duo HD. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25679 is a security vulnerability in Go standard library net/url. This page lists the verified fix and inline mitigations.
CVE-2026-2568 is a cross-site scripting in crmperks WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms. This page
CVE-2026-25701 is a insecure temporary file in openSUSE sdbootutil. This page lists the verified fix and inline mitigations.
CVE-2026-25702 is a improper access control in SUSE SUSE Linux Enterprise Server. This page lists the verified fix and inline mitigations.
CVE-2026-25705 is a path traversal in rancher. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25710 is a path traversal in plasma-login-manager. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-25711 is a cwe-613 in Chargemap chargemap.com. This page lists the verified fix and inline mitigations.
CVE-2026-25721 is a OS command injection in Copeland Copeland XWEB 300D PRO. This page lists the verified fix and inline mitigations.
CVE-2026-25722 is an improper input validation in claude-code. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25723 is an improper input validation in claude-code. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25725 is a vulnerability in claude-code. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25726: CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in cloudreve. Patch commands and verification.
CVE-2026-25731 is a server-side template injection in calibre. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25732 is a path traversal in nicegui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25733 is a cross-site scripting in rucio rucio. This page lists the verified fix and inline mitigations.
CVE-2026-25737 is a cwe-602: client-side enforcement of server-side security in budibase. CVSS 8.9 High. Patch commands, mitigations, and ve
CVE-2026-25741 is a incorrect authorization in zulip zulip. This page lists the verified fix and inline mitigations.
CVE-2026-25743 is a cross-site scripting in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-25746 is a SQL injection in openemr openemr. This page lists the verified fix and inline mitigations.
CVE-2026-25747 is a unsafe deserialization in Apache Software Foundation Apache Camel LevelDB. This page lists the verified fix and inline m
CVE-2026-25748 is an authentication bypass in authentik. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25750 is a improper neutralization of special elements in output used by a downstream component ('injection') in langchain-ai helm.
CVE-2026-25754 is a vulnerability in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25755 is a code injection in jsPDF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25757 is a vulnerability in spree. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25758 is a vulnerability in spree. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25759 is a vulnerability in cms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2576: a SQL injection in Business Directory Plugin – Easy Listing. Patched version and vendor advisory inside.
CVE-2026-25761 is an OS command injection in super-linter. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25762 is a vulnerability in core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25767 is an access control bypass in lavinmq. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-25768 is a vulnerability in lavinmq. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25773: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Focalboard. Patch commands a
CVE-2026-25778 is a cwe-613 insufficient session expiration in SWITCH EV swtchenergy.com. This page lists the verified fix and inline mitiga
CVE-2026-25781 is an OS command injection in OpenHarmony. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25789: a cross-site scripting (XSS) in SIMATIC Drive Controller CPU 1504D TF. Patched version and vendor advisory inside.
CVE-2026-2579: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in WowStore – Store Builder & Pro
CVE-2026-25791 is an authentication bypass in sliver. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25793 is an authentication bypass in nebula. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25794 is a heap buffer overflow in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-2580 is a SQL injection in WP Maps – Store Locator. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25802 is a cross-site scripting in QuantumNous new-api. This page lists the verified fix and inline mitigations.
CVE-2026-25804 is an authentication bypass in antrea. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25807 is a code injection in zai-shell. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25808 is a vulnerability in hollo. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25813 is a vulnerability in assessment-placipy. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25817 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-25819 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-25833 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-25835 is a n/a in the vendor n/a, fixed by the same patch as CVE-2026-25212.
CVE-2026-25847 is a vulnerability in PyCharm. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25857 is an OS command injection in Tenda G300-F. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25859 is an access control bypass in WeKan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25863 improper validation of specified quantity in input in Conditional Fields for Contact Form 7. Runnable upgrade commands and ve
CVE-2026-25866 is a mobaxterm < 26.1 notepad++ unquoted service path in Mobatek MobaXterm. CVSS 8.5 High. Patch commands, mitigations, and v
CVE-2026-25880 is a vulnerability in sumatrapdf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25887 is a code injection in chartbrew chartbrew. This page lists the verified fix and inline mitigations.
CVE-2026-25888 is a code injection in chartbrew chartbrew. This page lists the verified fix and inline mitigations.
