Filter and search through 199,797 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-25804 | ### Impact Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculatio... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-25793 | ### Impact When using P256 certificates (which is not the default configuration), it is possible to evade a blocklist entry created against the finge... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-25768 | LavinMQ is a high-performance message queue & streaming server. Before 2.6.6, an authenticated user could access metadata in the broker they should no... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25767 | LavinMQ is a high-performance message queue & streaming server. Before 2.6.8, an authenticated user, with the “Policymaker” tag, could create shovels ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25758 | ### Summary A critical IDOR vulnerability exists in Spree Commerce's guest checkout flow that allows any guest user to bind arbitrary guest addresses ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-25757 | ### Unauthenticated users can view completed guest orders by Order ID (`GHSL-2026-029`) The `OrdersController#show` action permits viewing completed ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-25740 | captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captiv... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25729 | DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /ap... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25728 | ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exi... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25727 | ### Impact When user-provided input is provided to any type that parses with the RFC 2822 format, a Denial of Service attack via stack exhaustion is ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-25698 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25697 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25696 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25695 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25694 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25693 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25692 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-25676 | The installer of M-Track Duo HD version 1.0.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-25650 | ### Impact _Disclosure of Salesforce OAuth bearer tokens used by the MCP._ ### Patches _fix applied in 0.1.10_ ### Workarounds _Rotate any Salesforc... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-25631 | ## Impact A vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials... | 0.0 | 0 | Neutral | No | No |