Provally CuratedVerified
Provally CVE/1-day Rules
Curated SAST rules generated from CVE and 1-day vulnerability analysis artifacts.
Fetch pack
greprules pack fetch greprules-cve-1day --engine opengrepcurl https://api.greprules.io/api/packs/greprules-cve-1day.tar.gz -o greprules-cve-1day.tar.gzIncluded rules
CVE-2018-25160: Perl Http Session2 Cve 2018 25160
cve-2018-25160-perl-http-session2-cve-2018-25160CVE-2023-6395: Jinja2 Unsandboxed Templatecve-2023-6395-jinja2-unsandboxed-templateCVE-2024-11406: Django Formfield Missing Dict Validationcve-2024-11406-django-formfield-missing-dict-validationCVE-2024-21635: Grpc In Memory File Serving Doscve-2024-21635-grpc-in-memory-file-serving-dosCVE-2024-23644: Rust Iterator All Empty Bypasscve-2024-23644-rust-iterator-all-empty-bypassCVE-2024-23826: Python Secure Filename Dos Missing Length Checkcve-2024-23826-python-secure-filename-dos-missing-length-checkCVE-2024-25177: Luajit Unsink Fstore Null Metatablecve-2024-25177-luajit-unsink-fstore-null-metatableCVE-2024-25624: Inadequate Html Escape In Attributecve-2024-25624-inadequate-html-escape-in-attributeCVE-2024-28102: Python Unbounded Zlib Decompressioncve-2024-28102-python-unbounded-zlib-decompressionCVE-2024-28122: Golang Unbounded Decompression Readallcve-2024-28122-golang-unbounded-decompression-readallCVE-2024-29034: Ruby Unsanitized Content Typecve-2024-29034-ruby-unsanitized-content-typeCVE-2024-31464: Xwiki Missing Xclassreference Diffcve-2024-31464-xwiki-missing-xclassreference-diffCVE-2024-3196: Perl Backticks String Concatcve-2024-3196-perl-backticks-string-concatCVE-2024-33522: Insecure Suid Chmodcve-2024-33522-insecure-suid-chmodCVE-2024-40897: Unbounded Vsprintf Callcve-2024-40897-unbounded-vsprintf-callCVE-2024-41675: Ckan Unescaped Datatable Recordscve-2024-41675-ckan-unescaped-datatable-recordsCVE-2024-4536: Edc Insecure Oauth2 Sink Decoratorcve-2024-4536-edc-insecure-oauth2-sink-decoratorCVE-2024-47071: Generic Path Traversal Via Requestcve-2024-47071-generic-path-traversal-via-requestCVE-2024-52011: Vite Launch Editor Cmd Injectioncve-2024-52011-vite-launch-editor-cmd-injectionCVE-2024-53260: Ruby Csv Formula Injectioncve-2024-53260-ruby-csv-formula-injectionCVE-2024-55878: Simplexlsxex Missing Sanitizationcve-2024-55878-simplexlsxex-missing-sanitizationCVE-2024-56331: Powershell Command Injection Via Templatecve-2024-56331-powershell-command-injection-via-templateCVE-2025-10858: Vulnerabilities Service Rb Cwe 000 Cve 2025 10858cve-2025-10858-vulnerabilities-service-rb-cwe-000-cve-2025-10858CVE-2025-11149: Unhandled Fs Sync Exception Doscve-2025-11149-unhandled-fs-sync-exception-dosCVE-2025-11362: Infinite Redirect Recursioncve-2025-11362-infinite-redirect-recursionCVE-2025-11935: Src Tls13 C Cwe 000 Cve 2025 11935cve-2025-11935-src-tls13-c-cwe-000-cve-2025-11935CVE-2025-12763: Python Conditional Subprocess Shell Truecve-2025-12763-python-conditional-subprocess-shell-trueCVE-2025-12764: Python Ldap Injectioncve-2025-12764-python-ldap-injectionCVE-2025-12765: Ldap3 Tls Cert None Defaultcve-2025-12765-ldap3-tls-cert-none-defaultCVE-2025-13033: Nodemailer Quoted Address Bypasscve-2025-13033-nodemailer-quoted-address-bypassCVE-2025-13654: Buffer Bounds Check Integer Underflowcve-2025-13654-buffer-bounds-check-integer-underflowCVE-2025-14874: Nodemailer Unbounded Address Parsingcve-2025-14874-nodemailer-unbounded-address-parsingCVE-2025-15556: Notepadpp Wingup Missing Cert Verificationcve-2025-15556-notepadpp-wingup-missing-cert-verificationCVE-2025-1686: Pebble Cve 2025 1686 Lficve-2025-1686-pebble-cve-2025-1686-lfiCVE-2025-22150: Insecure Multipart Boundary Math Randomcve-2025-22150-insecure-multipart-boundary-math-randomCVE-2025-2256: Gitlab Incomplete Scanner Groupingcve-2025-2256-gitlab-incomplete-scanner-groupingCVE-2025-23040: Typescript Memory Exhaustion Via Late Size Checkcve-2025-23040-typescript-memory-exhaustion-via-late-size-checkCVE-2025-27591: Rs Unsafe World Writable Permissionscve-2025-27591-rs-unsafe-world-writable-permissionsCVE-2025-27794: Php Illuminate Session Fixationcve-2025-27794-php-illuminate-session-fixationCVE-2025-28401: Shiro Missing Csrf Protectioncve-2025-28401-shiro-missing-csrf-protectionCVE-2025-2884: Tpm2 Missing Hmac Sigalg Checkcve-2025-2884-tpm2-missing-hmac-sigalg-checkCVE-2025-3193: Incomplete Prototype Pollution Filtercve-2025-3193-incomplete-prototype-pollution-filterCVE-2025-32015: Simplepie Missing Srcdoc Stripcve-2025-32015-simplepie-missing-srcdoc-stripCVE-2025-32464: Buffer Bound Mismatch Appendcve-2025-32464-buffer-bound-mismatch-appendCVE-2025-45691: Prompt Value Ssrf File Readcve-2025-45691-prompt-value-ssrf-file-readCVE-2025-46599: Kubelet Readonly Port Omitempty Bypasscve-2025-46599-kubelet-readonly-port-omitempty-bypassCVE-2025-47908: Redundant Slice Compaction Doscve-2025-47908-redundant-slice-compaction-dosCVE-2025-48069: Exportfunctions Go Cwe 000 Cve 2025 48069cve-2025-48069-exportfunctions-go-cwe-000-cve-2025-48069CVE-2025-48869: Django Path Traversal Os Path Joincve-2025-48869-django-path-traversal-os-path-joinCVE-2025-49593: Insecure Header Blocklistcve-2025-49593-insecure-header-blocklistCVE-2025-53010: Cpp Unchecked Getoutput Pushcve-2025-53010-cpp-unchecked-getoutput-pushCVE-2025-53012: Unbounded Cycle Detection Depthcve-2025-53012-unbounded-cycle-detection-depthCVE-2025-53099: Unvalidated Oauth Parameter Dispatchcve-2025-53099-unvalidated-oauth-parameter-dispatchCVE-2025-53107: Git Mcp Server Command Injectioncve-2025-53107-git-mcp-server-command-injectionCVE-2025-53355: Exec Command Injectioncve-2025-53355-exec-command-injectionCVE-2025-53538: Http2 Data Frame Stream Zerocve-2025-53538-http2-data-frame-stream-zeroCVE-2025-53544: Local File Read Via File Uri Bypasscve-2025-53544-local-file-read-via-file-uri-bypassCVE-2025-53634: Go Missing Readheadertimeoutcve-2025-53634-go-missing-readheadertimeoutCVE-2025-53643: Aiohttp Httppayloadparser Unparsed Trailerscve-2025-53643-aiohttp-httppayloadparser-unparsed-trailersCVE-2025-54081: Sc Unquoted Search Pathcve-2025-54081-sc-unquoted-search-pathCVE-2025-54140: Python Filename Path Traversalcve-2025-54140-python-filename-path-traversalCVE-2025-54141: Python Cgi Path Traversalcve-2025-54141-python-cgi-path-traversalCVE-2025-54376: Go Negroni Missing Auth Middlewarecve-2025-54376-go-negroni-missing-auth-middlewareCVE-2025-54792: Dart Path Traversal Joincve-2025-54792-dart-path-traversal-joinCVE-2025-54796: Arbitrary Re From Requestcve-2025-54796-arbitrary-re-from-requestCVE-2025-55284: Insecure Tmp File Writecve-2025-55284-insecure-tmp-file-writeCVE-2025-55558: Pytorch Inductor Simd Reduction Buffer Overflowcve-2025-55558-pytorch-inductor-simd-reduction-buffer-overflowCVE-2025-55732: Frappe Childquery Dict Sqlicve-2025-55732-frappe-childquery-dict-sqliCVE-2025-56225: Fluidsynth Missing Preset Null Checkcve-2025-56225-fluidsynth-missing-preset-null-checkCVE-2025-56427: Global Brace Removal Corruptioncve-2025-56427-global-brace-removal-corruptionCVE-2025-57767: Pjsip Unchecked Auth Headercve-2025-57767-pjsip-unchecked-auth-headerCVE-2025-58056: Netty Permissive Http Chunk Lf Smugglingcve-2025-58056-netty-permissive-http-chunk-lf-smugglingCVE-2025-58157: Gnark Quorem Truncation Division And Aliasingcve-2025-58157-gnark-quorem-truncation-division-and-aliasingCVE-2025-58358: Child Process Exec Injectioncve-2025-58358-child-process-exec-injectionCVE-2025-58362: Fixed Url Scheme Offset Path Confusioncve-2025-58362-fixed-url-scheme-offset-path-confusionCVE-2025-58445: Missing Tilde Expansion In Path Validationcve-2025-58445-missing-tilde-expansion-in-path-validationCVE-2025-58446: Unbounded Repetition Unrolling Doscve-2025-58446-unbounded-repetition-unrolling-dosCVE-2025-58753: Insecure Path Builder Missing Allowlistcve-2025-58753-insecure-path-builder-missing-allowlistCVE-2025-59049: Mockoon Template Path Traversalcve-2025-59049-mockoon-template-path-traversalCVE-2025-59148: Missing Null Check Flowvarcve-2025-59148-missing-null-check-flowvarCVE-2025-5915: Cve 2025 5915 Missing Error Stringcve-2025-5915-cve-2025-5915-missing-error-stringCVE-2025-59425: Authorization Header Timing Attackcve-2025-59425-authorization-header-timing-attackCVE-2025-59530: Quic Missing Initial Key Dropcve-2025-59530-quic-missing-initial-key-dropCVE-2025-59830: Ruby Unescaped Prefix Regex Strippingcve-2025-59830-ruby-unescaped-prefix-regex-strippingCVE-2025-61582: Ts3 Nodejs Library Untrusted Connectcve-2025-61582-ts3-nodejs-library-untrusted-connectCVE-2025-61601: Bigbluebutton Unvalidated Poll Answers Doscve-2025-61601-bigbluebutton-unvalidated-poll-answers-dosCVE-2025-61602: Unvalidated Emoji Mart Data Accesscve-2025-61602-unvalidated-emoji-mart-data-accessCVE-2025-61770: Ruby Unescaped Regex Prefix Strippingcve-2025-61770-ruby-unescaped-regex-prefix-strippingCVE-2025-61771: Ruby Unescaped Path Regex Interpolationcve-2025-61771-ruby-unescaped-path-regex-interpolationCVE-2025-61772: Unescaped Regex Path Prefixcve-2025-61772-unescaped-regex-path-prefixCVE-2025-61919: Ruby Unescaped Prefix Regex Interpolationcve-2025-61919-ruby-unescaped-prefix-regex-interpolationCVE-2025-61920: Unbounded Jwt Deserialization Doscve-2025-61920-unbounded-jwt-deserialization-dosCVE-2025-61921: Ruby Redos Split Comma Whitespacecve-2025-61921-ruby-redos-split-comma-whitespaceCVE-2025-62162: Unvalidated Ast Deref Visitorcve-2025-62162-unvalidated-ast-deref-visitorCVE-2025-62166: Freshrss Cve 2025 62166 Auth Bypasscve-2025-62166-freshrss-cve-2025-62166-auth-bypassCVE-2025-62185: Mpv Missing No Ytdlcve-2025-62185-mpv-missing-no-ytdlCVE-2025-62186: Rust Sql Format Injectioncve-2025-62186-rust-sql-format-injectionCVE-2025-62708: Python Unbounded Bytesio Decompressioncve-2025-62708-python-unbounded-bytesio-decompressionCVE-2025-64330: Suricata Alert Verdict Oob Readcve-2025-64330-suricata-alert-verdict-oob-readCVE-2025-64335: Suricata Detect Engine Buffer Null Derefcve-2025-64335-suricata-detect-engine-buffer-null-derefCVE-2025-64340: Python Fastmcp Unencoded Path Substitutioncve-2025-64340-python-fastmcp-unencoded-path-substitutionCVE-2025-64438: Rtps Unbounded Gap Iterationcve-2025-64438-rtps-unbounded-gap-iterationCVE-2025-64530: Improper Subset Validation Somecve-2025-64530-improper-subset-validation-someCVE-2025-64756: Foreground Child Shell Truecve-2025-64756-foreground-child-shell-trueCVE-2025-65015: Exception Embeds Oversized Variablecve-2025-65015-exception-embeds-oversized-variableCVE-2025-65493: Global Openssl