Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2016-1584In all versions of Unity8 a running but not active application on a la ...check proper tracking update
CVE-2018-25246Wikipedia 12.0 contains a denial of service vulnerability that allows ...check
CVE-2018-25305librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that all ...check
CVE-2018-25306PDFunite 0.41.0 contains a buffer overflow vulnerability that allows l ...check
CVE-2019-25485R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the ...check
CVE-2019-25683FileZilla 3.40.0 contains a denial of service vulnerability in the loc ...check
CVE-2020-37182Redir 3.3 contains a stack overflow vulnerability in the doproxyconnec ...check details
CVE-2021-26381Improper system call parameter validation in the Trusted OS may allow ...check
CVE-2021-26410Improper syscall input validation in ASP (AMD Secure Processor) may fo ...check
CVE-2021-47793Telegram Desktop 2.9.2 contains a denial of service vulnerability that ...check
CVE-2022-23538github.com/sylabs/scs-library-client is the Go client for the Singular ...check details, might as well affect golang-github-apptainer-container-library-client
CVE-2022-50942Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerab ...check status upstream
CVE-2023-20514Improper handling of parameters in the AMD Secure Processor (ASP) coul ...check
CVE-2023-20548A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...check
CVE-2023-20585Insufficient checks of the RMP on host buffer access in IOMMU may allo ...check
CVE-2023-20601Improper input validation within RAS TA Driver can allow a local attac ...check
CVE-2023-26044react/http is an event-driven, streaming HTTP client and server implem ...check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected
CVE-2023-27753An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows att ...check
CVE-2023-30059An insecure direct object reference in MK-Auth 23.01K4.9 allows attack ...check
CVE-2023-31313An unintended proxy or intermediary in the AMD power management firmwa ...check
CVE-2023-31324A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure ...check
CVE-2023-31364Improper handling of direct memory writes in the input-output memory m ...check
CVE-2023-47268In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6. ...check
CVE-2023-49316In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...check if affecting ldap-account-manager or unused path
CVE-2023-50251php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50252php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked
CVE-2023-50262Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...check sources embedding php-dompdf if affected
CVE-2024-21953Improper input validation in IOMMU could allow a malicious hypervisor ...check
CVE-2024-22420JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-22421JupyterLab is an extensible environment for interactive and reproducib ...check completeness, src:jupyter-notebook?
CVE-2024-36310Improper input validation in the SMM communications buffer could allow ...check
CVE-2024-36311A Time-of-check time-of-use (TOCTOU) race condition in the SMM communi ...check
CVE-2024-36315Improper enforcement of the LFENCE serialization property may allow an ...check
CVE-2024-36316The integer overflow vulnerability within AMD Graphics driver could al ...check
CVE-2024-36324Improper input validation in AMD Graphics Driver could allow an attack ...check
CVE-2024-54192An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial ...check
CVE-2025-0012Improper handling of overlap between the segmented reverse map table ( ...check
CVE-2025-0029Improper handling of error condition during host-induced faults can al ...check
CVE-2025-0031A use after free in the SEV firmware could allow a malicous hypervisor ...check
CVE-2025-4382A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...double check if vulnerability only considered present after grub_is_cli_disabled is introduced
CVE-2025-6499A vulnerability classified as problematic was found in vstakhov libucl ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-6577Improper neutralization of special elements used in an SQL command ('S ...check
CVE-2025-8671A mismatch caused by client-triggered server-sent stream resets betwee ...check, some projects will assign own CVEs and should then be covered under that specific CVE instead
CVE-2025-8941A flaw was found in linux-pam. The pam_namespace module may improperly ...check likely RedHat specific incomplete fix for CVE-2025-6020, but asked to pinpoint incomplete fixes
CVE-2025-11010A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2025-11147Reflected cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vuln ...clarifying with reporter and Eduard Bloch on the issue.
