Filter and search through 392,438 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-22783 | Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS data... | 8.1 | 476 | Neutral | No |
| Yes |
| CVE-2026-22782 | ### Summary Invalid RPC signatures cause the server to log the shared HMAC secret (and expected signature), which exposes the secret to log readers an... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22781 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via C... | 9.8 | 588 | Neutral | No | Yes |
| CVE-2026-22779 | ### Impact The HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker ... | 5.3 | 199 | Neutral | No | Yes |
| CVE-2026-22777 | ## Impact **Vulnerability Type**: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitr... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-22776 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exi... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-22775 | ## Summary Certain inputs can cause `devalue.parse` to consume excessive CPU time and/or memory, potentially leading to denial of service in systems ... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-22774 | ## Summary Certain inputs can cause `devalue.parse` to consume excessive CPU time and/or memory, potentially leading to denial of service in systems ... | 7.5 | 471 | Neutral | No | Yes |
| CVE-2026-22773 | ### Summary Users can crash the vLLM engine serving multimodal models that use the _Idefics3_ vision model implementation by sending a specially craft... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-22772 | # Security Disclosure: SSRF via MetaIssuer Regex Bypass ## Summary Fulcio's `metaRegex()` function uses unanchored regex, allowing attackers to bypa... | 5.8 | 277 | Neutral | No | Yes |
| CVE-2026-22771 | ### Impact Envoy Gateway allows users to create Lua scripts that are executed by Envoy proxy using the `EnvoyExtensionPolicy` resource. Administrators... | 8.8 | 708 | Neutral | No | Yes |
| CVE-2026-22770 | The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But the last element in the set is not properly initia... | 6.5 | 216 | Neutral | No | Yes |
| CVE-2026-22755 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365,... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22718 | The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine. | 6.8 | 418 | Neutral | No | No |
| CVE-2026-22714 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Mona... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22713 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Grow... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22712 | Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - Approve... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22710 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wiki... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22709 | In vm2 for version 3.10.0, `Promise.prototype.then` `Promise.prototype.catch` callback sanitization can be bypassed. This allows attackers to escape t... | 9.8 | 751 | Neutral | No | Yes |
| CVE-2026-22708 | Cursor is a code editor built for programming with AI. Prior to 2.3, hen the Cursor Agent is running in Auto-Run Mode with Allowlist mode enabled, cer... | 0.0 | 0 | Neutral | No | No |