CVE-2026-25890 is a vulnerability in filebrowser. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25891 is a path traversal in gofiber fiber. This page lists the verified fix and inline mitigations.
CVE-2026-25892 is an improper input validation in adminer. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25899 is a memory allocation with excessive size value in gofiber fiber. This page lists the verified fix and inline mitigations.
CVE-2026-25903 is a vulnerability in Apache NiFi. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25906 is a link following / symlink in Dell Optimizer. This page lists the verified fix and inline mitigations.
CVE-2026-25917 is a deserialization of untrusted data in Apache Airflow. This page lists verified fix commands and short-term mitigations yo
CVE-2026-2592 is an access control bypass in Zarinpal Gateway. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-25922 is an authentication bypass in authentik. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-25923 is an unsafe deserialization in mylittleforum. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-25924 is an access control bypass in kanboard. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25925 is an unsafe deserialization in PowerDocu. Verified patched version, official vendor advisory, and how to confirm the fix lan
CVE-2026-25926 is a vulnerability in notepad-plus-plus. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-25927 is a authorization bypass through user-controlled key in openemr openemr. This page lists the verified fix and inline mitigat
CVE-2026-25931 is a vulnerability in vscode-spell-checker. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-25932 is a glpi has stored xss in supplier 'website' field in Glpi-project glpi. CVSS 7.2 High. Patch commands, mitigations, and ve
CVE-2026-25935 is a vulnerability in vikunja. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25940 is a vulnerability in jsPDF. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25945 is a cwe-307 improper restriction of excessive authentication attempts in EV2GO ev2go.io. This page lists the verified fix an
CVE-2026-25947 is a SQL injection in worklenz. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25949 is a vulnerability in traefik. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25951 is a path traversal in FUXA. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25958 is a vulnerability in cube. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25960 is a ssrf protection bypass in vllm in Vllm-project vllm. CVSS 7.1 High. Patch commands, mitigations, and verification.
CVE-2026-25961 is a code injection in sumatrapdf. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25965 is a path traversal in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25967 is a stack buffer overflow in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25968 is a stack buffer overflow in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-2597 is a heap buffer overflow in LEONT Crypt::SysRandom::XS. This page lists the verified fix and inline mitigations.
CVE-2026-25985 is a resource exhaustion in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25989 is a integer overflow in ImageMagick ImageMagick. This page lists the verified fix and inline mitigations.
CVE-2026-25990 is an OS command injection in Pillow. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25991 is a vulnerability in recipes. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25992 is a path traversal in siyuan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25994 is a vulnerability in pjproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25998 is a path traversal in strongMan. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-25999 is an access control bypass in klaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26001: GLPI Inventory Plugin has SQL Injection on dropdown_calendar Report in glpi-inventory-plugin. Patch commands and verificatio
CVE-2026-26007 is a vulnerability in cryptography. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26008 is a path traversal in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26010 is a vulnerability in OpenMetadata. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26017 is a time-of-check time-of-use (toctou) race condition in coredns coredns. This page lists the verified fix and inline mitiga
CVE-2026-26018 is a predictable seed in pseudo-random number generator (prng) in coredns coredns. This page lists the verified fix and inlin
CVE-2026-26022 is a cross-site scripting in gogs gogs. This page lists the verified fix and inline mitigations.
CVE-2026-26027 is a glpi has an unauthenticated stored xss via inventory in Glpi-project glpi, fixed by the same patch as CVE-2026-25932.
CVE-2026-26029 is an OS command injection in sf-mcp-server. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-2603: Missing Authentication for Critical Function in Red Hat build of Keycloak 26.2. Patch commands and verification.
CVE-2026-26034 is a incorrect default permissions in Dell Inc. UPS Multi-UPS Management Console (MUMC). This page lists the verified fix and
CVE-2026-26045 is a code injection in Vendor the affected product. This page lists the verified fix and inline mitigations.
CVE-2026-26046 is a OS command injection in Vendor the affected product. This page lists the verified fix and inline mitigations.
CVE-2026-26048 is an authentication bypass in USR-W610. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-26050: a vulnerability in ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール. Patched version and vendor advisory inside.
