Filter and search through 392,315 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-22798 | Thanks, @thunze for reporting this! `hermes` subcommands take arbitrary options under the `-O` argument. These have been logged in raw form since htt... | 5.9 | 143 | Neutral | No |
| Yes |
| CVE-2026-22797 | An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 1... | 9.9 | 585 | Neutral | No | Yes |
| CVE-2026-22796 | No description available | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22795 | No description available | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22794 | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers... | 8.8 | 646 | Neutral | Yes | Yes |
| CVE-2026-22793 | 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsin... | 9.6 | 586 | Neutral | No | No |
| CVE-2026-22792 | 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML renderin... | 9.6 | 586 | Neutral | No | No |
| CVE-2026-22791 | openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES... | 6.6 | 223 | Neutral | No | Yes |
| CVE-2026-22789 | WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation... | 8.8 | 545 | Neutral | No | Yes |
| CVE-2026-22788 | WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple ... | 8.2 | 495 | Neutral | No | Yes |
| CVE-2026-22787 | ### Impact html2pdf.js contains a cross-site scripting (XSS) vulnerability when given a text source rather than an element. This text is not sufficien... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22786 | ### Impact Gin-vue-admin <= v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22785 | ### Impact The MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without pr... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2026-22784 | Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functiona... | 4.3 | 200 | Neutral | Yes | Yes |
| CVE-2026-22783 | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS data... | 8.1 | 476 | Neutral | No | Yes |
| CVE-2026-22782 | ### Summary Invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers an... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22781 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via C... | 9.8 | 588 | Neutral | No | Yes |
| CVE-2026-22779 | ### Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker ... | 5.3 | 199 | Neutral | No | Yes |
| CVE-2026-22777 | ## Impact **Vulnerability Type**: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitr... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-22776 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exi... | 7.5 | 386 | Neutral | No | Yes |