Engine Singletoncve-2025-65493-global-openssl-engine-singletonCVE-2025-65563: Pfcp Nodeid Nil Derefcve-2025-65563-pfcp-nodeid-nil-derefCVE-2025-65564: Pfcp Silent Drop On Ie Parse Errorcve-2025-65564-pfcp-silent-drop-on-ie-parse-errorCVE-2025-65795: Grpc Gateway Httpbody Usagecve-2025-65795-grpc-gateway-httpbody-usageCVE-2025-65947: Mach Vm Deallocate Incorrect Castcve-2025-65947-mach-vm-deallocate-incorrect-castCVE-2025-66031: Uncontrolled Recursion Depth Limitcve-2025-66031-uncontrolled-recursion-depth-limitCVE-2025-66206: Python Frappe Childquery Sqlicve-2025-66206-python-frappe-childquery-sqliCVE-2025-66418: Unbounded Decoder Chaincve-2025-66418-unbounded-decoder-chainCVE-2025-66453: Rhino Dtoa Doscve-2025-66453-rhino-dtoa-dosCVE-2025-66506: Go Jwt Unbounded Split Doscve-2025-66506-go-jwt-unbounded-split-dosCVE-2025-66692: Missing Signature Length Checkcve-2025-66692-missing-signature-length-checkCVE-2025-67499: Knftables Missing Fib Daddr Localcve-2025-67499-knftables-missing-fib-daddr-localCVE-2025-67721: Zero Match Offset Decompression Leakcve-2025-67721-zero-match-offset-decompression-leakCVE-2025-67725: Python Quadratic String Countingcve-2025-67725-python-quadratic-string-countingCVE-2025-67726: Python Parseparam Quadratic Doscve-2025-67726-python-parseparam-quadratic-dosCVE-2025-68129: Auth0 Clientid Audience Bypasscve-2025-68129-auth0-clientid-audience-bypassCVE-2025-68274: Sipgo Missing Nil Check To Headercve-2025-68274-sipgo-missing-nil-check-to-headerCVE-2025-68437: Php Ssrf Missing Ip Validationcve-2025-68437-php-ssrf-missing-ip-validationCVE-2025-68468: Core Browse C Cwe 000 Cve 2025 68468cve-2025-68468-core-browse-c-cwe-000-cve-2025-68468CVE-2025-68471: Reachable Assert Duplicate Statecve-2025-68471-reachable-assert-duplicate-stateCVE-2025-68616: Weasyprint Ssrf Urlfetcher Redirectscve-2025-68616-weasyprint-ssrf-urlfetcher-redirectsCVE-2025-68953: Python Unsanitized Dict Key Ast Injectioncve-2025-68953-python-unsanitized-dict-key-ast-injectionCVE-2025-69196: Python Unencoded Path Parameter Substitutioncve-2025-69196-python-unencoded-path-parameter-substitutionCVE-2025-69223: Python Unbounded Decompressioncve-2025-69223-python-unbounded-decompressionCVE-2025-69227: Aiohttp Assert Data Validationcve-2025-69227-aiohttp-assert-data-validationCVE-2025-69228: Aiohttp Multipart Size Accumulator Resetcve-2025-69228-aiohttp-multipart-size-accumulator-resetCVE-2025-69261: Wasm Memory Integer Truncation Bounds Bypasscve-2025-69261-wasm-memory-integer-truncation-bounds-bypassCVE-2025-70559: Insecure Path Join Pickle Loadscve-2025-70559-insecure-path-join-pickle-loadsCVE-2025-70954: Ton Tvm Uncaught Null Tuple Indexcve-2025-70954-ton-tvm-uncaught-null-tuple-indexCVE-2025-70956: Ton Runvm Gas Limit Bypasscve-2025-70956-ton-runvm-gas-limit-bypassCVE-2025-70957: Ton Unsafe Continuation Deserializationcve-2025-70957-ton-unsafe-continuation-deserializationCVE-2025-70986: Shiro Missing Csrf Protectioncve-2025-70986-shiro-missing-csrf-protectionCVE-2025-71176: Python Path Chmod Toctoucve-2025-71176-python-path-chmod-toctouCVE-2025-7504: Php Unserialize Object Injectioncve-2025-7504-php-unserialize-object-injectionCVE-2025-7670: Wpdb Unprepared Object Propertycve-2025-7670-wpdb-unprepared-object-propertyCVE-2025-8014: Gitlab Missing Report Type Groupingcve-2025-8014-gitlab-missing-report-type-groupingCVE-2025-8194: Python Block Padding Missing Negative Checkcve-2025-8194-python-block-padding-missing-negative-checkCVE-2025-9230: Bounds Check Underflow Size T Castcve-2025-9230-bounds-check-underflow-size-t-castCVE-2025-9624: Opensearch Hunspell Path Traversalcve-2025-9624-opensearch-hunspell-path-traversalCVE-2025-9810: C Toctou Chmod After Opencve-2025-9810-c-toctou-chmod-after-openCVE-2026-0599: Reqwest Unbounded Body Readcve-2026-0599-reqwest-unbounded-body-readCVE-2026-0622: Insecure Jwt Secret Env Fallbackcve-2026-0622-insecure-jwt-secret-env-fallbackCVE-2026-0994: Recursion Depth Bypass Dynamic Dispatchcve-2026-0994-recursion-depth-bypass-dynamic-dispatchCVE-2026-10617: Incomplete Privesc Regex Blocklistcve-2026-10617-incomplete-privesc-regex-blocklistCVE-2026-10662: Zipfile Extractall Zip Slipcve-2026-10662-zipfile-extractall-zip-slipCVE-2026-10688: Zipfile Extractall Zip Slipcve-2026-10688-zipfile-extractall-zip-slipCVE-2026-1781: Form Listener Php Cwe 000 Cve 2026 1781cve-2026-1781-form-listener-php-cwe-000-cve-2026-1781CVE-2026-20904: Custom Csrf Middleware Flaw Skipcve-2026-20904-custom-csrf-middleware-flaw-skipCVE-2026-21441: Urllib3 Drain Conn Decompression Bombcve-2026-21441-urllib3-drain-conn-decompression-bombCVE-2026-21452: Unbounded Array Allocation From Method Parametercve-2026-21452-unbounded-array-allocation-from-method-parameterCVE-2026-21507: Infinite Loop Missing Read Zero Checkcve-2026-21507-infinite-loop-missing-read-zero-checkCVE-2026-21694: Trailing Spread Mass Assignmentcve-2026-21694-trailing-spread-mass-assignmentCVE-2026-21863: Network Packet Header Oob Readcve-2026-21863-network-packet-header-oob-readCVE-2026-21864: Valkey Module Missing Handle Io Errorscve-2026-21864-valkey-module-missing-handle-io-errorsCVE-2026-22023: Crypto Aos C Cwe 000 Cve 2026 22023cve-2026-22023-crypto-aos-c-cwe-000-cve-2026-22023CVE-2026-22245: Ruby Ipv4 Mapped Ipv6 Ssrf Bypasscve-2026-22245-ruby-ipv4-mapped-ipv6-ssrf-bypassCVE-2026-22259: Incomplete Tx State Checkcve-2026-22259-incomplete-tx-state-checkCVE-2026-2265: Dynamic Global Instantiation Or Invocationcve-2026-2265-dynamic-global-instantiation-or-invocationCVE-2026-22689: Bypass Websocket Origin Checkcve-2026-22689-bypass-websocket-origin-checkCVE-2026-22700: Unchecked Split Atcve-2026-22700-unchecked-split-atCVE-2026-22774: Dynamic Typedarray Unvalidated Allocationcve-2026-22774-dynamic-typedarray-unvalidated-allocationCVE-2026-22775: Src Parse Js Cwe 000 Cve 2026 22775cve-2026-22775-src-parse-js-cwe-000-cve-2026-22775CVE-2026-22803: Eager Buffer Allocation Doscve-2026-22803-eager-buffer-allocation-dosCVE-2026-22860: Ruby Path Traversal Prefix Bypasscve-2026-22860-ruby-path-traversal-prefix-bypassCVE-2026-22862: Geth Unbounded Receipts Decode Doscve-2026-22862-geth-unbounded-receipts-decode-dosCVE-2026-22868: Go Ethereum Missing Buffer Pool Deriveshacve-2026-22868-go-ethereum-missing-buffer-pool-deriveshaCVE-2026-22870: Python Scanner Evasion Extraction Abortcve-2026-22870-python-scanner-evasion-extraction-abortCVE-2026-23487: Incorrect Target Role Authorization Bypasscve-2026-23487-incorrect-target-role-authorization-bypassCVE-2026-23490: Unbounded Oid Continuation Octetscve-2026-23490-unbounded-oid-continuation-octetsCVE-2026-23842: Python Sqlalchemy Unmanaged Session Leakcve-2026-23842-python-sqlalchemy-unmanaged-session-leakCVE-2026-23939: Elixir Path Traversal Joincve-2026-23939-elixir-path-traversal-joinCVE-2026-24001: Jsdiff Dos Redos Mismatched Regexcve-2026-24001-jsdiff-dos-redos-mismatched-regexCVE-2026-24136: Django Missing File Upload Validationcve-2026-24136-django-missing-file-upload-validationCVE-2026-24401: Missing Cname Loop Detectioncve-2026-24401-missing-cname-loop-detectionCVE-2026-24675: Freerdp Cve 2026 24675cve-2026-24675-freerdp-cve-2026-24675CVE-2026-24676: Freerdp Audin Format Uafcve-2026-24676-freerdp-audin-format-uafCVE-2026-24682: Cleanup Function Doubled Argumentcve-2026-24682-cleanup-function-doubled-argumentCVE-2026-24684: Freerdp Rdpsnd Missing Thread Terminatecve-2026-24684-freerdp-rdpsnd-missing-thread-terminateCVE-2026-24783: Fixed Point Negative Roundingcve-2026-24783-fixed-point-negative-roundingCVE-2026-24827: Cve 2026 24827 Lua Stack Exhaustion Oobcve-2026-24827-cve-2026-24827-lua-stack-exhaustion-oobCVE-2026-24829: Insecure Libjpeg Color Components Checkcve-2026-24829-insecure-libjpeg-color-components-checkCVE-2026-24831: Openssl Tonelli Shanks Infinite Loopcve-2026-24831-openssl-tonelli-shanks-infinite-loopCVE-2026-25121: Insecure Filepath Hasprefixcve-2026-25121-insecure-filepath-hasprefixCVE-2026-25231: Models Foldermodel Php Cwe 000 Cve 2026 25231cve-2026-25231-models-foldermodel-php-cwe-000-cve-2026-25231CVE-2026-25535: Unbounded Array Allocation From Dimensionscve-2026-25535-unbounded-array-allocation-from-dimensionsCVE-2026-25541: Rust Unchecked Bounds Additioncve-2026-25541-rust-unchecked-bounds-additionCVE-2026-25542: Git Argument Injectioncve-2026-25542-git-argument-injectionCVE-2026-25565: Undefined Http Method Picker Routecve-2026-25565-undefined-http-method-picker-routeCVE-2026-25577: Python Unhandled Simplecookie Loadcve-2026-25577-python-unhandled-simplecookie-loadCVE-2026-25627: Log After Freecve-2026-25627-log-after-freeCVE-2026-25727: Rfc Rfc2822 Rs Cwe 000 Cve 2026 25727cve-2026-25727-rfc-rfc2822-rs-cwe-000-cve-2026-25727CVE-2026-25760: Arbitrary File Read Via Path Joincve-2026-25760-arbitrary-file-read-via-path-joinCVE-2026-25879: Unvalidated Llm Sql Executioncve-2026-25879-unvalidated-llm-sql-executionCVE-2026-25949: Traefik Missing Encoded Character Validationcve-2026-25949-traefik-missing-encoded-character-validationCVE-2026-25992: Go Filepath Rel Case Bypasscve-2026-25992-go-filepath-rel-case-bypassCVE-2026-26004: Oauth State Presence Routing Bypasscve-2026-26004-oauth-state-presence-routing-bypassCVE-2026-26029: Node Exec Dynamic Command Injectioncve-2026-26029-node-exec-dynamic-command-injectionCVE-2026-26202: Clojure Schema Polymorphic Arbitrary File Readcve-2026-26202-clojure-schema-polymorphic-arbitrary-file-readCVE-2026-26275: Rust Matches Macro Variable Bindingcve-2026-26275-rust-matches-macro-variable-bindingCVE-2026-26278: Xmlparser Doctypereader Js Cwe 000 Cve 2026 26278cve-2026-26278-xmlparser-doctypereader-js-cwe-000-cve-2026-26278CVE-2026-26981: Size Clamping Integer Underflowcve-2026-26981-size-clamping-integer-underflowCVE-2026-26986: Freerdp Rail Window Uafcve-2026-26986-freerdp-rail-window-uafCVE-2026-27015: Winpr Unsafe Stream Padding Seekcve-2026-27015-winpr-unsafe-stream-padding-seekCVE-2026-27125: Ssr Unvalidated Dynamic Tag Injectioncve-2026-27125-ssr-unvalidated-dynamic-tag-injectionCVE-2026-27145: Redundant Split In Hostname Matchingcve-2026-27145-redundant-split-in-hostname-matchingCVE-2026-27181: Majordomo Unauth Mode Assignmentcve-2026-27181-majordomo-unauth-mode-assignmentCVE-2026-27189: App Ingest Py Cwe 000 Cve 2026 27189cve-2026-27189-app-ingest-py-cwe-000-cve-2026-27189CVE-2026-27195: Unbounded Repeat Take Allocationcve-2026-27195-unbounded-repeat-take-allocationCVE-2026-27204: Wasi Async Resource Leak