CVE-2026-26055 is an authentication bypass in yoke. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26056 is a code injection in yoke. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26061 is an OS command injection in fleet. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26062 is an improper input validation in fleet. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-26063 is an improper input validation in CediPay. Verified patched version, official vendor advisory, and how to confirm the fix la
CVE-2026-26074 is a vulnerability in everest-core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26078 is a authorization bypass through user-controlled key in discourse discourse. This page lists the verified fix and inline mit
CVE-2026-26093 is an OS command injection in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26095 is an arbitrary file read in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26096 is an arbitrary file read in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26097 is a vulnerability in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26098 is a vulnerability in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26099 is a vulnerability in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26101 is an arbitrary file read in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26102 is an arbitrary file read in opds. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26103 is a missing authorization in Red Hat Red Hat Enterprise Linux 10. This page lists the verified fix and inline mitigations.
CVE-2026-26105: Microsoft SharePoint Server Spoofing in Microsoft SharePoint Enterprise Server 2016. Patch commands and verification.
CVE-2026-26106: Microsoft SharePoint Server Remote Code Execution in Microsoft SharePoint Enterprise Server 2016. Patch commands and verific
CVE-2026-26107: Microsoft Excel Remote Code Execution in Microsoft 365 Apps for Enterprise. Patch commands and verification.
CVE-2026-26108: Microsoft Excel Remote Code Execution in Microsoft 365 Apps for Enterprise. Patch commands and verification.
CVE-2026-26109: Microsoft Excel Remote Code Execution in Microsoft 365 Apps for Enterprise. Patch commands and verification.
CVE-2026-26110: Microsoft Office Remote Code Execution in Microsoft 365 Apps for Enterprise. Patch commands and verification.
CVE-2026-26111: CWE-190: Integer Overflow or Wraparound in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-26112: Microsoft Excel Remote Code Execution in Microsoft 365 Apps for Enterprise. Patch commands and verification.
CVE-2026-26113: Microsoft Office Remote Code Execution in Microsoft 365 Apps for Enterprise. Patch commands and verification.
CVE-2026-26114: Microsoft SharePoint Server Remote Code Execution in Microsoft SharePoint Enterprise Server 2016. Patch commands and verific
CVE-2026-26115: SQL Server Elevation of Privilege in Microsoft SQL Server 2016 Service Pack 3 (GDR). Patch commands and verification.
CVE-2026-26116 is a sql server elevation of privilege in Microsoft SQL Server 2025 (CU 2). CVSS 8.8 High. Patch commands, mitigations, and v
CVE-2026-26117: CWE-288: Authentication Bypass Using an Alternate Path or Channel in Arc Enabled Servers - Azure Connected Machine Agent. Pa
CVE-2026-26118: Azure MCP Server Tools Elevation of Privilege in Azure MCP Server Tools 1.0.0 (npm). Patch commands and verification.
CVE-2026-26119 is an authentication bypass in Windows Admin Center. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-26121 is a azure iot explorer spoofing in Microsoft Azure IoT Explorer. CVSS 7.5 High. Patch commands, mitigations, and verificatio
CVE-2026-26125 is a missing authentication in Microsoft Payment Orchestrator Service. This page lists the verified fix and inline mitigation
CVE-2026-26127 is a .net denial of service in Microsoft .NET 10.0. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-26128: Windows SMB Server Elevation of Privilege in Windows 10 Version 1607. Patch commands and verification.
CVE-2026-26129 improper neutralization of special elements in Microsoft 365 Copilot's Business Chat. Runnable upgrade commands and verificat
CVE-2026-26130 is a asp.net core denial of service in Microsoft ASP.NET Core 10.0. CVSS 7.5 High. Patch commands, mitigations, and verificat
CVE-2026-26131 is a .net elevation of privilege in Microsoft .NET 10.0. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-26132: Windows Kernel Elevation of Privilege in Windows 10 Version 21H2. Patch commands and verification.
CVE-2026-26133 is a m365 copilot information disclosure in Microsoft 365 Copilot for Android. CVSS 7.1 High. Patch commands, mitigations, an
CVE-2026-26134 is a microsoft office elevation of privilege in Microsoft Office for Android. CVSS 7.8 High. Patch commands, mitigations, and
CVE-2026-26138 is a microsoft purview elevation of privilege in Microsoft Purview. CVSS 8.6 High. Patch commands, mitigations, and verificat
CVE-2026-26139 is a microsoft purview elevation of privilege in Microsoft Purview. CVSS 8.6 High. Patch commands, mitigations, and verificat
CVE-2026-2614 improper limitation of a pathname to a restricted directory ('path traversal') in mlflow/mlflow. Runnable upgrade commands and
CVE-2026-26141: CWE-287: Improper Authentication in Azure Automation Hybrid Worker Windows Extension. Patch commands and verification.
