Filter and search through 392,325 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-22775 | ## Summary Certain inputs can cause `devalue.parse` to consume excessive CPU time and/or memory, potentially leading to denial of service in systems ... | 7.5 | 386 | Neutral | No |
| Yes |
| CVE-2026-22774 | ## Summary Certain inputs can cause `devalue.parse` to consume excessive CPU time and/or memory, potentially leading to denial of service in systems ... | 7.5 | 471 | Neutral | No | Yes |
| CVE-2026-22773 | ### Summary Users can crash the vLLM engine serving multimodal models that use the _Idefics3_ vision model implementation by sending a specially craft... | 6.5 | 209 | Neutral | No | Yes |
| CVE-2026-22772 | # Security Disclosure: SSRF via MetaIssuer Regex Bypass ## Summary Fulcio's `metaRegex()` function uses unanchored regex, allowing attackers to bypa... | 5.8 | 277 | Neutral | No | Yes |
| CVE-2026-22771 | ### Impact Envoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the `EnvoyExtensionPolicy` resource. Administrators... | 8.8 | 708 | Neutral | No | Yes |
| CVE-2026-22770 | The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But the last element in the set is not properly initia... | 6.5 | 216 | Neutral | No | Yes |
| CVE-2026-22755 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365,... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22718 | The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine. | 6.8 | 418 | Neutral | No | No |
| CVE-2026-22714 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Mona... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22713 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Grow... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22712 | Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - Approve... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22710 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wiki... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22709 | In vm2 for version 3.10.0, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape t... | 9.8 | 751 | Neutral | No | Yes |
| CVE-2026-22708 | Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, cer... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22705 | ### Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. ... | 6.4 | 196 | Neutral | No | Yes |
| CVE-2026-22704 | ### Summary Stored XSS Leading to Account Takeover ### Details The Exploit Chain: 1.Upload: The attacker uploads an `.html` file containing a JavaScr... | 8.0 | 564 | Neutral | No | Yes |
| CVE-2026-22703 | ### Impact A Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's diges... | 5.5 | 125 | Neutral | No | Yes |
| CVE-2026-22702 | ## Impact TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in `virtualenv` allow local attackers to perform symlink-based attacks on directory crea... | 4.5 | 101 | Neutral | No | Yes |
| CVE-2026-22701 | ## Vulnerability Summary **Title:** Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock **Affected Component:** `filelock` pack... | 5.3 | 117 | Neutral | No | Yes |
| CVE-2026-22700 | ### Summary A denial-of-service vulnerability exists in the SM2 public-key encryption (PKE) implementation: the `decrypt()` path performs unchecked `... | 7.5 | 471 | Neutral | No | Yes |