CVE-2025-12659The affected applications contains a memory corruption vulnerability w ...check
CVE-2025-15569A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The im ...check
CVE-2025-27723Use after free for some Linux kernel driver for the Intel(R) Ethernet ...check
CVE-2025-29939Improper access control in secure encrypted virtualization (SEV) could ...check
CVE-2025-29946Insufficient or Incomplete Data Removal in Hardware Component in SEV f ...check
CVE-2025-29948Improper access control in AMD Secure Encrypted Virtualization (SEV) f ...check
CVE-2025-29952Improper Initialization within the AMD Secure Encrypted Virtualization ...check
CVE-2025-35969Uncontrolled search path for some Intel(R) Server Firmware Update Util ...check
CVE-2025-35990Improper input validation for some Intel Endpoint Management Assistant ...check
CVE-2025-35991Improper initialization in the UEFI firmware for some Intel platforms ...check
CVE-2025-36510Improper buffer restrictions for some Display Virtualization for Windo ...check
CVE-2025-58064CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2025-60796phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting ( ...check, possibly not reported upstream
CVE-2025-60797phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60798phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability i ...check, possibly not reported upstream
CVE-2025-60799phpPgAdmin 7.13.0 and earlier contains an incorrect access control vul ...check, possibly not reported upstream
CVE-2025-61261A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1 ...check
CVE-2025-61305A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_fi ...check
CVE-2025-61306A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_co ...check
CVE-2025-61307A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pa ...check
CVE-2025-61308A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_ma ...check
CVE-2025-61309A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_de ...check
CVE-2025-61310A reflected cross-site scripted (XSS) vulnerability in the acc-menu_bi ...check
CVE-2025-61311A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_al ...check
CVE-2025-61312A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pr ...check
CVE-2025-61313A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_ma ...check
CVE-2025-61314A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_or ...check
CVE-2025-61971Missing lock bit protection for NBIO registers could allow a local adm ...check
CVE-2025-61972Missing lock bit protection for NBIO registers could allow a local adm ...check
CVE-2025-61982An arbitrary code execution vulnerability exists in the Code Stream di ...check upstream status
CVE-2025-62623A heap-based buffer overflow in the ionic cloud driver for VMware ESXi ...check
CVE-2025-62624A heap-based buffer overflow in the ionic cloud driver for VMware ESXi ...check
CVE-2025-62627An untrusted pointer dereference in the ionic cloud driver for VMWare ...check
CVE-2025-65086An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobal ...check
CVE-2025-65087An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt ...check
CVE-2025-65088An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt ...check
CVE-2025-65415docuFORM Managed Print Service Client 11.11c is vulnerable to a sessio ...check
CVE-2025-65416docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrar ...check
CVE-2025-65417docuFORM Managed Print Service Client 11.11c is vulnerable to a reflec ...check
CVE-2025-65418docuFORM Managed Print Service Client 11.11c is vulnerable to a direct ...check
CVE-2025-65719An issue in Open Source Kubectl MCP Server v1.1.1 allows attackers to ...check
CVE-2025-65865An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ...check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream
CVE-2025-66442In Mbed TLS through 4.0.0, there is a compiler-induced timing side cha ...No fix is available for this issue, check if it will be considered upstream
CVE-2025-66578xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2025-67108eProsima Fast-DDS v3.3 was discovered to contain improper validation f ...check https://gist.github.com/lkloliver/81b5d5a8328d712dbfd497bf11dbe913, unclear if reported upstream
CVE-2025-69534Python-Markdown version 3.8 contain a vulnerability where malformed HT ...Asking whether it really needs a backport: https://bugs.debian.org/1131896
CVE-2025-69720The infocmp command-line tool in ncurses before 6.5-20251213 has a sta ...check upstream status
CVE-2025-69969A lack of authentication and authorization mechanisms in the Bluetooth ...check
CVE-2025-70842A Stored Cross-Site Scripting (XSS) vulnerability was discovered in th ...check
CVE-2025-70887An issue in ralphje Signify before v.0.9.2 allows a remote attacker to ...check
CVE-2026-0708A flaw was found in libucl. A remote attacker could exploit this by pr ...check if impacts security wise rspamd, which embeds libucl and uses it a compile time