Bypasscve-2026-27204-wasi-async-resource-leak-bypassCVE-2026-27572: Rust Unbounded Repeat Take Allocationcve-2026-27572-rust-unbounded-repeat-take-allocationCVE-2026-27595: Parse Dashboard Unauthenticated Agent Endpointcve-2026-27595-parse-dashboard-unauthenticated-agent-endpointCVE-2026-27598: Path Traversal Via Unvalidated Abscve-2026-27598-path-traversal-via-unvalidated-absCVE-2026-27628: Circular Xref Infinite Loopcve-2026-27628-circular-xref-infinite-loopCVE-2026-27642: Chained Missing Ie Validationcve-2026-27642-chained-missing-ie-validationCVE-2026-27818: Domain Suffix Validation Bypasscve-2026-27818-domain-suffix-validation-bypassCVE-2026-27888: Pypdf Unbounded Zlib Decompresscve-2026-27888-pypdf-unbounded-zlib-decompressCVE-2026-27933: Unsanitized Filename Hashcve-2026-27933-unsanitized-filename-hashCVE-2026-28352: Python Ipaddress Is Private Bypasscve-2026-28352-python-ipaddress-is-private-bypassCVE-2026-28427: Rust Path Traversal Starts Withcve-2026-28427-rust-path-traversal-starts-withCVE-2026-28490: Authlib Internal Registry Unsafe Algorithm Lookupcve-2026-28490-authlib-internal-registry-unsafe-algorithm-lookupCVE-2026-28492: Afero Parent Directory Exposurecve-2026-28492-afero-parent-directory-exposureCVE-2026-28525: Mongoose Multipart Integer Underflowcve-2026-28525-mongoose-multipart-integer-underflowCVE-2026-28684: Tempfile Cross Device Symlink Overwritecve-2026-28684-tempfile-cross-device-symlink-overwriteCVE-2026-28696: Craftcms Assetbundle Cpexposurecve-2026-28696-craftcms-assetbundle-cpexposureCVE-2026-28781: Craftcms Query Configure Sqlicve-2026-28781-craftcms-query-configure-sqliCVE-2026-28789: Unprotected Receiver Map Write Http Handlercve-2026-28789-unprotected-receiver-map-write-http-handlerCVE-2026-28790: Olivetin Missing Kill Permission Revocationcve-2026-28790-olivetin-missing-kill-permission-revocationCVE-2026-29039: Insecure Elementpath Xpath Evaluationcve-2026-29039-insecure-elementpath-xpath-evaluationCVE-2026-29045: Unsafe Path Decodecve-2026-29045-unsafe-path-decodeCVE-2026-29062: Jackson Core Context Depth Bypasscve-2026-29062-jackson-core-context-depth-bypassCVE-2026-29081: Frappe Unvalidated Dict Key In Childquerycve-2026-29081-frappe-unvalidated-dict-key-in-childqueryCVE-2026-29779: Uptimeflare Workerconfig Leakcve-2026-29779-uptimeflare-workerconfig-leakCVE-2026-30852: Double Placeholder Evaluation Caddycve-2026-30852-double-placeholder-evaluation-caddyCVE-2026-30858: Weknora Missing Sandbox Validationcve-2026-30858-weknora-missing-sandbox-validationCVE-2026-30952: Unvalidated Fallback Path Yieldcve-2026-30952-unvalidated-fallback-path-yieldCVE-2026-31241: Path Traversal Via Joincve-2026-31241-path-traversal-via-joinCVE-2026-3125: Ssrf Via Path Regex Extractioncve-2026-3125-ssrf-via-path-regex-extractionCVE-2026-31866: Unbounded Http Request Body Decodecve-2026-31866-unbounded-http-request-body-decodeCVE-2026-31883: Unvalidated Block Header Size Subtractioncve-2026-31883-unvalidated-block-header-size-subtractionCVE-2026-31958: Unbounded Multipart Parsingcve-2026-31958-unbounded-multipart-parsingCVE-2026-32094: Shescape Missing Bracket Glob Escapecve-2026-32094-shescape-missing-bracket-glob-escapeCVE-2026-32108: Python Incomplete Sanitization Or Unescaped Jsoncve-2026-32108-python-incomplete-sanitization-or-unescaped-jsonCVE-2026-32245: Oauth2 Missing Client Validation Authorization Codecve-2026-32245-oauth2-missing-client-validation-authorization-codeCVE-2026-32624: Strncat Size Minus Src Lencve-2026-32624-strncat-size-minus-src-lenCVE-2026-32750: Go Unvalidated Source Path Traversalcve-2026-32750-go-unvalidated-source-path-traversalCVE-2026-32758: Path Validation Before Cleancve-2026-32758-path-validation-before-cleanCVE-2026-32761: Files Filelisting Vue Cwe 000 Cve 2026 32761cve-2026-32761-files-filelisting-vue-cwe-000-cve-2026-32761CVE-2026-32812: Insufficient Url Validation Ssrfcve-2026-32812-insufficient-url-validation-ssrfCVE-2026-32937: Insecure Gin Param Splitcve-2026-32937-insecure-gin-param-splitCVE-2026-33056: Rust Symlink Metadata Bypasscve-2026-33056-rust-symlink-metadata-bypassCVE-2026-33158: Craftcms Query Configure Injectioncve-2026-33158-craftcms-query-configure-injectionCVE-2026-33159: Craftcms Query Mass Assignmentcve-2026-33159-craftcms-query-mass-assignmentCVE-2026-33162: Craftcms Query Criteria Sqlicve-2026-33162-craftcms-query-criteria-sqliCVE-2026-33314: Tar Extractall Missing Symlink Validationcve-2026-33314-tar-extractall-missing-symlink-validationCVE-2026-33353: Soft Serve Local Git Clone Ssrfcve-2026-33353-soft-serve-local-git-clone-ssrfCVE-2026-33431: Incomplete Path Traversal Guardcve-2026-33431-incomplete-path-traversal-guardCVE-2026-33469: Orm Auth Bypass With All Keywordcve-2026-33469-orm-auth-bypass-with-all-keywordCVE-2026-33495: Blind Trust Forwarded Protocve-2026-33495-blind-trust-forwarded-protoCVE-2026-33533: Http Server Cors Wildcardcve-2026-33533-http-server-cors-wildcardCVE-2026-33677: Goldmark Double Escapecve-2026-33677-goldmark-double-escapeCVE-2026-33691: Modsecurity Upload Missing Removewhitespacecve-2026-33691-modsecurity-upload-missing-removewhitespaceCVE-2026-33693: Rust Ipv4 Missing Unspecified Checkcve-2026-33693-rust-ipv4-missing-unspecified-checkCVE-2026-33750: Sequence Expansion Zero Step Doscve-2026-33750-sequence-expansion-zero-step-dosCVE-2026-33952: Freerdp Cve 2026 33952 Missing Auth Lengthcve-2026-33952-freerdp-cve-2026-33952-missing-auth-lengthCVE-2026-33981: Jq Compile Injectioncve-2026-33981-jq-compile-injectionCVE-2026-33992: Pyload Ssrf Unvalidated Downloadcve-2026-33992-pyload-ssrf-unvalidated-downloadCVE-2026-33997: Slice Equality Off By Onecve-2026-33997-slice-equality-off-by-oneCVE-2026-34531: Missing Token Truthiness Checkcve-2026-34531-missing-token-truthiness-checkCVE-2026-34586: Missing Soft Delete Inactive Checkcve-2026-34586-missing-soft-delete-inactive-checkCVE-2026-34591: Python Pathlib Traversal Joincve-2026-34591-python-pathlib-traversal-joinCVE-2026-34750: Improper Filename Sanitization Content Dispositioncve-2026-34750-improper-filename-sanitization-content-dispositionCVE-2026-34984: Sprig Template Dns Exfiltrationcve-2026-34984-sprig-template-dns-exfiltrationCVE-2026-34993: Python Pickle Load From Filecve-2026-34993-python-pickle-load-from-fileCVE-2026-35000: Falsy Validation Bypasscve-2026-35000-falsy-validation-bypassCVE-2026-35407: Django Email Enumerationcve-2026-35407-django-email-enumerationCVE-2026-35454: Go Zip Slip Arbitrary File Writecve-2026-35454-go-zip-slip-arbitrary-file-writeCVE-2026-35586: Python Archive Symlink Escapecve-2026-35586-python-archive-symlink-escapeCVE-2026-37462: Go Missing Bounds Check Uint Underflowcve-2026-37462-go-missing-bounds-check-uint-underflowCVE-2026-37982: Keycloak Reusable Action Tokencve-2026-37982-keycloak-reusable-action-tokenCVE-2026-39377: Insecure Path Join Traversalcve-2026-39377-insecure-path-join-traversalCVE-2026-39378: Path Traversal Join Opencve-2026-39378-path-traversal-join-openCVE-2026-39943: Directus Missing Oauth Transport Validationcve-2026-39943-directus-missing-oauth-transport-validationCVE-2026-40293: Premature Loop Return In Channel Aggregationcve-2026-40293-premature-loop-return-in-channel-aggregationCVE-2026-40300: Insecure Dict Denylist Filtercve-2026-40300-insecure-dict-denylist-filterCVE-2026-4035: Pathlib Dynamic Fstring Writecve-2026-4035-pathlib-dynamic-fstring-writeCVE-2026-40449: Implicit Signed Unsigned Comparisoncve-2026-40449-implicit-signed-unsigned-comparisonCVE-2026-40450: Implicit Sign Extension Bypasscve-2026-40450-implicit-sign-extension-bypassCVE-2026-40490: Asynchttpclient Cross Domain Credential Leakcve-2026-40490-asynchttpclient-cross-domain-credential-leakCVE-2026-40491: Archive Extractall Path Traversalcve-2026-40491-archive-extractall-path-traversalCVE-2026-40603: Chartbrew Cve 2026 40603 Dummycve-2026-40603-chartbrew-cve-2026-40603-dummyCVE-2026-41308: Knobs Controller Js Cwe 000 Cve 2026 41308cve-2026-41308-knobs-controller-js-cwe-000-cve-2026-41308CVE-2026-41658: Php Superglobal Mass Assignmentcve-2026-41658-php-superglobal-mass-assignmentCVE-2026-41666: Implicit Signed Unsigned Comparison Overflowcve-2026-41666-implicit-signed-unsigned-comparison-overflowCVE-2026-41667: Improper Integer Bounds Check Missing Castcve-2026-41667-improper-integer-bounds-check-missing-castCVE-2026-41691: Unsanitized Dict Interpolationcve-2026-41691-unsanitized-dict-interpolationCVE-2026-41885: Custom Regex Interpolation Unvalidatedcve-2026-41885-custom-regex-interpolation-unvalidatedCVE-2026-42073: Oauth Csrf State Bypass Via Errorcve-2026-42073-oauth-csrf-state-bypass-via-errorCVE-2026-42074: Raw Result Return Property Injectioncve-2026-42074-raw-result-return-property-injectionCVE-2026-42091: Go Http Missing File Csrf Checkcve-2026-42091-go-http-missing-file-csrf-checkCVE-2026-42175: Incomplete Is Private Ssrf Checkcve-2026-42175-incomplete-is-private-ssrf-checkCVE-2026-42209: Cpp Unchecked Modulo Countcve-2026-42209-cpp-unchecked-modulo-countCVE-2026-42220: Websocket Index Ts Cwe 000 Cve 2026 42220cve-2026-42220-websocket-index-ts-cwe-000-cve-2026-42220CVE-2026-42314: Tarfile Incomplete Symlink Validationcve-2026-42314-tarfile-incomplete-symlink-validationCVE-2026-42504: Go Mime Short Cursor Advance Doscve-2026-42504-go-mime-short-cursor-advance-dosCVE-2026-42576: Unchecked Crypto Key Type Assertioncve-2026-42576-unchecked-crypto-key-type-assertionCVE-2026-42610: Php Iterable Config Command Injectioncve-2026-42610-php-iterable-config-command-injectionCVE-2026-43889: Unbounded Zip Extractioncve-2026-43889-unbounded-zip-extractionCVE-2026-43975: Java Torealpath Broad Catch Traversal Bypasscve-2026-43975-java-torealpath-broad-catch-traversal-bypassCVE-2026-44017: Html Backend Py Cwe 000 Cve 2026 44017cve-2026-44017-html-backend-py-cwe-000-cve-2026-44017CVE-2026-44018: Insecure Urljoin To Pathcve-2026-44018-insecure-urljoin-to-pathCVE-2026-44019: Python Docling Html Single Page Dropcve-2026-44019-python-docling-html-single-page-dropCVE-2026-44020: Html Backend Py Cwe 000 Cve 2026 44020cve-2026-44020-html-backend-py-cwe-000-cve-2026-44020CVE-2026-44054: Predictable Session Token From Pidcve-2026-44054-predictable-session-token-from-pidCVE-2026-44180: Python Env Yaml Injectioncve-2026-44180-python-env-yaml-injectionCVE-2026-44182: Insecure Env Yaml Injectioncve-2026-44182-insecure-env-yaml-injectionCVE-2026-4426: Cve 2026 4426 Unpatched Error Propagationcve-2026-4426-cve-2026-4426-unpatched-error-propagationCVE-2026-44317: Skipped Domain Logic Nil Dereferencecve-2026-44317-skipped-domain-logic-nil-dereferenceCVE-2026-44456: Hono Jwt Missing Jwk Extractioncve-2026-44456-hono-jwt-missing-jwk-extractionCVE-2026-44545: Autobahn Unbounded Websocket Payloadcve-2026-44545-autobahn-unbounded-websocket-payloadCVE-2026-44596: Missing Rate Limiting Auth Endpointcve-2026-44596-missing-rate-limiting-auth-endpointCVE-2026-44645: Unvalidated Fallback Path Traversalcve-2026-44645-unvalidated-fallback-path-traversalCVE-2026-44796: Django Python Re Redoscve-2026-44796-django-python-re-redosCVE-2026-45149: Unbounded Loop Allocation Brace Expansioncve-2026-45149-unbounded-loop-allocation-brace-expansionCVE-2026-45306: Tarfile Incomplete Symlink Validationcve-2026-45306-tarfile-incomplete-symlink-validationCVE-2026-45582: Nested Array Filter Index Shift Logic Bugcve-2026-45582-nested-array-filter-index-shift-logic-bugCVE-2026-46380: Ssrf Unvalidated Uri Fetchcve-2026-46380-ssrf-unvalidated-uri-fetchCVE-2026-46551: Nocodb Arraysort Ast Sqlicve-2026-46551-nocodb-arraysort-ast-sqliCVE-2026-46678: Improper Multimodal Extraction Ssrfcve-2026-46678-improper-multimodal-extraction-ssrfCVE-2026-47124: Nezha Missing Csrf Or Scope Validationcve-2026-47124-nezha-missing-csrf-or-scope-validationCVE-2026-47180: Unbounded Recursion In Parsercve-2026-47180-unbounded-recursion-in-parserCVE-2026-47183: Concurrent Eviction Leak Via Early Returncve-2026-47183-concurrent-eviction-leak-via-early-returnCVE-2026-47214: Docling Htmlbackend Unsafe Ssrf Omissioncve-2026-47214-docling-htmlbackend-unsafe-ssrf-omissionCVE-2026-47265: Missing Cookie Drop On Cross Origin Redirectcve-2026-47265-missing-cookie-drop-on-cross-origin-redirectCVE-2026-47273: Pam Usb Xpath Injectioncve-2026-47273-pam-usb-xpath-injectionCVE-2026-48065: Python Shell Command Injectioncve-2026-48065-python-shell-command-injectionCVE-2026-48597: Elixir Uri Scheme Atom Exhaustioncve-2026-48597-elixir-uri-scheme-atom-exhaustionCVE-2026-48598: Elixir Unescaped Kv Interpolationcve-2026-48598-elixir-unescaped-kv-interpolationCVE-2026-48681: Python Insecure File Url Path Validationcve-2026-48681-python-insecure-file-url-path-validationCVE-2026-48682: Cpp Unvalidated Ihl Pointer Advancecve-2026-48682-cpp-unvalidated-ihl-pointer-advanceCVE-2026-48861: Missing Http Method Validation Crlfcve-2026-48861-missing-http-method-validation-crlfCVE-2026-49753: Elixir Integer Parse Http Smugglingcve-2026-49753-elixir-integer-parse-http-smugglingCVE-2026-49754: Unbounded Tuple Iolist Accumulationcve-2026-49754-unbounded-tuple-iolist-accumulationCVE-2026-5164: Virtio Viostor Shared Discard Statecve-2026-5164-virtio-viostor-shared-discard-stateCVE-2026-6839: Cpp Signed Unsigned Overflow Check Bypasscve-2026-6839-cpp-signed-unsigned-overflow-check-bypassCVE-2026-6863: Go Path Traversal Via Strings Hasprefixcve-2026-6863-go-path-traversal-via-strings-hasprefixCVE-2026-8669: Giflib Missing Bounds Check Skip Branchcve-2026-8669-giflib-missing-bounds-check-skip-branchCVE-2026-8829: Perl Xs Svpv Alias Uafcve-2026-8829-perl-xs-svpv-alias-uafCVE-2026-9149: Integer Overflow Missing Bounds Checkcve-2026-9149-integer-overflow-missing-bounds-checkCVE-2026-9150: Sha Buffer Overflow Strcpycve-2026-9150-sha-buffer-overflow-strcpyCVE-2026-9673: Bypass Csv Injection Protectioncve-2026-9673-bypass-csv-injection-protectionCVE-2016-20022: Linux Usb Missing Maxpacket Validationcve-2016-20022-linux-usb-missing-maxpacket-validationCVE-2018-25270: Php Http Method Override Dynamic Call Without Whitelistcve-2018-25270-php-http-method-override-dynamic-call-without-whitelistCVE-2019-10742: Nodejs Stream Data Handler Reject Without Destroycve-2019-10742-nodejs-stream-data-handler-reject-without-destroyCVE-2020-28483: Go Ip Spoofing Forwarded Header No Proxy Checkcve-2020-28483-go-ip-spoofing-forwarded-header-no-proxy-checkCVE-2020-36567: Go Log Injection Http Path Formatcve-2020-36567-go-log-injection-http-path-formatCVE-2020-36962: Tendenci Unicodewriter Csv Formula Injectioncve-2020-36962-tendenci-unicodewriter-csv-formula-injectionCVE-2020-37002: Ajenti Totp Stage Without Stage1 Bindingcve-2020-37002-ajenti-totp-stage-without-stage1-bindingCVE-2020-37012: Php Latex Shell Escape Rcecve-2020-37012-php-latex-shell-escape-rceCVE-2020-37123: Php Unsanitized Superglobal Into Shell Execcve-2020-37123-php-unsanitized-superglobal-into-shell-execCVE-2020-37237: Php Orderby Whitelist Guarded By Array Key Existscve-2020-37237-php-orderby-whitelist-guarded-by-array-key-existsCVE-2021-27915: Php Recursive Reference Pass By Valuecve-2021-27915-php-recursive-reference-pass-by-valueCVE-2021-3749: Redos Whitespace Replace Star Quantifiercve-2021-3749-redos-whitespace-replace-star-quantifierCVE-2021-4435: Child Process Unvalidated Wrappercve-2021-4435-child-process-unvalidated-wrapperCVE-2021-47781: Printf Family Self Concatenation Overflowcve-2021-47781-printf-family-self-concatenation-overflowCVE-2021-47901: Python Csv Injection Unquoted Field In Reportcve-2021-47901-python-csv-injection-unquoted-field-in-reportCVE-2021-47942: Homeassistant View Handler Unsanitized Path Parametercve-2021-47942-homeassistant-view-handler-unsanitized-path-parameterCVE-2021-47952: Python Jsonpickle Unsafe Decode Eval Rcecve-2021-47952-python-jsonpickle-unsafe-decode-eval-rceCVE-2021-47976: Php Unrestricted Upload User Filename As Destinationcve-2021-47976-php-unrestricted-upload-user-filename-as-destinationCVE-2022-0555: Python Log Sensitive Datacve-2022-0555-python-log-sensitive-dataCVE-2022-39215: Rust Recursive Fs Read Dir Without Symlink Checkcve-2022-39215-rust-recursive-fs-read-dir-without-symlink-checkCVE-2022-48624: Cve 2022 48624 Command Injection Unquoted Varscve-2022-48624-cve-2022-48624-command-injection-unquoted-varsCVE-2022-4967: Strongswan Trust Cert Subject Bypasscve-2022-4967-strongswan-trust-cert-subject-bypassCVE-2023-0163: Incomplete Prototype Pollution Blocklistcve-2023-0163-incomplete-prototype-pollution-blocklistCVE-2023-2800: Python Insecure Tempfile Mktempcve-2023-2800-python-insecure-tempfile-mktempCVE-2023-29401: Go Content Disposition Filename Injectioncve-2023-29401-go-content-disposition-filename-injectionCVE-2023-32191: Rke Full Cluster State In Configmapcve-2023-32191-rke-full-cluster-state-in-configmapCVE-2023-32192: Insecure Url Construction Sprintfcve-2023-32192-insecure-url-construction-sprintfCVE-2023-34460: Rust Glob Flipped Require Literal Leading Dotcve-2023-34460-rust-glob-flipped-require-literal-leading-dotCVE-2023-38048: Codeigniter Order By Sql Injection Via Escapecve-2023-38048-codeigniter-order-by-sql-injection-via-escapeCVE-2023-38049: Codeigniter Order By Escape Sqlicve-2023-38049-codeigniter-order-by-escape-sqliCVE-2023-38053: Codeigniter Order By Escape Sql Injectioncve-2023-38053-codeigniter-order-by-escape-sql-injectionCVE-2023-38054: Easyappointments Order By Escape Sql Injectioncve-2023-38054-easyappointments-order-by-escape-sql-injectionCVE-2023-44451: Glib Archive Path Traversalcve-2023-44451-glib-archive-path-traversalCVE-2023-44452: Glib Dynamic Spawn Argument Injectioncve-2023-44452-glib-dynamic-spawn-argument-injectionCVE-2023-45235: Insecure Command Injection Concatenationcve-2023-45235-insecure-command-injection-concatenationCVE-2023-45857: Xsrf Token Disclosed Via Withcredentialscve-2023-45857-xsrf-token-disclosed-via-withcredentialsCVE-2023-47105: Chaosblade Unauth Command Injectioncve-2023-47105-chaosblade-unauth-command-injectionCVE-2023-47480: Unchecked Privilege Dropcve-2023-47480-unchecked-privilege-dropCVE-2023-50009: Unrolled Loop Edges Oobcve-2023-50009-unrolled-loop-edges-oobCVE-2023-50010: Cve 2023 50010 Gradfun Overreadcve-2023-50010-cve-2023-50010-gradfun-overreadCVE-2023-50229: Unchecked Len Memcmp Memcpycve-2023-50229-unchecked-len-memcmp-memcpyCVE-2023-50230: Bluez Pbap Unvalidated Memcpycve-2023-50230-bluez-pbap-unvalidated-memcpyCVE-2023-52044: Php Mime Blocklist Missing Php8 Php9cve-2023-52044-php-mime-blocklist-missing-php8-php9CVE-2023-52076: Glib Gstring Path Traversal Archivecve-2023-52076-glib-gstring-path-traversal-archiveCVE-2023-52138: Command Cpio C Cwe 000 Cve 2023 52138cve-2023-52138-command-cpio-c-cwe-000-cve-2023-52138CVE-2023-6175: Cpp Qt Minizip Zip Slipcve-2023-6175-cpp-qt-minizip-zip-slipCVE-2023-6597: Python Os Chmod Unsafe Symlinkcve-2023-6597-python-os-chmod-unsafe-symlinkCVE-2024-0793: K8s Hpa Nil Behavior Derefcve-2024-0793-k8s-hpa-nil-behavior-derefCVE-2024-0916: Php Uvdesk Uploadfile Rename Defaults Falsecve-2024-0916-php-uvdesk-uploadfile-rename-defaults-falseCVE-2024-10081: Python Auth Allowlist Path Endswith Bypasscve-2024-10081-python-auth-allowlist-path-endswith-bypassCVE-2024-11236: C Pdo Quoter Zend String Alloc Missing Zstr Max Len Checkcve-2024-11236-c-pdo-quoter-zend-string-alloc-missing-zstr-max-len-checkCVE-2024-11392: Python Torch Load Without Weights Onlycve-2024-11392-python-torch-load-without-weights-onlyCVE-2024-11393: Python Pickle Load Without Trust Remote Code Guardcve-2024-11393-python-pickle-load-without-trust-remote-code-guardCVE-2024-11394: Python Pickle Load Without Trust Remote Code Gatecve-2024-11394-python-pickle-load-without-trust-remote-code-gateCVE-2024-11595: Qt Minizip Path Traversalcve-2024-11595-qt-minizip-path-traversalCVE-2024-11596: Qt Minizip Zip Slipcve-2024-11596-qt-minizip-zip-slipCVE-2024-12029: Picklescan Incomplete Guard Allows Pickle Rcecve-2024-12029-picklescan-incomplete-guard-allows-pickle-rceCVE-2024-12720: Python Redos Nested Quantifiers In Re Callscve-2024-12720-python-redos-nested-quantifiers-in-re-callsCVE-2024-1451: Gitlab Inadequade Vuln Grouping Keycve-2024-1451-gitlab-inadequade-vuln-grouping-keyCVE-2024-1597: Pgjdbc Simple Parameter Bare Numeric Inlinecve-2024-1597-pgjdbc-simple-parameter-bare-numeric-inlineCVE-2024-2044: Pickle Load Path Built With Os Path Joincve-2024-2044-pickle-load-path-built-with-os-path-joinCVE-2024-21489: Custom Deep Merge Prototype Pollutioncve-2024-21489-custom-deep-merge-prototype-pollutionCVE-2024-21527: Regex Url Allow Deny List Bypasscve-2024-21527-regex-url-allow-deny-list-bypassCVE-2024-21529: Implicit String Coercion Prototype Pollutioncve-2024-21529-implicit-string-coercion-prototype-pollutionCVE-2024-21549: Php Spatie Browsershot View Source Bypasscve-2024-21549-php-spatie-browsershot-view-source-bypassCVE-2024-21576: Python Eval With Broken Builtins Sandboxcve-2024-21576-python-eval-with-broken-builtins-sandboxCVE-2024-21650: Xwiki