Filter and search through 392,208 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-24408 | ### Summary The sigstore-python OAuth authentication flow is susceptible to Cross-Site Request Forgery. ### Details `_OAuthSession` creates a uniqu... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-24407 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Un... | 7.1 | 313 | Neutral | No | No |
| CVE-2026-24406 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a ... | 8.8 | 553 | Neutral | No | No |
| CVE-2026-24405 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a ... | 8.8 | 553 | Neutral | No | No |
| CVE-2026-24404 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIc... | 7.1 | 313 | Neutral | No | No |
| CVE-2026-24403 | iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an ... | 7.1 | 313 | Neutral | No | No |
| CVE-2026-24402 | Rejected reason: GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability. ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24401 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemo... | 6.5 | 209 | Neutral | No | Yes |
| CVE-2026-24400 | An XML External Entity (XXE) vulnerability exists in `org.assertj.core.util.xml.XmlStringPrettyFormatter`: the `toXmlDocument(String)` method initiali... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24399 | ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads ... | 9.3 | 577 | Neutral | No | No |
| CVE-2026-24390 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in QantumThemes Kentha Elementor... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24389 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Chill Gallery PhotoBlocks photoblocks-grid-ga... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24388 | Missing Authorization vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Exploiting Incorrectly Configured Access Control Security Lev... | 4.3 | 163 | Neutral | No | Yes |
| CVE-2026-24387 | Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator wp-quick-post-duplicator allows Exploiting Incorrectly Configured Access... | 4.3 | 163 | Neutral | No | Yes |
| CVE-2026-24386 | Missing Authorization vulnerability in Element Invader Element Invader – Template Kits for Elementor elementinvader allows Exploiting Incorrectl... | 4.3 | 163 | Neutral | No | Yes |
| CVE-2026-24384 | Cross-Site Request Forgery (CSRF) vulnerability in launchinteractive Merge + Minify + Refresh merge-minify-refresh allows Cross Site Request Forgery.T... | 5.4 | 185 | Neutral | No | Yes |
| CVE-2026-24383 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24381 | Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a... | 5.4 | 250 | Neutral | No | Yes |
| CVE-2026-24380 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Contr... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24379 | Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Acc... | 0.0 | 0 | Neutral | No | Yes |