CVE-2026-1703When pip is installing and extracting a maliciously crafted wheel arch ...check as well pipenv
CVE-2026-2465Incorrect Authorization vulnerability in E-Kalite Software Hardware En ...check
CVE-2026-2725Incorrect authorization in the "submitted together" feature in Gerrit ...check
CVE-2026-2950Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototy ...check fixing commit details
CVE-2026-3319Reflected Cross-Site Scripting (XSS) in the latest demo version of the ...check
CVE-2026-3320Reflected Cross-Site Scripting (XSS) in the latest demo version of the ...check
CVE-2026-3609Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vu ...check
CVE-2026-3650A memory leak exists in the Grassroots DICOM library (GDCM). The bug o ...check, vague report from Red Hat, no upstream details
CVE-2026-4833A weakness has been identified in Orc discount up to 3.0.1.2. This iss ...check libtext-markdown-discount-perl, ruby-rdiscount, cantor, embedding discount; check if security impact present
CVE-2026-5061The consul-template library before version 0.42.0 is vulnerable to a s ...check
CVE-2026-6402webpack-dev-server versions up to and including 5.2.3 are vulnerable t ...check
CVE-2026-7210`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entro ...check
CVE-2026-7701A security vulnerability has been detected in Telegram Desktop up to 6 ...check
CVE-2026-7790Uncontrolled Resource Consumption vulnerability in ninenines cowlib (c ...check if embedded copy in rabbitmq-server is problematic
CVE-2026-8212A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by thi ...check
CVE-2026-8213A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affect ...check
CVE-2026-8449Linux ksmbd contains a remote memory corruption vulnerability in the A ...check
CVE-2026-20714Out-of-bounds write for some Intel(R) QAT software drivers for Windows ...check
CVE-2026-20717Improper input validation for some Intel(R) QAT software drivers for W ...check
CVE-2026-20718Incorrect default permissions for some Intel(R) NPU Driver software in ...check
CVE-2026-20738Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 89 ...check
CVE-2026-20751Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VM ...check
CVE-2026-20753Integer overflow in the UEFI firmware for the Slim Bootloader may allo ...check
CVE-2026-20754Improper conditions check in some firmware for some Intel(R) NPU Drive ...check
CVE-2026-20767Improper input validation for some Intel(R) QAT software drivers for W ...check
CVE-2026-20771Null pointer dereference for some Intel(R) QAT software drivers for Wi ...check
CVE-2026-20772Uncontrolled search path for some Intel(R) Connectivity Performance Su ...check
CVE-2026-20782Buffer overflow for some Intel(R) QAT software drivers for Windows bef ...check
CVE-2026-20793Unchecked return value for some Intel(R) QAT software drivers for Wind ...check
CVE-2026-20794Buffer overflow for the Intel(R) Data Center Graphics Driver for VMwar ...check
CVE-2026-20879Out-of-bounds write for the Intel(R) Data Center Graphics Driver for V ...check
CVE-2026-20881Divide by zero for some Intel(R) QAT software drivers for Windows befo ...check
CVE-2026-20887Improper access control for some Intel Vision software for all version ...check
CVE-2026-20905Improper input validation for some Intel(R) QAT software drivers for W ...check
CVE-2026-20914Null pointer dereference for some Intel(R) QAT software drivers for Wi ...check
CVE-2026-22739Vulnerability in Spring Cloud when substituting the profile parameter ...check
CVE-2026-23479Redis is an in-memory data structure store. In redis-server from 7.2.0 ...check
CVE-2026-23631Redis is an in-memory data structure store. In all versions of redis-s ...check
CVE-2026-23870A denial of service vulnerability could be triggered by sending specia ...check
CVE-2026-23926An authenticated (non-super) administrator can create a maintenance pe ...check
CVE-2026-23927A user able to connect to Agent 2 can inject an Oracle TNS connection ...check
CVE-2026-23928The Item history widget (in Zabbix 7.0+) or the Plain text widget (in ...check
CVE-2026-25243Redis is an in-memory data structure store. In versions of redis-serve ...check
CVE-2026-25701An Insecure Temporary File vulnerability in openSUSE sdbootutil allows ...check
CVE-2026-25702A Improper Access Control vulnerability in the kernel of SUSE SUSE Lin ...check
CVE-2026-26289PowerSYSTEM Center REST API endpoint for device account export allows ...check
CVE-2026-27586Caddy is an extensible server platform that uses TLS by default. Prior ...check, introducing version
CVE-2026-27704The Dart and Flutter SDKs provide software development kits for the Da ...check
CVE-2026-27738The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27739The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-27970Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-28343CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...check
CVE-2026-28687ImageMagick is free and open-source software used for editing and mani ...For imagemagick6 superseded by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