Velocity Request Param Into Wiki Linkcve-2024-21650-xwiki-velocity-request-param-into-wiki-linkCVE-2024-21663: Discord Bot Command Shell Injection Unsanitizedcve-2024-21663-discord-bot-command-shell-injection-unsanitizedCVE-2024-22423: Python Incomplete Windows Cmd Escapingcve-2024-22423-python-incomplete-windows-cmd-escapingCVE-2024-23324: Cpp Protobuf Unsanitized String Valuecve-2024-23324-cpp-protobuf-unsanitized-string-valueCVE-2024-2338: Anon C Cwe 000 Cve 2024 2338cve-2024-2338-anon-c-cwe-000-cve-2024-2338CVE-2024-2339: Pg Extension Missing Recursive Validationcve-2024-2339-pg-extension-missing-recursive-validationCVE-2024-2434: Gitlab Improper Scanner Groupingcve-2024-2434-gitlab-improper-scanner-groupingCVE-2024-24558: React Unescaped Json In Dangerouslysetinnerhtmlcve-2024-24558-react-unescaped-json-in-dangerouslysetinnerhtmlCVE-2024-24830: Openobserve User Creation Missing Initiator Authzcve-2024-24830-openobserve-user-creation-missing-initiator-authzCVE-2024-25625: Symfony Implicit Host Out Of Band Urlcve-2024-25625-symfony-implicit-host-out-of-band-urlCVE-2024-26151: Bs4 Formatter None Xsscve-2024-26151-bs4-formatter-none-xssCVE-2024-26256: Integer Underflow Loop Boundcve-2024-26256-integer-underflow-loop-boundCVE-2024-27102: Go Safepath Toctou Symlink Escapecve-2024-27102-go-safepath-toctou-symlink-escapeCVE-2024-27105: Unvalidated Dict To Query Objectcve-2024-27105-unvalidated-dict-to-query-objectCVE-2024-27289: Float Negative Zero Bypass String Manipulationcve-2024-27289-float-negative-zero-bypass-string-manipulationCVE-2024-27529: Wasm3 Missing Memoryimport Cleanupcve-2024-27529-wasm3-missing-memoryimport-cleanupCVE-2024-27758: Core Netref Py Cwe 000 Cve 2024 27758cve-2024-27758-core-netref-py-cwe-000-cve-2024-27758CVE-2024-28109: Insecure Transformerfactory Configurationcve-2024-28109-insecure-transformerfactory-configurationCVE-2024-28114: Python Jinja2 Unsafe Environmentcve-2024-28114-python-jinja2-unsafe-environmentCVE-2024-28195: Missing Samesite On Express Cookiecve-2024-28195-missing-samesite-on-express-cookieCVE-2024-28236: Vela Secret Substitution Bypasscve-2024-28236-vela-secret-substitution-bypassCVE-2024-28860: Slice Parameter Concurrent Mutation Appendcve-2024-28860-slice-parameter-concurrent-mutation-appendCVE-2024-29184: Overly Strict Realpath Traversal Checkcve-2024-29184-overly-strict-realpath-traversal-checkCVE-2024-29194: Overly Permissive Global Read Accesscve-2024-29194-overly-permissive-global-read-accessCVE-2024-2955: Qt Minizip Zip Slipcve-2024-2955-qt-minizip-zip-slipCVE-2024-29651: Custom Merge Prototype Pollutioncve-2024-29651-custom-merge-prototype-pollutionCVE-2024-29895: Php Server Argv To Shell Exec Without Castcve-2024-29895-php-server-argv-to-shell-exec-without-castCVE-2024-30247: Php Exec User Input Concatenationcve-2024-30247-php-exec-user-input-concatenationCVE-2024-30248: Fastapi Starlette Staticfiles Missing Cspcve-2024-30248-fastapi-starlette-staticfiles-missing-cspCVE-2024-3025: Nodejs Path Join Unnormalized Filename Traversalcve-2024-3025-nodejs-path-join-unnormalized-filename-traversalCVE-2024-30264: Next Router Query Xss Redirectcve-2024-30264-next-router-query-xss-redirectCVE-2024-3029: Payload Extraction Before State Checkcve-2024-3029-payload-extraction-before-state-checkCVE-2024-31206: Insecure Http Requestcve-2024-31206-insecure-http-requestCVE-2024-31452: Ignored Error In Reduction Loopcve-2024-31452-ignored-error-in-reduction-loopCVE-2024-31837: Unsafe Buffer Copy Strcpycve-2024-31837-unsafe-buffer-copy-strcpyCVE-2024-31982: Xwiki Feed Output In Verbatim Blockcve-2024-31982-xwiki-feed-output-in-verbatim-blockCVE-2024-32030: Insecure Commons Collections Gadgetscve-2024-32030-insecure-commons-collections-gadgetsCVE-2024-32487: Less Shell Escape Newline Bypasscve-2024-32487-less-shell-escape-newline-bypassCVE-2024-32641: Masacms Insecure Default Dynamic Content Flagcve-2024-32641-masacms-insecure-default-dynamic-content-flagCVE-2024-32651: Python Jinja2 Unsandboxed Environment Rendercve-2024-32651-python-jinja2-unsandboxed-environment-renderCVE-2024-32656: Insecure Jmx Authenticationcve-2024-32656-insecure-jmx-authenticationCVE-2024-32866: Unchecked Prototype Pollution Loopcve-2024-32866-unchecked-prototype-pollution-loopCVE-2024-32888: Jdbc Parameter Inline Bare Numeric ToStringcve-2024-32888-jdbc-parameter-inline-bare-numeric-tostringCVE-2024-32982: Path Traversal Unnormalized Commonpathcve-2024-32982-path-traversal-unnormalized-commonpathCVE-2024-34360: Spacemesh Missing Prev Atx Malfeasancecve-2024-34360-spacemesh-missing-prev-atx-malfeasanceCVE-2024-34528: Insecure File Creation Toctoucve-2024-34528-insecure-file-creation-toctouCVE-2024-34697: Laravel Sanitize Rendered Viewcve-2024-34697-laravel-sanitize-rendered-viewCVE-2024-35231: Unbounded User Input Times Loopcve-2024-35231-unbounded-user-input-times-loopCVE-2024-35368: Ffmpeg Hw Frames Ctx Double Free On Goto Failcve-2024-35368-ffmpeg-hw-frames-ctx-double-free-on-goto-failCVE-2024-36109: Xss Sanitizer Script Whitelistcve-2024-36109-xss-sanitizer-script-whitelistCVE-2024-36120: Ast Dynamic Evaluationcve-2024-36120-ast-dynamic-evaluationCVE-2024-36129: Bypassed Negative Configuration Limitcve-2024-36129-bypassed-negative-configuration-limitCVE-2024-36399: Kanboard Idor Authorized Project Overridecve-2024-36399-kanboard-idor-authorized-project-overrideCVE-2024-38369: Xwiki Include Macro Author Rights Comparisoncve-2024-38369-xwiki-include-macro-author-rights-comparisonCVE-2024-38513: Gofiber Session Fixation Cve 2024 38513cve-2024-38513-gofiber-session-fixation-cve-2024-38513CVE-2024-38519: Unsanitized File Extension Interpolationcve-2024-38519-unsanitized-file-extension-interpolationCVE-2024-38999: Js Foreach Prop No Proto Blocklistcve-2024-38999-js-foreach-prop-no-proto-blocklistCVE-2024-39008: Javascript Prototype Pollution Recursive Deep Mergecve-2024-39008-javascript-prototype-pollution-recursive-deep-mergeCVE-2024-39690: K8s Webhook Unmanaged Object Bypasscve-2024-39690-k8s-webhook-unmanaged-object-bypassCVE-2024-39903: Path Startswith Directory Traversalcve-2024-39903-path-startswith-directory-traversalCVE-2024-39906: Ruby Uri Open Cmd Injectioncve-2024-39906-ruby-uri-open-cmd-injectionCVE-2024-39934: Robocorp Rcc Shared Holotree Enabledcve-2024-39934-robocorp-rcc-shared-holotree-enabledCVE-2024-39943: Nodejs Child Process Exec Template Literal Injectioncve-2024-39943-nodejs-child-process-exec-template-literal-injectionCVE-2024-4023: Php Insecure Addslashes On Superglobalcve-2024-4023-php-insecure-addslashes-on-superglobalCVE-2024-40427: Px4 Unbounded Struct Writecve-2024-40427-px4-unbounded-struct-writeCVE-2024-40493: Freecoap Memcpy Coap Msg Get Payload Null Derefcve-2024-40493-freecoap-memcpy-coap-msg-get-payload-null-derefCVE-2024-40642: Netty Bhttp Unvalidated Request Headcve-2024-40642-netty-bhttp-unvalidated-request-headCVE-2024-41110: Go Http Content Length Gate Without Chunked Checkcve-2024-41110-go-http-content-length-gate-without-chunked-checkCVE-2024-41127: Github Script Injectioncve-2024-41127-github-script-injectionCVE-2024-41311: Off By One Image Bounds Checkcve-2024-41311-off-by-one-image-bounds-checkCVE-2024-41637: Php Tainted Putenvcve-2024-41637-php-tainted-putenvCVE-2024-41662: Markdown It Missing Html Block Sanitizationcve-2024-41662-markdown-it-missing-html-block-sanitizationCVE-2024-41671: Python Unescaped Html Formatcve-2024-41671-python-unescaped-html-formatCVE-2024-41802: Xibo Dataset Filter Sqlicve-2024-41802-xibo-dataset-filter-sqliCVE-2024-41956: Soft Serve Unfiltered Ssh Envcve-2024-41956-soft-serve-unfiltered-ssh-envCVE-2024-42381: Ruby Unsafe Ldd Executioncve-2024-42381-ruby-unsafe-ldd-executionCVE-2024-42480: Etcd Insecure Open Range Endcve-2024-42480-etcd-insecure-open-range-endCVE-2024-42489: Xwiki Velocity Unescaped Param In Rendering Syntaxcve-2024-42489-xwiki-velocity-unescaped-param-in-rendering-syntaxCVE-2024-42835: Fastapi Unauth Code Exec Endpointcve-2024-42835-fastapi-unauth-code-exec-endpointCVE-2024-43395: Path Segment Sanitization Bypasscve-2024-43395-path-segment-sanitization-bypassCVE-2024-43700: Unbounded Pointer Increment Sprintfcve-2024-43700-unbounded-pointer-increment-sprintfCVE-2024-43782: Insufficient Msgfmt Translation Validationcve-2024-43782-insufficient-msgfmt-translation-validationCVE-2024-43805: Sanitize Html Dom Clobberingcve-2024-43805-sanitize-html-dom-clobberingCVE-2024-44373: Php Unauthenticated File Write Post Pathcve-2024-44373-php-unauthenticated-file-write-post-pathCVE-2024-45398: Tl Templates Php Cwe 502 Cve 2024 45398cve-2024-45398-tl-templates-php-cwe-502-cve-2024-45398CVE-2024-45409: Ruby Saml Xpath Signature Wrappingcve-2024-45409-ruby-saml-xpath-signature-wrappingCVE-2024-45411: Twig Missing Sandbox Check Before Rendercve-2024-45411-twig-missing-sandbox-check-before-renderCVE-2024-45592: Twig Unescaped Trans Rawcve-2024-45592-twig-unescaped-trans-rawCVE-2024-45594: Decidim Collaborative Texts Incorrect Permission Subjectcve-2024-45594-decidim-collaborative-texts-incorrect-permission-subjectCVE-2024-45971: Libiec61850 Unsafe Create String From Buffer In Buffercve-2024-45971-libiec61850-unsafe-create-string-from-buffer-in-bufferCVE-2024-46613: Int Counter Iterating Null Terminated Pointer Arraycve-2024-46613-int-counter-iterating-null-terminated-pointer-arrayCVE-2024-46952: Integer Truncation Max Width Allocationcve-2024-46952-integer-truncation-max-width-allocationCVE-2024-46986: Ruby Kernel Eval On Non Literalcve-2024-46986-ruby-kernel-eval-on-non-literalCVE-2024-47053: Php Recursive Sanitization By Value Bypasscve-2024-47053-php-recursive-sanitization-by-value-bypassCVE-2024-47076: Cups Missing Ippvalidateattributescve-2024-47076-cups-missing-ippvalidateattributesCVE-2024-47092: Python Eval On Untrusted Deserializationcve-2024-47092-python-eval-on-untrusted-deserializationCVE-2024-47604: Razor Unquoted Attribute Xsscve-2024-47604-razor-unquoted-attribute-xssCVE-2024-47782: Mediawiki Tablepager Unescaped Formatvaluecve-2024-47782-mediawiki-tablepager-unescaped-formatvalueCVE-2024-47880: User Controlled Content Type Headercve-2024-47880-user-controlled-content-type-headerCVE-2024-47881: Jdbc Uri Ssp Parameter Injectioncve-2024-47881-jdbc-uri-ssp-parameter-injectionCVE-2024-48061: Langflow Validate Code Endpoint Without Authcve-2024-48061-langflow-validate-code-endpoint-without-authCVE-2024-48138: Pluxml Template Editor Arbitrary File Write