Filter and search through 392,315 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-24490 | ### Summary A Stored Cross-site Scripting (XSS) vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript ... | 8.1 | 573 | Neutral | No |
| Yes |
| CVE-2026-24489 | A vulnerability was discovered in Gakido that allowed HTTP Header Injection through CRLF (Carriage Return Line Feed) sequences in user-supplied header... | 5.3 | 199 | Neutral | No | Yes |
| CVE-2026-24486 | ### Summary A Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attac... | 8.6 | 659 | Neutral | No | Yes |
| CVE-2026-24480 | QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24479 | HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24478 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a... | 7.2 | 322 | Neutral | No | No |
| CVE-2026-24477 | AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to ve... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24476 | Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` ta... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24474 | Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_ani... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24470 | ### Impact When running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create r... | 8.1 | 605 | Neutral | No | Yes |
| CVE-2026-24469 | C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traver... | 7.5 | 394 | Neutral | No | No |
| CVE-2026-24440 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24439 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24437 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) serve sensitive administrative content without appropriate cache-contro... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24436 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) do not enforce rate limiting or account lockout mechanisms on authentic... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24435 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on au... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24433 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) contain a stored cross-site scripting vulnerability in the user creatio... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24432 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative en... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24431 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) display stored user account passwords in plaintext within the administr... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24430 | Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP respons... | 0.0 | 0 | Neutral | No | No |