CVE-2026-28687ImageMagick is free and open-source software used for editing and mani ...Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-28688ImageMagick is free and open-source software used for editing and mani ...For imagemagick6 by fix inside jumbo patch for CVE-2026-28686, first patch was incomplete
CVE-2026-28688ImageMagick is free and open-source software used for editing and mani ...Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41)
CVE-2026-29022dr_libs dr_wav.h version 0.14.4 and earlier (fixed in commit 8a7258c) ...qtads, dosbox-x, roc-toolkit, octave-ltfat, faudio bundle a copy, check security impact
CVE-2026-29204Insufficient ownership check in `clientarea.php` allows an authenticat ...check
CVE-2026-30478A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer ...check
CVE-2026-30479A Dynamic-link Library Injection vulnerability in OSGeo Project MapSer ...check
CVE-2026-30635Command injection vulnerability in automagik-genie 2.5.27 MCP Server a ...check
CVE-2026-31053A double free vulnerability exists in librz/bin/format/le/le.c in the ...check
CVE-2026-31192Insufficient validation of Chrome extension identifiers in Raindrop.io ...check
CVE-2026-31214The torch-checkpoint-shrink.py script in the ml-engineering project in ...check
CVE-2026-31215The nexent v1.7.5.2 backend service contains an unauthorized arbitrary ...check
CVE-2026-31216The nexent v1.7.5.2 backend service contains an unauthorized arbitrary ...check
CVE-2026-31217The _load_model() function in the neural_magic_training.py script of t ...check
CVE-2026-31218The _load_model() function in the neural_magic_training.py script of t ...check
CVE-2026-31219The _load_model() function in the neural_magic_training.py script of t ...check
CVE-2026-31220PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerabl ...check
CVE-2026-31221PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deser ...check
CVE-2026-31222The snorkel library thru v0.10.0 contains an insecure deserialization ...check
CVE-2026-31223The snorkel library thru v0.10.0 contains a critical insecure deserial ...check
CVE-2026-31224The snorkel library thru v0.10.0 contains an insecure deserialization ...check
CVE-2026-31225The superduper project thru v0.10.0 contains a critical remote code ex ...check
CVE-2026-31226The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b ...check
CVE-2026-31228The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote ...check
CVE-2026-31229The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insec ...check
CVE-2026-31230The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a comman ...check
CVE-2026-31231Cognee thru v0.4.0 contains a critical remote code execution vulnerabi ...check
CVE-2026-31232The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aa ...check
CVE-2026-31233Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE- ...check
CVE-2026-31234Horovod thru 0.28.1 contains an insecure deserialization vulnerability ...check
CVE-2026-31235The imgaug library thru 0.4.0 contains an insecure deserialization vul ...check
CVE-2026-31236The llm CLI tool thru 0.27.1 contains a critical code injection vulner ...check
CVE-2026-31237The Ludwig framework thru 0.10.4 is vulnerable to insecure deserializa ...check
CVE-2026-31238The Ludwig framework thru 0.10.4 is vulnerable to insecure deserializa ...check
CVE-2026-31239The mamba language model framework thru 2.2.6 is vulnerable to insecur ...check
CVE-2026-31240The mem0 1.0.0 server lacks authentication and authorization controls ...check
CVE-2026-31241The mem0 1.0.0 server lacks authentication and authorization controls ...check
CVE-2026-31242The mem0 v1.0.0 server lacks authentication and authorization controls ...check
CVE-2026-31243The mem0 1.0.0 server lacks authentication and authorization controls ...check
CVE-2026-31244The mem0 1.0.0 server lacks authentication and authorization controls ...check
CVE-2026-31245The mem0 1.0.0 server lacks authentication and authorization controls ...check
CVE-2026-31246GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-0 ...check
CVE-2026-31247Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) ...check
CVE-2026-31248Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) ...check
CVE-2026-31249CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...check
CVE-2026-31250CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...check
CVE-2026-31251CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...check
CVE-2026-31252CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...check
CVE-2026-31253The flash-attention training framework thru commit e724e2588cbe754beb9 ...check
CVE-2026-31254The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e ...check
CVE-2026-32148Insufficient Verification of Data Authenticity vulnerability in hexpm ...check
CVE-2026-32313xmlseclibs is a library written in PHP for working with XML Encryption ...check
CVE-2026-32600xml-security is a library that implements XML signatures and encryptio ...check
CVE-2026-32635Angular is a development platform for building mobile and desktop web ...check status for older versions
CVE-2026-32661Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailS ...check
CVE-2026-32687Improper Neutralization of Special Elements used in an SQL Command ('S ...check
CVE-2026-32836dr_libsdr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, ...check
CVE-2026-33356In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authe ...check
CVE-2026-33357In Meari client applications embedding "com.meari.sdk" (including Clou ...check
CVE-2026-33359In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed ...check
CVE-2026-33361In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudE ...check
CVE-2026-33362In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arent ...check
CVE-2026-33397The Angular SSR is a server-rise rendering tool for Angular applicatio ...check
CVE-2026-33570PowerSYSTEM Center REST API endpoint for devices allows a low privileg ...check
CVE-2026-34240JOSE is a Javascript Object Signing and Encryption (JOSE) library. Pri ...check
CVE-2026-34960barebox prior to version 2026.04.0 contains an out-of-bounds read vuln ...check
CVE-2026-34961barebox prior to version 2026.04.0 contains out-of-bounds read vulnera ...check
CVE-2026-34962barebox version prior to 2026.04.0 contains a denial-of-service vulner ...check
CVE-2026-34963barebox version prior to 2026.04.0 contains multiple memory-safety vul ...check
CVE-2026-35504PowerSYSTEM Center email notification service is affected by a CRLF in ...check
CVE-2026-35555PowerSYSTEM Center feature for device project groups allows an authent ...check
CVE-2026-36734EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authen ...check
CVE-2026-36906Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remo ...check
CVE-2026-36962SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated a ...check
CVE-2026-37630An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrar ...check
CVE-2026-38566HireFlow v1.2 does not implement CSRF token validation on any state-ch ...check
CVE-2026-38567HireFlow v1.2 is vulnerable to SQL injection in the /login and /search ...check
CVE-2026-38568HireFlow v1.2 is vulnerable to Incorrect Access Control. The applicati ...check
CVE-2026-38569HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate ...check
CVE-2026-39860Nix is a package manager for Linux and other Unix systems. A bug in th ...check, potentially affecting guix if same issue in backporting fix for CVE-2024-2729
CVE-2026-40171In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions ...check
CVE-2026-40300Zulip is an open-source team collaboration tool. Prior to 12.0, With m ...check
CVE-2026-40863PhpSpreadsheet is a pure PHP library for reading and writing spreadshe ...check
CVE-2026-40902PhpSpreadsheet is a pure PHP library for reading and writing spreadshe ...check
CVE-2026-40968When an authenticated user is denied access to a gRPC method, their au ...check
CVE-2026-40969The raw message of every server-side AuthenticationException is return ...check
CVE-2026-40981When using Google Secrets Manager as a backend for the Spring Cloud Co ...check
CVE-2026-40982Spring Cloud Config allows applications to serve arbitrary text and bi ...check
CVE-2026-41002The base directory (`spring.cloud.config.server.git.basedir`) used by ...check
CVE-2026-41004When enabling trace logging in Spring Cloud Config Server sensitive in ...check
CVE-2026-41018The Elasticsearch logging provider, when configured with a `host` URL ...check
CVE-2026-41195mosparo is the modern solution to protect your online forms from spam. ...check
CVE-2026-41250Taiga is a project management platform for startups and agile develope ...check
CVE-2026-41423Angular is a development platform for building mobile and desktop web ...check
CVE-2026-41431Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a ...check
CVE-2026-41489Pi-hole is a DNS sinkhole that protects devices from unwanted content ...check
CVE-2026-41513Horilla is an HR and CRM software. In 1.5.0, the notification endpoint ...check
CVE-2026-41530The automatic folder creation feature of Lhaz and Lhaz+ provided by Ch ...check
CVE-2026-41872"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to impro ...check
CVE-2026-41889pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, ...check the other golang-github-jackc-pgx* sources
CVE-2026-41895changedetection.io is a free open source web page change detection too ...check
CVE-2026-41901Thymeleaf is a server-side Java template engine for web and standalone ...check
CVE-2026-41951Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which ...check
CVE-2026-42045LobeHub is a work-and-lifestyle space to find, build, and collaborate ...check
CVE-2026-42046libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an ...check
CVE-2026-42048Langflow is a tool for building and deploying AI-powered agents and wo ...check
CVE-2026-42141Xibo is an open source digital signage platform with a web content man ...check
