Filter and search through 392,325 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-22830 | Rejected reason: Not used | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-22829 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22822 | ### Summary The `getSecretKey` template function, while introduced for senhasegura Devops Secrets Management (DSM) provider, has the ability to fetch... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22820 | ### Summary A TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. ### Details ... | 3.7 | 102 | Neutral | No | Yes |
| CVE-2026-22819 | ### Summary This vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanism... | 3.1 | 94 | Neutral | No | Yes |
| CVE-2026-22818 | ## Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verificatio... | 6.5 | 216 | Neutral | No | Yes |
| CVE-2026-22817 | ## Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s `alg` value to influence signature verification when the se... | 6.5 | 216 | Neutral | No | Yes |
| CVE-2026-22816 | Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22814 | ### Summary **Description** A Mass Assignment (CWE-915) vulnerability in AdonisJS Lucid may allow a remote attacker who can influence data that is pas... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22813 | ### Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on `http://localhost:... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2026-22812 | *Previously reported via email to [email protected] on 2025-11-17 per the security policy in [opencode-sdk-js/SECURITY.md](https://github.com/sst/openco... | 8.8 | 775 | Rising | Yes | Yes |
| CVE-2026-22809 | ## Summary A potential Regular Expression Denial of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the `issuu_id... | 4.4 | 90 | Neutral | No | Yes |
| CVE-2026-22808 | ### Summary A cross-site scripting (XSS) vulnerability in Fleet’s Windows MDM authentication flow could allow an attacker to compromise a Fleet user ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22807 | # Summary vLLM loads Hugging Face `auto_map` dynamic modules during model resolution **without gating on `trust_remote_code`**, allowing attacker-con... | 8.8 | 708 | Neutral | No | Yes |
| CVE-2026-22805 | Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subscrip... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22804 | Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site S... | 4.7 | 213 | Neutral | Yes | No |
| CVE-2026-22803 | ## Summary The experimental `form` remote function uses a binary data format containing a representation of submitted form data. A specially-crafted ... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-22801 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.2... | 7.8 | 431 | Neutral | No | Yes |
| CVE-2026-22800 | PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerabilit... | 4.5 | 84 | Neutral | No | Yes |
| CVE-2026-22799 | Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uplo... | 8.8 | 545 | Neutral | No | Yes |