Filter and search through 200,021 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-28687 | No description available | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-28686 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-28517 | openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves t... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-28516 | openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-inst... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-28515 | openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installe... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-28514 | Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-28513 | ### Summary The OIDC token endpoint rejects an authorization code only when **both** the client ID is wrong **and** the code is expired. This allows ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-28512 | ### Impact A flaw in callback URL validation allowed crafted `redirect_uri` values containing URL userinfo (`@`) to bypass legitimate callback pattern... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-28508 | ## Summary A logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-28507 | **Affected Versions:** Tested on current `dev` branch (build fingerprint `505[...]7bd86`) **CVSS v4 Score:** 8.6 ([CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-28502 | ## Summary An authenticated Remote Code Execution (RCE) vulnerability was identified in AVideo related to the plugin upload/import functionality. The... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-28497 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer c... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-28494 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-28493 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-28492 | ### Summary When a user creates a public share link for a **directory**, the `withHashFile` middleware in `http/public.go` (line 59) uses `filepath.Di... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-28484 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-28443 | OpenReplay is a self-hosted session replay suite. Prior to version 1.20.0, the POST /{projectId}/cards/search endpoint has a SQL injection in the sort... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-2844 | Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects Ti... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-28438 | ### Impact The Doris target connector didn't verify the configured table name before creating some SQL statements (`ALTER TABLE`). So, in the applicat... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-28436 | Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS ... | 0.0 | 0 | Neutral | No | No |