Filter and search through 392,208 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-23724 | WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/atend... | 4.3 | 107 | Neutral | No |
| No |
| CVE-2026-23723 | WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorre... | 7.2 | 322 | Neutral | No | No |
| CVE-2026-23722 | WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA s... | 9.1 | 576 | Neutral | No | No |
| CVE-2026-23721 | OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only ... | 4.3 | 107 | Neutral | No | No |
| CVE-2026-23714 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23713 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23712 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23711 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23710 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23709 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23699 | AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, a... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23646 | OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to vie... | 6.5 | 217 | Neutral | No | No |
| CVE-2026-23645 | ### Summary A Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user u... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-23644 | ### Summary The [commit](https://github.com/esm-dev/esm.sh/commit/9d77b88c320733ff6689d938d85d246a3af9af16) does not actually fix the path traversal ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-23643 | ### Impact The `PaginatorHelper::limitControl()` method has a cross-site-scripting vulnerability via query string parameter manipulation. ### Patches... | 5.4 | 228 | Neutral | No | Yes |
| CVE-2026-23634 | Severity: LOW Target: /workspace/pepr/src/lib/assets/rbac.ts Endpoint: Kubernetes RBAC configuration Method: Deployment ## Response / Rationale Pepr ... | 0.0 | 144 | Neutral | No | Yes |
| CVE-2026-23630 | Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-23626 | # Kimai 2.45.0 - Authenticated Server-Side Template Injection (SSTI) ## Vulnerability Summary | Field | Value | |-------|-------| | **Title** | Auth... | 6.8 | 250 | Neutral | No | Yes |
| CVE-2026-23625 | OpenProject is an open-source, web-based project management software. Versions 16.3.0 through 16.6.4 are affected by a stored cross-site scripting vul... | 8.7 | 541 | Neutral | No | No |
| CVE-2026-23622 | ### Summary `application/core/EA_Security.php::csrf_verify()` only enforces CSRF for POST requests and returns early for non-POST methods. Several app... | 0.0 | 0 | Neutral | No | No |