Filter and search through 392,104 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-23961 | Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent i... | 5.3 | 132 | Neutral | No |
| No |
| CVE-2026-23960 | ### Summary Stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under th... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-23959 | # SQL Injection in CustomerTransformerController ## Summary An **error-based SQL Injection vulnerability** was identified in the `CustomerTransformer... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-23958 | Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT si... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23957 | Overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to **significantly increase proc... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-23956 | Overriding RegExp serialization with extremely large patterns can **exhaust JavaScript runtime memory** during deserialization. Additionally, overridi... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-23955 | EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwi... | 4.2 | 90 | Neutral | No | No |
| CVE-2026-23954 | ### Summary A user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) can use directory traversal or symbo... | 8.7 | 662 | Neutral | No | Yes |
| CVE-2026-23953 | ### Summary A user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environme... | 8.7 | 539 | Neutral | No | Yes |
| CVE-2026-23952 | ## Summary NULL pointer dereference in MSL (Magick Scripting Language) parser when processing `<comment>` tag before any image is loaded. ## Version... | 6.5 | 209 | Neutral | No | Yes |
| CVE-2026-23951 | SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 rec... | 5.5 | 133 | Neutral | No | No |
| CVE-2026-23950 | **TITLE**: Race Condition in node-tar Path Reservations via Unicode Sharp-S (ß) Collisions on macOS APFS **AUTHOR**: Tomás Illuminati ### Details A... | 8.8 | 545 | Neutral | No | Yes |
| CVE-2026-2395 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2026-23949 | ### Summary There is a Zip Slip path traversal vulnerability in the jaraco.context package affecting setuptools as well, in `jaraco.context.tarball()`... | 8.6 | 659 | Neutral | No | Yes |
| CVE-2026-23947 | ### Impact Arbitrary code execution in environments consuming generated clients This issue is similar in nature to the recently-patched MCP vulnerabi... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2026-23946 | A critical deserialization vulnerability exists in Tendenci Helpdesk module (NOTE, by default, Helpdesk is NOT enabled), affecting the version 15.3.11... | 6.8 | 400 | Neutral | No | Yes |
| CVE-2026-23944 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxi... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23917 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23916 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23915 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |