Filter and search through 392,598 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-24793 | Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib ... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-24785 | ### Impact Protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule (Noise Protocol... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24784 | A content editor could inject scripts in module headers/footers that would run for other users. | 6.8 | 365 | Neutral | No | No |
| CVE-2026-24783 | ### Impact #### Incorrect rounding direction for signed mul and div operations The `mulDiv(x, y, z)` function incorrectly handled cases where both t... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-24779 | ### Summary A Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vLLM project's multimodal feature set. ... | 7.1 | 434 | Neutral | No | Yes |
| CVE-2026-24778 | ### Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with ... | 8.8 | 652 | Neutral | No | Yes |
| CVE-2026-24775 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24772 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24771 | ## Summary A Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the hono/jsx library. Under certain usage patterns, ... | 4.7 | 211 | Neutral | No | Yes |
| CVE-2026-24770 | RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "... | 9.8 | 596 | Neutral | No | No |
| CVE-2026-24769 | ## Summary A **stored Cross-site Scripting (XSS)** vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload mal... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24768 | ### Summary An **unvalidated redirect (open redirect)** vulnerability exists in NocoDB’s login flow due to missing validation of the `continueAfterSi... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24767 | ## Summary A **blind Server-Side Request Forgery (SSRF)** vulnerability exists in the `uploadViaURL` functionality due to an unprotected `HEAD` reque... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24766 | ### Summary An authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/connection/test` endpoint, ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24765 | ### Overview A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exi... | 7.8 | 560 | Neutral | No | Yes |
| CVE-2026-24748 | ### Impact A bug was found with authentication checks on the `GetConfig()` API endpoint. This allowed unauthenticated users to access this endpoint b... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24747 | ### Summary A vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded ... | 8.8 | 708 | Neutral | No | Yes |
| CVE-2026-24742 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24741 | ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the `POST /delete` endpoint uses a user-controlled `filename` value to co... | 8.1 | 484 | Neutral | No | No |
| CVE-2026-24740 | ### Summary A flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an inte... | 0.0 | 0 | Neutral | No | Yes |