CVE-2026-26143 is an improper input validation in PowerShell 7.4. This page lists verified fix commands and short-term mitigations you can r
CVE-2026-26144: Microsoft Excel Information Disclosure in Microsoft 365 Apps for Enterprise. Patch commands and verification.
CVE-2026-26147 is an improper input validation in Azure Stack HCI. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-26148: CWE-454: External Initialization of Trusted Variables or Data Stores in Microsoft Azure AD SSH Login extension for Linux. Pa
CVE-2026-2615 is an OS command injection in WL-NU516U1. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-26150 - CWE-918: Server-Side Request Forgery (SSRF) in Microsoft Purview eDiscovery. Runnable patch commands, mitigation, and verif
CVE-2026-26151 is a cwe-357: insufficient ui warning of dangerous in Microsoft Windows. This page lists verified fix commands and short-term
CVE-2026-26152 is a cwe-922: insecure storage of sensitive information in Microsoft Windows. This page lists verified fix commands and short
CVE-2026-26153 is an out-of-bounds read in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run t
CVE-2026-26154 is an improper input validation in Microsoft Windows Server. This page lists verified fix commands and short-term mitigations
CVE-2026-26156 is a heap buffer overflow in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-26157 is an arbitrary file read in Red Hat Hardened Images. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-26158 is an arbitrary file read in Red Hat Hardened Images. Verified patched version, official vendor advisory, and how to confirm
CVE-2026-26159 is a missing authentication in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-2616 is a hard-coded credentials in 777VR1. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26160 is a missing authentication in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can ru
CVE-2026-26161 is a cwe-822: untrusted pointer dereference in Microsoft Windows. This page lists verified fix commands and short-term mitiga
CVE-2026-26162 is a cwe-843: access of resource using incompatible in Microsoft Windows. This page lists verified fix commands and short-ter
CVE-2026-26163 is a double free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26164 improper neutralization of special elements in output used by a downstream compo in Microsoft 365 Copilot's Business Chat. Ru
CVE-2026-26165 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-26166 is a double free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26167 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26168 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26170 is an improper input validation in Microsoft Windows. This page lists verified fix commands and short-term mitigations you ca
CVE-2026-26171 is a denial of service in .NET 10.0. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26172 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26173 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26174 is a race condition in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26176 is a heap buffer overflow in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-26177 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-26178 is a vulnerability in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26179 is a double free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today.
CVE-2026-26180 is a heap buffer overflow in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run
CVE-2026-26181 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-26182 is an use-after-free in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can run today
CVE-2026-26183 is a cwe-284: improper access control in Microsoft Windows Server. This page lists verified fix commands and short-term mitig
CVE-2026-26184 is a cwe-126: buffer over-read in Microsoft Windows. This page lists verified fix commands and short-term mitigations you can
CVE-2026-26187 is a path traversal in lakeFS. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26192 is a vulnerability in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26193 is a vulnerability in open-webui. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26194 is a improper neutralization of argument delimiters in a command ('argument injection') in gogs gogs. This page lists the ver
CVE-2026-26200 is a path traversal in hdf5. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26201 is a vulnerability in emp3r0r. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26202 is a path traversal in penpot. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26205 is an access control bypass in opa-envoy-plugin. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-26208 is an unsafe deserialization in ADB-Explorer. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26209 is a vulnerability in cbor2. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26213 is an OS command injection in thingino-firmware. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-26224 is a vulnerability in Log Reporter. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26225 is a vulnerability in Personal Backup. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26234 is a vulnerability in JUNG Smart Visu Server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26235: an authentication bypass in JUNG Smart Visu Server. Patched version and vendor advisory inside.
CVE-2026-2626: Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection in divi-booster. Patch commands and verification.