Rcecve-2024-48138-pluxml-template-editor-arbitrary-file-write-rceCVE-2024-48253: Codeigniter Xss Clean Misused As Sql Sanitizercve-2024-48253-codeigniter-xss-clean-misused-as-sql-sanitizerCVE-2024-48255: Codeigniter Xss Clean As Sql Sanitizer Injectioncve-2024-48255-codeigniter-xss-clean-as-sql-sanitizer-injectionCVE-2024-48257: Php Sql Limit Clause Concat Injectioncve-2024-48257-php-sql-limit-clause-concat-injectionCVE-2024-48336: Android Unsafe Create Package Contextcve-2024-48336-android-unsafe-create-package-contextCVE-2024-48911: Python Subprocess Relative Executablecve-2024-48911-python-subprocess-relative-executableCVE-2024-51051: Php Hardcoded Default Admin Credentialscve-2024-51051-php-hardcoded-default-admin-credentialsCVE-2024-51378: Cyberpanel Preauth Cmdinjection Via Request Bodycve-2024-51378-cyberpanel-preauth-cmdinjection-via-request-bodyCVE-2024-5138: Blind Args Help Checkcve-2024-5138-blind-args-help-checkCVE-2024-51745: Incomplete Windows Reserved Device Denylist Superscriptscve-2024-51745-incomplete-windows-reserved-device-denylist-superscriptsCVE-2024-52009: Go Credential Embedded In Url Format Stringcve-2024-52009-go-credential-embedded-in-url-format-stringCVE-2024-52291: Craftcms Sensitive Configuration Exposurecve-2024-52291-craftcms-sensitive-configuration-exposureCVE-2024-52292: Craftcms Cpasset Info Disclosurecve-2024-52292-craftcms-cpasset-info-disclosureCVE-2024-52338: R Unsafe Unserialize Of Untrusted Bytescve-2024-52338-r-unsafe-unserialize-of-untrusted-bytesCVE-2024-52583: Website Escape Html Cwe 000 Cve 2024 52583cve-2024-52583-website-escape-html-cwe-000-cve-2024-52583CVE-2024-52806: Php Xml Dtdload Xxecve-2024-52806-php-xml-dtdload-xxeCVE-2024-52807: Java Xxe Documentbuilderfactorycve-2024-52807-java-xxe-documentbuilderfactoryCVE-2024-53256: Rizin Metadata Command Injectioncve-2024-53256-rizin-metadata-command-injectionCVE-2024-53442: Python Os System Command Injectioncve-2024-53442-python-os-system-command-injectionCVE-2024-53850: Glpi Plugin Missing Checkloginusercve-2024-53850-glpi-plugin-missing-checkloginuserCVE-2024-53865: Incomplete Hardcoded Dict Redactioncve-2024-53865-incomplete-hardcoded-dict-redactionCVE-2024-53866: Deferred Json Stringify Of Mutable Object Paramcve-2024-53866-deferred-json-stringify-of-mutable-object-paramCVE-2024-53979: Ansible Module Params Cleartext Logcve-2024-53979-ansible-module-params-cleartext-logCVE-2024-5407: Php Incomplete Pipe Path Traversal Sanitizercve-2024-5407-php-incomplete-pipe-path-traversal-sanitizerCVE-2024-54135: Php Unserialize User Inputcve-2024-54135-php-unserialize-user-inputCVE-2024-54148: Gogs Tree Entry Result Discarded Symlink Bypasscve-2024-54148-gogs-tree-entry-result-discarded-symlink-bypassCVE-2024-55193: Cpp Additive Bounds Check Integer Overflow Icccve-2024-55193-cpp-additive-bounds-check-integer-overflow-iccCVE-2024-55194: Oiio Oiiotool Unchecked Readcve-2024-55194-oiio-oiiotool-unchecked-readCVE-2024-5549: Python Flask Cors Misconfigurationcve-2024-5549-python-flask-cors-misconfigurationCVE-2024-56143: Strapi Missing Lookup Validationcve-2024-56143-strapi-missing-lookup-validationCVE-2024-56200: Koa Unauthenticated Proxy Middlewarecve-2024-56200-koa-unauthenticated-proxy-middlewareCVE-2024-56406: Pmtrans Utf8 Max Expansion Missingcve-2024-56406-pmtrans-utf8-max-expansion-missingCVE-2024-56509: Python Insecure File Uri Validationcve-2024-56509-python-insecure-file-uri-validationCVE-2024-56521: Php Curl Ssl Verification Disabledcve-2024-56521-php-curl-ssl-verification-disabledCVE-2024-56799: Missing Auth Once Guard On Per Route Before Filtercve-2024-56799-missing-auth-once-guard-on-per-route-before-filterCVE-2024-56801: Glpi Php Sql Injection Superglobal Into Db Querycve-2024-56801-glpi-php-sql-injection-superglobal-into-db-queryCVE-2024-5685: Validation Before Authorization Enumerationcve-2024-5685-validation-before-authorization-enumerationCVE-2024-57155: Spring Handler Interceptor Auth Bypass Returns True On Null Usercve-2024-57155-spring-handler-interceptor-auth-bypass-returns-true-on-null-userCVE-2024-57190: Express Trusted User Header Forwarded Without Stripping Incomingcve-2024-57190-express-trusted-user-header-forwarded-without-stripping-incomingCVE-2024-58134: Mojolicious Insecure Secret Generationcve-2024-58134-mojolicious-insecure-secret-generationCVE-2024-5982: Python Shutil Copyfile Path Traversal Without Realpath Checkcve-2024-5982-python-shutil-copyfile-path-traversal-without-realpath-checkCVE-2024-6303: Conduit Unauthorized Room Alias Mutationcve-2024-6303-conduit-unauthorized-room-alias-mutationCVE-2024-7143: Improper User Context From Permissionscve-2024-7143-improper-user-context-from-permissionsCVE-2024-8114: Gitlab Vulnerability Resolution Missing Report Typecve-2024-8114-gitlab-vulnerability-resolution-missing-report-typeCVE-2024-8183: Fastapi Cors Wildcard Originscve-2024-8183-fastapi-cors-wildcard-originsCVE-2024-8250: Qt Minizip Path Traversal Zip Slipcve-2024-8250-qt-minizip-path-traversal-zip-slipCVE-2024-8374: Eval In Parsing String Matchcve-2024-8374-eval-in-parsing-string-matchCVE-2024-8375: Tensorflow Unvalidated Proto Conversioncve-2024-8375-tensorflow-unvalidated-proto-conversionCVE-2024-8970: Gitlab Improper Scanner Groupingcve-2024-8970-gitlab-improper-scanner-groupingCVE-2024-9014: Pgadmin Oauth2 Config Leak In Templatecve-2024-9014-pgadmin-oauth2-config-leak-in-templateCVE-2024-9287: Cve 2024 9287 Venv Path Injectioncve-2024-9287-cve-2024-9287-venv-path-injectionCVE-2024-9486: Packer Proxmox Builder User Not Lockedcve-2024-9486-packer-proxmox-builder-user-not-lockedCVE-2024-9693: Gitlab Vulnerability Resolution Missing Report Typecve-2024-9693-gitlab-vulnerability-resolution-missing-report-typeCVE-2024-9780: Cpp Qt Minizip Zipslipcve-2024-9780-cpp-qt-minizip-zipslipCVE-2025-0555: Gitlab Incomplete Vulnerability Resolution Keycve-2025-0555-gitlab-incomplete-vulnerability-resolution-keyCVE-2025-0634: Rlottie Gradient Populate Unchecked Colorpoints Oobcve-2025-0634-rlottie-gradient-populate-unchecked-colorpoints-oobCVE-2025-0838: Abseil Raw Hash Set Alloc Size Integer Overflowcve-2025-0838-abseil-raw-hash-set-alloc-size-integer-overflowCVE-2025-10155: Picklescan Fail Open Magic Errorcve-2025-10155-picklescan-fail-open-magic-errorCVE-2025-10157: Picklescan Module Blocklist Bypasscve-2025-10157-picklescan-module-blocklist-bypassCVE-2025-1022: Php Url Denylist Bypasscve-2025-1022-php-url-denylist-bypassCVE-2025-1026: Url Validation Bypass Via Malformed Schemecve-2025-1026-url-validation-bypass-via-malformed-schemeCVE-2025-1066: Python Flask Upload Saved To Static Without Validationcve-2025-1066-python-flask-upload-saved-to-static-without-validationCVE-2025-10725: Kubernetes Clusterrolebinding System Authenticatedcve-2025-10725-kubernetes-clusterrolebinding-system-authenticatedCVE-2025-11157: Pyyaml Unsafe Deserializationcve-2025-11157-pyyaml-unsafe-deserializationCVE-2025-11202: Nodejs Child Process Exec Template Literal Injectioncve-2025-11202-nodejs-child-process-exec-template-literal-injectionCVE-2025-11624: Wolfssh Sftp Handle Size Missing Exact Checkcve-2025-11624-wolfssh-sftp-handle-size-missing-exact-checkCVE-2025-1194: Redos Nested Quantifiers In Re Compilecve-2025-1194-redos-nested-quantifiers-in-re-compileCVE-2025-12352: Php Copy Url To Path Replace Without Local Checkcve-2025-12352-php-copy-url-to-path-replace-without-local-checkCVE-2025-12489: Auth Js Cwe 000 Cve 2025 12489cve-2025-12489-auth-js-cwe-000-cve-2025-12489CVE-2025-12613: Cloudinary Api Sign Request Argument Injectioncve-2025-12613-cloudinary-api-sign-request-argument-injectionCVE-2025-12735: Expr Eval Cve 2025 12735 Unchecked Function Dispatchcve-2025-12735-expr-eval-cve-2025-12735-unchecked-function-dispatchCVE-2025-13609: Sqlalchemy Unhandled Query In Critical Taskcve-2025-13609-sqlalchemy-unhandled-query-in-critical-taskCVE-2025-13708: Pytorch Insecure Loadcve-2025-13708-pytorch-insecure-loadCVE-2025-13709: Pytorch Load Unsafe Deserializationcve-2025-13709-pytorch-load-unsafe-deserializationCVE-2025-13714: Insecure Torch Loadcve-2025-13714-insecure-torch-loadCVE-2025-13715: Model Resnet Py Cwe 502 Cve 2025 13715cve-2025-13715-model-resnet-py-cwe-502-cve-2025-13715CVE-2025-13716: Torch Safe Globals Broad Whitelistcve-2025-13716-torch-safe-globals-broad-whitelistCVE-2025-14551: Common Apidef Py Cwe 000 Cve 2025 14551cve-2025-14551-common-apidef-py-cwe-000-cve-2025-14551CVE-2025-14700: Python Jinja2 Unsandboxed Environment From String Ssticve-2025-14700-python-jinja2-unsandboxed-environment-from-string-sstiCVE-2025-14894: Livewire Updated Files Missing Validationcve-2025-14894-livewire-updated-files-missing-validationCVE-2025-1492: Qt Minizip Zip Slipcve-2025-1492-qt-minizip-zip-slipCVE-2025-1497: Python Exec Eval On Dynamic Inputcve-2025-1497-python-exec-eval-on-dynamic-inputCVE-2025-15061: Nodejs Exec Template Literal Command Injectioncve-2025-15061-nodejs-exec-template-literal-command-injectionCVE-2025-15382: Memmove Shift Overread Dest Lengthcve-2025-15382-memmove-shift-overread-dest-lengthCVE-2025-1550: Python Importlib Deserialization No Allowlistcve-2025-1550-python-importlib-deserialization-no-allowlistCVE-2025-15558: Insecure Programdata Search Pathcve-2025-15558-insecure-programdata-search-pathCVE-2025-15604: Perl Insecure Random Rand Into Hashcve-2025-15604-perl-insecure-random-rand-into-hashCVE-2025-1744: Zlib Inflate Getheader Extra Field Oob Writecve-2025-1744-zlib-inflate-getheader-extra-field-oob-writeCVE-2025-1908: Gitlab Missing Sbom Feature Flag Checkcve-2025-1908-gitlab-missing-sbom-feature-flag-checkCVE-2025-21624: Php Unrestricted File Upload User Extensioncve-2025-21624-php-unrestricted-file-upload-user-extensionCVE-2025-22144: Php Reset Code Empty String Sentinelcve-2025-22144-php-reset-code-empty-string-sentinelCVE-2025-22153: Python Sandbox Allows Exceptiongroupcve-2025-22153-python-sandbox-allows-exceptiongroupCVE-2025-23209: Craftcms Unvalidated Db Restorecve-2025-23209-craftcms-unvalidated-db-restoreCVE-2025-23211: Jinja2 Unsandboxed Template Render Ssticve-2025-23211-jinja2-unsandboxed-template-render-sstiCVE-2025-23212: Unvalidated Listdir To Dbcve-2025-23212-unvalidated-listdir-to-dbCVE-2025-23218: Php Pdo Query Sql Injection From Superglobalcve-2025-23218-php-pdo-query-sql-injection-from-superglobalCVE-2025-23219: Php Pdo Query Sqli From User Inputcve-2025-23219-php-pdo-query-sqli-from-user-inputCVE-2025-23220: Php Pdo Query Sql Injection From