Filter and search through 392,208 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-23976 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Modula Image Gallery modula-best-grid-g... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-23975 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Golo golo allows PHP Lo... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-23974 | Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-23968 | ### Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use [unsafe](https://copier.readthedocs.i... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-23967 | ### Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a ... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-23966 | ### Summary A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto. By interacting with the SM2 decryption interface mu... | 9.1 | 568 | Neutral | No | Yes |
| CVE-2026-23965 | ### Summary A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto. Under default configurations, an attacker ... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-23964 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object ref... | 6.5 | 224 | Neutral | No | No |
| CVE-2026-23963 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a... | 4.3 | 107 | Neutral | No | No |
| CVE-2026-23962 | Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit ... | 7.5 | 394 | Neutral | No | No |
| CVE-2026-23961 | Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent i... | 5.3 | 132 | Neutral | No | No |
| CVE-2026-23960 | ### Summary Stored XSS in the artifact directory listing allows any workflow author to execute arbitrary JavaScript in another user’s browser under th... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-23959 | # SQL Injection in CustomerTransformerController ## Summary An **error-based SQL Injection vulnerability** was identified in the `CustomerTransformer... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-23958 | Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT si... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23957 | Overriding encoded array lengths by replacing them with an excessively large value causes the deserialization process to **significantly increase proc... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-23956 | Overriding RegExp serialization with extremely large patterns can **exhaust JavaScript runtime memory** during deserialization. Additionally, overridi... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-23955 | EVerest is an EV charging software stack. Prior to version 2025.9.0, in several places, integer values are concatenated to literal strings when throwi... | 4.2 | 90 | Neutral | No | No |
| CVE-2026-23954 | ### Summary A user with the ability to launch a container with a custom image (e.g a member of the ‘incus’ group) can use directory traversal or symbo... | 8.7 | 662 | Neutral | No | Yes |
| CVE-2026-23953 | ### Summary A user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environme... | 8.7 | 539 | Neutral | No | Yes |
| CVE-2026-23952 | ## Summary NULL pointer dereference in MSL (Magick Scripting Language) parser when processing `<comment>` tag before any image is loaded. ## Version... | 6.5 | 209 | Neutral | No | Yes |