CVE-2026-26263 is a glpi has an unauthenticated sql injection via search engine in Glpi-project glpi, fixed by the same patch as CVE-2026-25
CVE-2026-26264 is a path traversal in bacnet-stack. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26265 is a incorrect authorization in discourse discourse. This page lists the verified fix and inline mitigations.
CVE-2026-26267 is a vulnerability in rs-soroban-sdk. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26268 is a vulnerability in cursor. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-2627 is a vulnerability in FBackup. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26275 is a vulnerability in httpsig-rs. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26276 is a cross-site scripting in gogs gogs. This page lists the verified fix and inline mitigations.
CVE-2026-26278 is an OS command injection in fast-xml-parser. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26280 is an OS command injection in systeminformation. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-26286 is a vulnerability in SillyTavern. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26289: an access control bypass in PowerSYSTEM Center 2020. Patched version and vendor advisory inside.
CVE-2026-26290 is a cwe-613 in EV Energy ev.energy. This page lists the verified fix and inline mitigations.
CVE-2026-2630 is an OS command injection in Security Center. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26305 is a cwe-307 in Mobility46 mobility46.se. This page lists the verified fix and inline mitigations.
CVE-2026-26306 is a vulnerability in OM Workspace (Windows Edition). Verified patched version, official vendor advisory, and how to confirm
CVE-2026-26308: Envoy has an RBAC Header Validation Bypass via Multi-Value Header Concatenation in envoy. Patch commands and verification.
CVE-2026-26314 is an improper input validation in go-ethereum. Verified patched version, official vendor advisory, and how to confirm the fi
CVE-2026-26316 is an access control bypass in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-26317 is a vulnerability in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26318 is an OS command injection in systeminformation. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-26319 is an authentication bypass in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-26320 is a vulnerability in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26321 is a path traversal in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26322 is a vulnerability in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26323 is an OS command injection in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-26324 is a vulnerability in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26325 is an access control bypass in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix lande
CVE-2026-26327 is a vulnerability in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26329 is a path traversal in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26331 is a OS command injection in yt-dlp yt-dlp. This page lists the verified fix and inline mitigations.
CVE-2026-26334 is a hard-coded credentials in VeraSMART. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-26336 is an access control bypass in Alfresco Enterprise. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-26337: a path traversal in Alfresco Transformation Service (Enterpr. Patched version and vendor advisory inside.
CVE-2026-26340 is a missing authentication in Tattile s.r.l. Smart+. This page lists the verified fix and inline mitigations.
CVE-2026-26342 is a cwe-613 insufficient session expiration in Tattile s.r.l. Smart+. This page lists the verified fix and inline mitigation
CVE-2026-26345 is a vulnerability in SPIP. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26354 - CWE-121: Stack-based Buffer Overflow in PowerProtect Data Domain. Runnable patch commands, mitigation, and verification on
CVE-2026-26358 is a vulnerability in Unisphere for PowerMax. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26359 is an arbitrary file read in Unisphere for PowerMax. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-26360 is an arbitrary file read in Unisphere for PowerMax. Verified patched version, official vendor advisory, and how to confirm t
CVE-2026-26362 is a path traversal in Unisphere for PowerMax. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26367 is a vulnerability in eNet SMART HOME server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-26368 is a vulnerability in eNet SMART HOME server. Verified patched version, official vendor advisory, and how to confirm the fix
CVE-2026-2637 is a incorrect permission assignment in iBoysoft iBoysoft NTFS. This page lists the verified fix and inline mitigations.
CVE-2026-26416 is a privilege escalation in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26417 is a cwe-284 improper access control in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26418 is a cwe-284 improper access control in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26514 is a cwe-88 improper neutralization of argument delimiters in a command ('argument injection') in n/a n/a. This page lists th
CVE-2026-2652 is an authentication bypass in mlflow/mlflow. Verified patched version, official vendor advisory, and how to confirm the fix l
CVE-2026-26673 is a denial of service via resource consumption in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26682 is a code injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26699 is a code injection in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-2670 is an OS command injection in WISE-6610. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-26738 is a n/a in the vendor n/a. CVSS 7.8 High. Patch commands, mitigations, and verification.
CVE-2026-26740 is a n/a in the vendor n/a. CVSS 8.2 High. Patch commands, mitigations, and verification.
CVE-2026-26741 is a n/a in the vendor n/a. CVSS 8.1 High. Patch commands, mitigations, and verification.
CVE-2026-26742 is a n/a in the vendor n/a. CVSS 8.1 High. Patch commands, mitigations, and verification.
CVE-2026-26794 is a n/a in the vendor n/a. CVSS 8.8 High. Patch commands, mitigations, and verification.
CVE-2026-26801 is a n/a in the vendor n/a. CVSS 7.5 High. Patch commands, mitigations, and verification.
CVE-2026-26861 is a cwe-346 origin validation error in n/a n/a. This page lists the verified fix and inline mitigations.
CVE-2026-26862 is a cwe-829 inclusion of functionality from untrusted control sphere in n/a n/a. This page lists the verified fix and inline
CVE-2026-26928: Lack of Dynamic Library Validation in SzafirHost in SzafirHost. Patch commands and verification.
CVE-2026-26930 is a vulnerability in SmarterMail. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26938 is a cwe-1336 improper neutralization of special elements used in a template engine in Elastic Kibana. This page lists the ve
CVE-2026-26943 is an OS command injection in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations you
CVE-2026-26944 is a missing authentication in PowerProtect Data Domain. This page lists verified fix commands and short-term mitigations you
CVE-2026-26955 is a out-of-bounds write in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-26959 is a local privilege escalation in ADB-Explorer. Verified patched version, official vendor advisory, and how to confirm the f
CVE-2026-26960 is a path traversal in node-tar. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26965 is a out-of-bounds write in FreeRDP FreeRDP. This page lists the verified fix and inline mitigations.
CVE-2026-26967 is a path traversal in pjproject. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26974 is a local privilege escalation in Slyde. Verified patched version, official vendor advisory, and how to confirm the fix land
CVE-2026-26975 is an arbitrary file read in server. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26978 is an unsafe deserialization in security-reporting. Verified patched version, official vendor advisory, and how to confirm th
CVE-2026-26984 is a path traversal in aces Loris. This page lists the verified fix and inline mitigations.
CVE-2026-26985 is a path traversal in aces Loris. This page lists the verified fix and inline mitigations.
CVE-2026-26990 is a SQL injection in librenms. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26996 is a vulnerability in minimatch. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-26999 is a denial of service via resource consumption in traefik traefik. This page lists the verified fix and inline mitigations.
CVE-2026-27001 is an OS command injection in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed
CVE-2026-27002 is a path traversal in openclaw. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27005 is a SQL injection in chartbrew chartbrew. This page lists the verified fix and inline mitigations.
CVE-2026-27013 is a vulnerability in fabric.js. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27018 is a path traversal in gotenberg. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27039 is a SQL injection in WZone. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27040 is a path traversal in WZone. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27043: WordPress Photography theme < 7.7.6 - Arbitrary File Upload in Photography. Patch commands and verification.
CVE-2026-27045: an unsafe deserialization in WooCommerce Infinite Scroll. Patched version and vendor advisory inside.
CVE-2026-27047 is a vulnerability in Curly Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27048 is a vulnerability in The Aisle Core. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27052: a vulnerability in Sales Countdown Timer for WooCommerce an. Patched version and vendor advisory inside.
CVE-2026-27054 is a vulnerability in Penci Soledad Data Migrator. Verified patched version, official vendor advisory, and how to confirm the
CVE-2026-27068: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Website LLMs.txt. Patch commands and
CVE-2026-27070: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Everest Forms Pro. Patch comm
CVE-2026-27072: a vulnerability in PixelYourSite – Your smart PIXEL (TAG) M. Patched version and vendor advisory inside.
CVE-2026-27073: a hard-coded credentials in Addi – Cuotas que se adaptan a ti. Patched version and vendor advisory inside.
CVE-2026-27075 is a vulnerability in Belfort. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27076 is a vulnerability in LuxeDrive. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27077 is a vulnerability in MultiOffice. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27078 is a vulnerability in Emaurri. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27079 is a vulnerability in Amfissa. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27080 is a vulnerability in Deston. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27081 is a vulnerability in Rosebud. Verified patched version, official vendor advisory, and how to confirm the fix landed.
CVE-2026-27087 is a vulnerability in Wolverine Framework. Verified patched version, official vendor advisory, and how to confirm the fix lan