Filter and search through 392,438 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-22263 | Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to... | 5.3 | 124 | Neutral | No |
| Yes |
| CVE-2026-22262 | Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14, ... | 5.9 | 155 | Neutral | No | Yes |
| CVE-2026-22261 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not t... | 3.7 | 102 | Neutral | No | Yes |
| CVE-2026-22260 | Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-22259 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amoun... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-22258 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o li... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-22257 | # Summary The function `list_html` generates a file view of a folder without sanitizing the files or folders names, potentially leading to XSS in cas... | 8.8 | 652 | Neutral | No | Yes |
| CVE-2026-22256 | # Summary The function `list_html` generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML ... | 8.8 | 652 | Neutral | No | Yes |
| CVE-2026-22255 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) col... | 8.8 | 646 | Neutral | Yes | Yes |
| CVE-2026-22253 | ## LFS Lock Force-Delete Authorization Bypass ### Summary An authorization bypass in the LFS lock deletion endpoint allows any authenticated user wi... | 5.4 | 185 | Neutral | No | Yes |
| CVE-2026-22252 | LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validat... | 9.9 | 585 | Neutral | No | Yes |
| CVE-2026-22251 | ### Impact Historically, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never rem... | 5.5 | 190 | Neutral | No | Yes |
| CVE-2026-22250 | ### Impact The SSL verification would be skipped for some crafted URLs. ### Patches * https://github.com/WeblateOrg/wlc/pull/1097 ### Workarounds Av... | 5.5 | 125 | Neutral | No | Yes |
| CVE-2026-22249 | Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write v... | 9.8 | 588 | Neutral | No | Yes |
| CVE-2026-22246 | Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-us... | 4.3 | 99 | Neutral | No | Yes |
| CVE-2026-22245 | Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided d... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-22244 | # OpenMetadata RCE Vulnerability - Proof of Concept ## Executive Summary **CRITICAL Remote Code Execution vulnerability** confirmed in OpenMetadata ... | 7.2 | 313 | Neutral | No | Yes |
| CVE-2026-22242 | ### Affected Version(s) - CoreShop 4.1.2 Demo (tested) [Demo | CoreShop](https://docs.coreshop.com/CoreShop/Getting_Started/Demo/index.html) - Earlie... | 4.9 | 226 | Neutral | No | Yes |
| CVE-2026-22241 | The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulne... | 7.2 | 415 | Neutral | Yes | Yes |
| CVE-2026-22240 | The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthent... | 0.0 | 0 | Neutral | No | No |