CVE-2026-42156Flowsint is an open-source OSINT graph exploration tool designed for c ...check
CVE-2026-42157Flowsint is an open-source OSINT graph exploration tool designed for c ...check
CVE-2026-42158Flowsint is an open-source OSINT graph exploration tool designed for c ...check
CVE-2026-42175requests-hardened is a library that overrides the default behaviors of ...check
CVE-2026-42177linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entr ...check
CVE-2026-42185People is an application to handle users and teams, and distribute per ...check
CVE-2026-42188Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...check
CVE-2026-42191OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetr ...check
CVE-2026-42196django-s3file is a lightweight file upload input for Django and Amazon ...check
CVE-2026-42199Grid is a data structure grid for rust. From version 0.17.0 to before ...check
CVE-2026-42245Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-42246Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-42256Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-42257Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-42258Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...check
CVE-2026-42260Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for ...check
CVE-2026-42300DevGuard provides vulnerability management for the full software suppl ...check
CVE-2026-42303Fides is an open-source privacy engineering platform. From 2.75.0 to b ...check
CVE-2026-42308Pillow is a Python imaging library. Prior to version 12.2.0, if a font ...research fixing commit(s), maybe https://github.com/python-pillow/Pillow/pull/9518/changes
CVE-2026-42311Pillow is a Python imaging library. From version 10.3.0 to before vers ...check, identify commit in 10.3.0 introducing the issue
CVE-2026-42316kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft ...check
CVE-2026-42338ip-address is a library for parsing and manipulating IPv4 and IPv6 add ...check
CVE-2026-42348OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. ...check
CVE-2026-42349Clerk JavaScript is the official JavaScript repository for Clerk authe ...check
CVE-2026-42355NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...check
CVE-2026-42442NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...check
CVE-2026-42443NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...check
CVE-2026-42444NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...check
CVE-2026-42445NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...check
CVE-2026-42446NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0. ...check
CVE-2026-42503gopls by default communicates via pipe. However, -port and -listen fla ...check
CVE-2026-42541Kubewarden is a policy engine for Kubernetes. Prior to , An attacker w ...check
CVE-2026-42544Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2 ...check
CVE-2026-42545Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2 ...check
CVE-2026-42554Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Sit ...check
CVE-2026-42560auth provides authentication via oauth2, direct and email. From versio ...check
CVE-2026-42564jotty\xb7page is a self-hosted app for your checklists and notes. Prio ...check
CVE-2026-42565@workos/authkit-session is a toolkit for building WorkOS AuthKit frame ...check
CVE-2026-42571Pelican is a platform for creating data federations. From versions 7.2 ...check
CVE-2026-42600MinIO is a high-performance object storage system. From RELEASE.2022-0 ...check
CVE-2026-42603OWASP BLT is a QA testing and vulnerability disclosure platform that e ...check
CVE-2026-42778The fix for CVE-2026-41409 was not applied to the 2.1.X and 2.2.X bran ...check
CVE-2026-42779The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X bran ...check
CVE-2026-42844Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privile ...check
CVE-2026-42854arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...check
CVE-2026-42855arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...check
CVE-2026-42859Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication ...check
CVE-2026-42860The Open edx Enterprise Service app provides enterprise features to th ...check
CVE-2026-42866Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix ...check
CVE-2026-42869SOCFortress CoPilot focuses on providing a single pane of glass for al ...check
CVE-2026-42874Microdot is a minimalistic Python web framework. Prior to 2.6.1, the R ...check
CVE-2026-42875External Secrets Operator reads information from a third-party service ...check
CVE-2026-42876External Secrets Operator reads information from a third-party service ...check
CVE-2026-42882oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, ...check
CVE-2026-42883Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...check
CVE-2026-42884Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...check
CVE-2026-42885Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...check
CVE-2026-42886Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...check
CVE-2026-42887Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...check
CVE-2026-42888Audiobookshelf is a self-hosted audiobook and podcast server. Prior to ...check
CVE-2026-42889Relay adds real-time collaboration to Obsidian. Relay Server versions ...check
CVE-2026-42994Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, wh ...check
CVE-2026-43826The OpenSearch logging provider, when configured with a `host` URL tha ...check
CVE-2026-43873WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43874WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43875WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43876WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43877WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43878WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43879WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43880WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43881WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43882WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43883WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43884WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43885WWBN AVideo is an open source video platform. In versions up to and in ...check
CVE-2026-43886Outline is a service that allows for collaborative documentation. From ...check
CVE-2026-43887Outline is a service that allows for collaborative documentation. From ...check
CVE-2026-43888Outline is a service that allows for collaborative documentation. Prio ...check
CVE-2026-43889Outline is a service that allows for collaborative documentation. Prio ...check
CVE-2026-43890Outline is a service that allows for collaborative documentation. From ...check
CVE-2026-43891changedetection.io is a free open source web page change detection too ...check
CVE-2026-43892AntSword is a cross-platform website management toolkit. Prior to 2.1. ...check
CVE-2026-43893exiftool-vendored provides cross-platform Node.js access to ExifTool. ...check
CVE-2026-43897Link Preview JS extracts web links information. Prior to 4.0.1, the li ...check
CVE-2026-43901Wireshark MCP is an MCP Server that turns tshark into a structured ana ...check
CVE-2026-43916pam_authnft is a PAM session module binding nftables firewall rules to ...check
CVE-2026-43929ssrfcheck is a library that checks if a string contains a potential SS ...check
CVE-2026-43937YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5, A ...check
CVE-2026-43938YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 an ...check
CVE-2026-43939YetAnotherForum.NET (YAF.NET) is a C# ASP.NET forum. Prior to 4.0.5 an ...check
CVE-2026-43948wger is a free, open-source workout and fitness manager. Prior to 2.6, ...check
CVE-2026-43983Pocket ID is an OIDC provider that allows users to authenticate with t ...check
CVE-2026-43989JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...check
CVE-2026-43990JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...check
CVE-2026-43991JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...check
CVE-2026-43992JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...check
CVE-2026-43993JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x ...check
CVE-2026-44015Nginx UI is a web user interface for the Nginx web server. In 2.3.4 an ...check
CVE-2026-44166Pocketbase is an open source web backend written in go. Prior to 0.22. ...check
CVE-2026-44204Shelf is a platform for tracking physical assets. From 1.12 to before ...check
CVE-2026-44217sse-channel is an SSE-implementation which can be used to any node.js ...check
CVE-2026-44218ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 t ...check
CVE-2026-44219ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 t ...check
CVE-2026-44220ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 t ...check
CVE-2026-44224Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, ...check
CVE-2026-44225Pulpy is a lightweight, cross-platform desktop application packager fo ...check
CVE-2026-44232DSSRF is a Node.js library that provides a wide range of utilities and ...check
CVE-2026-44240basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is v ...check
CVE-2026-44246nnU-Net is a semantic segmentation framework that automatically adapts ...check
CVE-2026-44262Scramble generates API documentation for Laravel project. From 0.13.2 ...check
CVE-2026-44302Snappier is a high performance C# implementation of the Snappy compres ...check
CVE-2026-44307Mako is a template library written in Python. Prior to 1.3.12, on Wind ...check
CVE-2026-44643Angular Expressions provides expressions for the Angular.JS web framew ...check
CVE-2026-45321On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious ...check
CVE-2026-45391Reserved. Details will be published at disclosure.check
CVE-2026-45392Reserved. Details will be published at disclosure.check
CVE-2026-45393Reserved. Details will be published at disclosure.check
Search for package or bug name: Reporting problems