Superglobalcve-2025-23220-php-pdo-query-sql-injection-from-superglobalCVE-2025-24786: Go Sqlite Open Path Traversal Filepath Joincve-2025-24786-go-sqlite-open-path-traversal-filepath-joinCVE-2025-24802: Plonky2 Zero Padding Lookup Tablecve-2025-24802-plonky2-zero-padding-lookup-tableCVE-2025-24896: Client Side Logout Missing Cookie Clearingcve-2025-24896-client-side-logout-missing-cookie-clearingCVE-2025-24900: Client Cookie Missing Samesitecve-2025-24900-client-cookie-missing-samesiteCVE-2025-24903: Src Cipher Rs Cwe 000 Cve 2025 24903cve-2025-24903-src-cipher-rs-cwe-000-cve-2025-24903CVE-2025-25066: Unbounded Scanf Format Stringcve-2025-25066-unbounded-scanf-format-stringCVE-2025-25205: Express Url Regex Query Bypasscve-2025-25205-express-url-regex-query-bypassCVE-2025-25206: Mfa Enforcement Restricted To Local Authcve-2025-25206-mfa-enforcement-restricted-to-local-authCVE-2025-25291: Ruby Saml Rexml Xpath On Raw Document With Signed Element Idcve-2025-25291-ruby-saml-rexml-xpath-on-raw-document-with-signed-element-idCVE-2025-25292: Ruby Saml Rexml Xpath Signed Element Id Lookupcve-2025-25292-ruby-saml-rexml-xpath-signed-element-id-lookupCVE-2025-25940: Java Xmldecoder Insecure Deserializationcve-2025-25940-java-xmldecoder-insecure-deserializationCVE-2025-25977: Js Prototype Pollution Bracket Fallback Then Writecve-2025-25977-js-prototype-pollution-bracket-fallback-then-writeCVE-2025-26074: Nashorn Engine Without No Java Flagcve-2025-26074-nashorn-engine-without-no-java-flagCVE-2025-26606: Php Pdo Query Interpolated String Sqlicve-2025-26606-php-pdo-query-interpolated-string-sqliCVE-2025-26607: Php Pdo Query Sql Injection From Superglobalcve-2025-26607-php-pdo-query-sql-injection-from-superglobalCVE-2025-26608: Php Extract On Request Superglobalcve-2025-26608-php-extract-on-request-superglobalCVE-2025-26611: Php Extract Request Superglobalcve-2025-26611-php-extract-request-superglobalCVE-2025-26617: Php Pdo Mysqli Query Superglobal Sqlicve-2025-26617-php-pdo-mysqli-query-superglobal-sqliCVE-2025-26819: Cpp Unbounded Queue Memory Accumulationcve-2025-26819-cpp-unbounded-queue-memory-accumulationCVE-2025-27088: Context Request Template Exposurecve-2025-27088-context-request-template-exposureCVE-2025-27135: Python Sqli Execute Regex Split Statementcve-2025-27135-python-sqli-execute-regex-split-statementCVE-2025-27152: Ssrf Url Builder Absolute Url Bypass Cve 2025 27152cve-2025-27152-ssrf-url-builder-absolute-url-bypass-cve-2025-27152CVE-2025-27154: Python Token Cache File Write Without Restrictive Chmodcve-2025-27154-python-token-cache-file-write-without-restrictive-chmodCVE-2025-27515: Laravel Validator Static Asterisk Placeholder Cve 2025 27515cve-2025-27515-laravel-validator-static-asterisk-placeholder-cve-2025-27515CVE-2025-27614: Tcl Unescaped Pipeline Heredoccve-2025-27614-tcl-unescaped-pipeline-heredocCVE-2025-27773: Saml Improper Reencoding Signature Bypasscve-2025-27773-saml-improper-reencoding-signature-bypassCVE-2025-27778: Python Torch Load Unsafe Deserializationcve-2025-27778-python-torch-load-unsafe-deserializationCVE-2025-27779: Python Torch Load Without Weights Onlycve-2025-27779-python-torch-load-without-weights-onlyCVE-2025-27780: Python Torch Load Without Weights Onlycve-2025-27780-python-torch-load-without-weights-onlyCVE-2025-27781: Python Torch Load Without Weights Onlycve-2025-27781-python-torch-load-without-weights-onlyCVE-2025-28056: Java Sql Injection In Clause Unescaped Split Joincve-2025-28056-java-sql-injection-in-clause-unescaped-split-joinCVE-2025-2945: Python Eval On Non Literal Rcecve-2025-2945-python-eval-on-non-literal-rceCVE-2025-29906: Cve 2025 29906 Login Option Injectioncve-2025-29906-cve-2025-29906-login-option-injectionCVE-2025-30206: Go Request Slice Field To Os Opencve-2025-30206-go-request-slice-field-to-os-openCVE-2025-30220: Geonetwork Cve 2025 30220 Xxe Placeholdercve-2025-30220-geonetwork-cve-2025-30220-xxe-placeholderCVE-2025-30361: Php Weak Password Verification Sha256 Equalitycve-2025-30361-php-weak-password-verification-sha256-equalityCVE-2025-30364: Php Pdo Query String Interpolation Sqlicve-2025-30364-php-pdo-query-string-interpolation-sqliCVE-2025-30403: Cpp Dcheck Bounds Bypasscve-2025-30403-cpp-dcheck-bounds-bypassCVE-2025-31133: Insecure Dev Null Bind Mountcve-2025-31133-insecure-dev-null-bind-mountCVE-2025-31479: Typer Shows Locals In Exceptionscve-2025-31479-typer-shows-locals-in-exceptionsCVE-2025-31487: Insecure Jdom2 Saxbuildercve-2025-31487-insecure-jdom2-saxbuilderCVE-2025-32429: Xwiki Velocity Stale Orderby Validationcve-2025-32429-xwiki-velocity-stale-orderby-validationCVE-2025-32444: Zmq Recv Pyobj Unsafe Pickle Deserializationcve-2025-32444-zmq-recv-pyobj-unsafe-pickle-deserializationCVE-2025-32445: Go Mergo Merge Container With Overridecve-2025-32445-go-mergo-merge-container-with-overrideCVE-2025-32461: Tiki Wiki Get Page Info Missing Edit Checkcve-2025-32461-tiki-wiki-get-page-info-missing-edit-checkCVE-2025-3248: Langflow Validate Code Endpoint Missing Authcve-2025-3248-langflow-validate-code-endpoint-missing-authCVE-2025-32956: Mediawiki Htmlform Options Xsscve-2025-32956-mediawiki-htmlform-options-xssCVE-2025-32966: Dataease Jdbc Url Missing Security Policycve-2025-32966-dataease-jdbc-url-missing-security-policyCVE-2025-32969: Xwiki Hql Unsafe Shortform Bypasscve-2025-32969-xwiki-hql-unsafe-shortform-bypassCVE-2025-34468: C Unbounded Memcpy Into Fixed Char Buffer From Struct Lengthcve-2025-34468-c-unbounded-memcpy-into-fixed-char-buffer-from-struct-lengthCVE-2025-3777: Python Discarded None Fallback Expression Statementcve-2025-3777-python-discarded-none-fallback-expression-statementCVE-2025-3933: Python Redos Lazy Wildcard Angle Bracket Regexcve-2025-3933-python-redos-lazy-wildcard-angle-bracket-regexCVE-2025-40926: Perl Insecure Session Id From Rand Hashcve-2025-40926-perl-insecure-session-id-from-rand-hashCVE-2025-43842: Python Subprocess Shell True With Interpolated Commandcve-2025-43842-python-subprocess-shell-true-with-interpolated-commandCVE-2025-43863: Change Password Bruteforce No Rate Limitcve-2025-43863-change-password-bruteforce-no-rate-limitCVE-2025-44005: Cve 2025 44005 Gettokenid Silent Error Bypasscve-2025-44005-cve-2025-44005-gettokenid-silent-error-bypassCVE-2025-4447: Reverse Pointer Subtraction Sizecve-2025-4447-reverse-pointer-subtraction-sizeCVE-2025-44560: Owntone Mpd Tag Newline Injectioncve-2025-44560-owntone-mpd-tag-newline-injectionCVE-2025-45611: Vulnerable Apache Shiro Version Auth Bypasscve-2025-45611-vulnerable-apache-shiro-version-auth-bypassCVE-2025-46331: Openfga Cache Check Response Without Cycle Checkcve-2025-46331-openfga-cache-check-response-without-cycle-checkCVE-2025-46337: Php Pgsql Identifier Injection Via Pg Querycve-2025-46337-php-pgsql-identifier-injection-via-pg-queryCVE-2025-46347: Yeswiki Add Css Preset Missing Extension Allowlistcve-2025-46347-yeswiki-add-css-preset-missing-extension-allowlistCVE-2025-46348: Yeswiki Route Acl Public Mixed With Restrictioncve-2025-46348-yeswiki-route-acl-public-mixed-with-restrictionCVE-2025-46566: Java Case Sensitive Url Decode Blacklist Bypasscve-2025-46566-java-case-sensitive-url-decode-blacklist-bypassCVE-2025-46597: Serialization Size Overflow 32bitcve-2025-46597-serialization-size-overflow-32bitCVE-2025-46724: Python Eval Untrusted Dataframe Expressioncve-2025-46724-python-eval-untrusted-dataframe-expressionCVE-2025-46725: Python Eval Empty Globals False Sandboxcve-2025-46725-python-eval-empty-globals-false-sandboxCVE-2025-47269: Express Ssrf Unvalidated Portcve-2025-47269-express-ssrf-unvalidated-portCVE-2025-4759: Missing Trailing Slash In Url Startswithcve-2025-4759-missing-trailing-slash-in-url-startswithCVE-2025-47784: Php Unserialize After Str Replace Prefix Stripcve-2025-47784-php-unserialize-after-str-replace-prefix-stripCVE-2025-47787: Php Incomplete Php Extension Blocklistcve-2025-47787-php-incomplete-php-extension-blocklistCVE-2025-47869: Nuttx Xmlrpc Getstring Undersized Destination Buffercve-2025-47869-nuttx-xmlrpc-getstring-undersized-destination-bufferCVE-2025-48071: Openexr Missing Uncompressed Size Bounds Checkcve-2025-48071-openexr-missing-uncompressed-size-bounds-checkCVE-2025-48383: Django Widget Shared Token Initcve-2025-48383-django-widget-shared-token-initCVE-2025-48477: Overly Restrictive Realpath Traversal Validationcve-2025-48477-overly-restrictive-realpath-traversal-validationCVE-2025-48481: Php Freescout Invite Hash Lookup Without Expirationcve-2025-48481-php-freescout-invite-hash-lookup-without-expirationCVE-2025-49002: Dataease H2 Jdbc Url Blocklist Contains Bypasscve-2025-49002-dataease-h2-jdbc-url-blocklist-contains-bypassCVE-2025-49132: Laravel Translation Loader Path Traversal Unvalidated Inputcve-2025-49132-laravel-translation-loader-path-traversal-unvalidated-inputCVE-2025-49141: Haxcms Command Injection Git Set Remotecve-2025-49141-haxcms-command-injection-git-set-remoteCVE-2025-49809: Untrusted Env Exec Path Skippedcve-2025-49809-untrusted-env-exec-path-skippedCVE-2025-50738: Go Httpbody Unsanitized Content Type Xsscve-2025-50738-go-httpbody-unsanitized-content-type-xssCVE-2025-5120: Python Sandbox Unvalidated Callable Returncve-2025-5120-python-sandbox-unvalidated-callable-returnCVE-2025-5121: Gitlab Missing Report Type Contextcve-2025-5121-gitlab-missing-report-type-contextCVE-2025-52464: Unseeded Curve25519 Keygencve-2025-52464-unseeded-curve25519-keygenCVE-2025-52474: Php Extract Request Superglobalcve-2025-52474-php-extract-request-superglobalCVE-2025-52560: Picodb Unvalidated Table Identifiercve-2025-52560-picodb-unvalidated-table-identifierCVE-2025-52562: Cve 2025 52562 Laravel Translation Loader Path Traversalcve-2025-52562-cve-2025-52562-laravel-translation-loader-path-traversalCVE-2025-52890: Nftables Arp Spoofing Bypassed Filterscve-2025-52890-nftables-arp-spoofing-bypassed-filtersCVE-2025-52998: Php Phar Prefix Check Case Sensitivecve-2025-52998-php-phar-prefix-check-case-sensitiveCVE-2025-53002: Insecure Torch Loadcve-2025-53002-insecure-torch-loadCVE-2025-53004: Java Jdbc Url Denylist Case Sensitive Bypasscve-2025-53004-java-jdbc-url-denylist-case-sensitive-bypassCVE-2025-53005: Jdbc Url Denylist Contains Bypasscve-2025-53005-jdbc-url-denylist-contains-bypassCVE-2025-53006: Jdbc Url Substring Blocklist Validationcve-2025-53006-jdbc-url-substring-blocklist-validationCVE-2025-53093: Mediawiki Unsafe Safeencodetagattributes Templatecve-2025-53093-mediawiki-unsafe-safeencodetagattributes-templateCVE-2025-53368: Improper Mustache Unescaped Xsscve-2025-53368-improper-mustache-unescaped-xssCVE-2025-53369: Mediawiki Unsanitized Addsubtitlecve-2025-53369-mediawiki-unsanitized-addsubtitleCVE-2025-53370: Mediawiki Unescaped Shortdesc Propertycve-2025-53370-mediawiki-unescaped-shortdesc-propertyCVE-2025-53527: Php Sql Where Clause Concat Injectioncve-2025-53527-php-sql-where-clause-concat-injectionCVE-2025-53528: Fastapi Openapi Xss From Requestcve-2025-53528-fastapi-openapi-xss-from-requestCVE-2025-53547: Insecure Plugin Version Validationcve-2025-53547-insecure-plugin-version-validationCVE-2025-53624: Docusaurus Plugin Secret In Route Modulescve-2025-53624-docusaurus-plugin-secret-in-route-modulesCVE-2025-53633: Go Archive Zip Unbounded Io Copycve-2025-53633-go-archive-zip-unbounded-io-copyCVE-2025-53644: Opencv Openjpeg Jp2 Unchecked J2k Read Header Statuscve-2025-53644-opencv-openjpeg-jp2-unchecked-j2k-read-header-statusCVE-2025-53967: Insecure Path Startswith Matchcve-2025-53967-insecure-path-startswith-matchCVE-2025-54063: Insecure Path Sanitization Forward Slashcve-2025-54063-insecure-path-sanitization-forward-slashCVE-2025-54068: Livewire Hydrate For Update Recursive Tuple Hydratecve-2025-54068-livewire-hydrate-for-update-recursive-tuple-hydrateCVE-2025-54379: Go Sql Identifier Injection Sprintf Preparecve-2025-54379-go-sql-identifier-injection-sprintf-prepareCVE-2025-54418: Php Shell Cmd Quoted Interpolation Without Escapeshellargcve-2025-54418-php-shell-cmd-quoted-interpolation-without-escapeshellargCVE-2025-54469: Getenv To Popen Command Injectioncve-2025-54469-getenv-to-popen-command-injectionCVE-2025-54592: Php Logout Missing Session Invalidationcve-2025-54592-php-logout-missing-session-invalidationCVE-2025-54802: Python Path Blocklist Replace Traversalcve-2025-54802-python-path-blocklist-replace-traversalCVE-2025-54874: Openjpeg Opj J2k Read Header Unchecked Return Image Derefcve-2025-54874-openjpeg-opj-j2k-read-header-unchecked-return-image-derefCVE-2025-54875: Freshrss Unprotected New User Is Admin Paramcve-2025-54875-freshrss-unprotected-new-user-is-admin-paramCVE-2025-54886: Insecure Joblib Fallbackcve-2025-54886-insecure-joblib-fallbackCVE-2025-54949: Executorch Memcpy Indexed Offset Without Capacity Checkcve-2025-54949-executorch-memcpy-indexed-offset-without-capacity-checkCVE-2025-54952: Executorch Unchecked Size Mul Sizeof In Allocatecve-2025-54952-executorch-unchecked-size-mul-sizeof-in-allocateCVE-2025-55089: Filex Fx Media Format Unchecked Returncve-2025-55089-filex-fx-media-format-unchecked-returnCVE-2025-55167: Php Pdo Query Sql Injection From Superglobalcve-2025-55167-php-pdo-query-sql-injection-from-superglobalCVE-2025-55727: Xwiki Velocity Macro Param Xwiki Syntax Injectioncve-2025-55727-xwiki-velocity-macro-param-xwiki-syntax-injectionCVE-2025-55729: Xwiki Velocity Macro Param Unescaped Wiki Syntax Injectioncve-2025-55729-xwiki-velocity-macro-param-unescaped-wiki-syntax-injectionCVE-2025-5601: Qt Minizip Zip Slipcve-2025-5601-qt-minizip-zip-slipCVE-2025-5689: Unconditional Temporary Id Overwritecve-2025-5689-unconditional-temporary-id-overwriteCVE-2025-57266: Thrivex Assistant Handler No Token Requiredcve-2025-57266-thrivex-assistant-handler-no-token-requiredCVE-2025-57772: Dataease Jdbc Url Scheme Not Validatedcve-2025-57772-dataease-jdbc-url-scheme-not-validatedCVE-2025-57808: Strncmp Offset Length Auth Bypasscve-2025-57808-strncmp-offset-length-auth-bypassCVE-2025-58045: Dataease Jdbc Illegalparameters Blocklist Missing Jndi Ldapcve-2025-58045-dataease-jdbc-illegalparameters-blocklist-missing-jndi-ldapCVE-2025-58178: Gha Run Command Injectioncve-2025-58178-gha-run-command-injectionCVE-2025-58748: Dataease Jdbc Url Scheme Not Validatedcve-2025-58748-dataease-jdbc-url-scheme-not-validatedCVE-2025-58761: Path Traversal Via Unvalidated Extensioncve-2025-58761-path-traversal-via-unvalidated-extensionCVE-2025-59046: Nodejs Child Process Exec Template Literal Injectioncve-2025-59046-nodejs-child-process-exec-template-literal-injectionCVE-2025-59304: Multer Original Name Path Traversalcve-2025-59304-multer-original-name-path-traversalCVE-2025-59360: Chaos Mesh Ctrlserver Exposedcve-2025-59360-chaos-mesh-ctrlserver-exposedCVE-2025-59430: Unvalidated Base64 Urlcve-2025-59430-unvalidated-base64-urlCVE-2025-59528: Function Constructor Eval Code Injectioncve-2025-59528-function-constructor-eval-code-injectionCVE-2025-59823: Gardener Aws Insufficient Template Input Validationcve-2025-59823-gardener-aws-insufficient-template-input-validationCVE-2025-59839: Mediawiki Dataset Json Parsecve-2025-59839-mediawiki-dataset-json-parseCVE-2025-59945: Drf Missing Readonly Is Project Admincve-2025-59945-drf-missing-readonly-is-project-adminCVE-2025-59954: Jxpath Context Without Empty Function Librarycve-2025-59954-jxpath-context-without-empty-function-libraryCVE-2025-60455: Unsafe Pickle Default Argumentcve-2025-60455-unsafe-pickle-default-argumentCVE-2025-6051: Redos Digit Regex Non Possessive Quantifiercve-2025-6051-redos-digit-regex-non-possessive-quantifierCVE-2025-61140: Jsonpath Prototype Pollution Cve 2025 61140cve-2025-61140-jsonpath-prototype-pollution-cve-2025-61140CVE-2025-61597: Phpmailer Hardcoded Smtpsecure Sslcve-2025-61597-phpmailer-hardcoded-smtpsecure-sslCVE-2025-61605: Php Unsanitized Request Param In Location Redirect Sqlicve-2025-61605-php-unsanitized-request-param-in-location-redirect-sqliCVE-2025-61673: Python Fastapi Auth Header Fail Opencve-2025-61673-python-fastapi-auth-header-fail-openCVE-2025-61679: Mcp Tool Unauthenticatedcve-2025-61679-mcp-tool-unauthenticatedCVE-2025-61784: Llamafactory Ssrf Lfi Chat Apicve-2025-61784-llamafactory-ssrf-lfi-chat-apiCVE-2025-62156: Zip Slip Path Traversal Gocve-2025-62156-zip-slip-path-traversal-goCVE-2025-62161: Toctou Open Close Bind Mount Same Pathcve-2025-62161-toctou-open-close-bind-mount-same-pathCVE-2025-62235: Nimble Auth Bypass Spoofingcve-2025-62235-nimble-auth-bypass-spoofingCVE-2025-62291: Strongswan Eap Mschapv2 Len Underflowcve-2025-62291-strongswan-eap-mschapv2-len-underflowCVE-2025-62373: Python Pickle Loads On Untrusted Deserialize Inputcve-2025-62373-python-pickle-loads-on-untrusted-deserialize-inputCVE-2025-62382: Frigate Event Thumbnail Missing Extensioncve-2025-62382-frigate-event-thumbnail-missing-extensionCVE-2025-62425: Matrix Auth Missing Rate Limitcve-2025-62425-matrix-auth-missing-rate-limitCVE-2025-62506: Minio Iam Session Policy Bypasscve-2025-62506-minio-iam-session-policy-bypassCVE-2025-62518: Tar Pax Size Smugglingcve-2025-62518-tar-pax-size-smugglingCVE-2025-62596: Rust Procfs Myself Toctou Mount Racecve-2025-62596-rust-procfs-myself-toctou-mount-raceCVE-2025-62600: Untrusted Size Allocation Oomcve-2025-62600-untrusted-size-allocation-oomCVE-2025-62718: Proxy From Env No Proxy Hostname Bypass Ssrfcve-2025-62718-proxy-from-env-no-proxy-hostname-bypass-ssrfCVE-2025-63414: Php User Input Shell Exec Without Escapeshellargcve-2025-63414-php-user-input-shell-exec-without-escapeshellargCVE-2025-64097: Elixir Insecure Token Generation Base62cve-2025-64097-elixir-insecure-token-generation-base62CVE-2025-64112: Statamic Vue Ssti Missing V Precve-2025-64112-statamic-vue-ssti-missing-v-preCVE-2025-64164: Lombok Data Field Name Shadows Gettercve-2025-64164-lombok-data-field-name-shadows-getterCVE-2025-64343: Nsis Admin Only Permission Hardeningcve-2025-64343-nsis-admin-only-permission-hardeningCVE-2025-64501: Ruby Unescaped Html Attributecve-2025-64501-ruby-unescaped-html-attributeCVE-2025-64512: Path Traversal To Pickle Deserializationcve-2025-64512-path-traversal-to-pickle-deserializationCVE-2025-6454: Overbroad Vulnerability Resolutioncve-2025-6454-overbroad-vulnerability-resolutionCVE-2025-64725: Weblate Invitation Post Missing Recipient Validationcve-2025-64725-weblate-invitation-post-missing-recipient-validationCVE-2025-64759: Next Response Unsanitized Dynamic Content Typecve-2025-64759-next-response-unsanitized-dynamic-content-typeCVE-2025-65027: Python Httpx Client Unprotected Ssrfcve-2025-65027-python-httpx-client-unprotected-ssrfCVE-2025-65091: Xwiki Velocity Hql Injectioncve-2025-65091-xwiki-velocity-hql-injectionCVE-2025-65108: Gray Matter Javascript Engine Not Disabledcve-2025-65108-gray-matter-javascript-engine-not-disabledCVE-2025-65719: Python Subprocess Shell True Fstring Injectioncve-2025-65719-python-subprocess-shell-true-fstring-injectionCVE-2025-65882: C Insecure Mktemp Toctoucve-2025-65882-c-insecure-mktemp-toctouCVE-2025-65896: Python Sql Encoder Dict Unescaped Keyscve-2025-65896-python-sql-encoder-dict-unescaped-keysCVE-2025-65958: Web Main Py Cwe 918 Cve 2025 65958cve-2025-65958-web-main-py-cwe-918-cve-2025-65958CVE-2025-65966: Sensitive Model Public Mutationcve-2025-65966-sensitive-model-public-mutationCVE-2025-66216: Ais Catcher Cve 2025 66216 Bit Byte Bounds Confusioncve-2025-66216-ais-catcher-cve-2025-66216-bit-byte-bounds-confusionCVE-2025-6638: Redos Greedy Dot Quantifier Flanked By Literalscve-2025-6638-redos-greedy-dot-quantifier-flanked-by-literalsCVE-2025-66384: Php Is Uploaded File Precedence Bypasscve-2025-66384-php-is-uploaded-file-precedence-bypassCVE-2025-66416: Mcp Missing Dns Rebinding Protectioncve-2025-66416-mcp-missing-dns-rebinding-protectionCVE-2025-66492: Cfc Alttable Sqli Genericcve-2025-66492-cfc-alttable-sqli-genericCVE-2025-66565: Go Crypto Rand Silent Failure Fallbackcve-2025-66565-go-crypto-rand-silent-failure-fallbackCVE-2025-66570: Cpp Untrusted Ip Forwarding Headercve-2025-66570-cpp-untrusted-ip-forwarding-headerCVE-2025-66647: Gnrc Ipv6 Ext Frag Reass First Fragment Overflowcve-2025-66647-gnrc-ipv6-ext-frag-reass-first-fragment-overflowCVE-2025-66913: Jimureport Switchjimudrag Boolean Session Attributecve-2025-66913-jimureport-switchjimudrag-boolean-session-attributeCVE-2025-67084: Php Upload Missing Extension Allowlistcve-2025-67084-php-upload-missing-extension-allowlistCVE-2025-67747: Python Incomplete Module Blocklistcve-2025-67747-python-incomplete-module-blocklistCVE-2025-68432: Mcp Server Missing Oauth Providercve-2025-68432-mcp-server-missing-oauth-providerCVE-2025-68473: Bluedroid Sdp Uuid Oob Writecve-2025-68473-bluedroid-sdp-uuid-oob-writeCVE-2025-68474: Bluedroid Avrc Vendor Length Checkcve-2025-68474-bluedroid-avrc-vendor-length-checkCVE-2025-68696: Ruby Uri Absolute Bypass Ssrfcve-2025-68696-ruby-uri-absolute-bypass-ssrfCVE-2025-68926: Rust Tonic Grpc Hardcoded Authorization Tokencve-2025-68926-rust-tonic-grpc-hardcoded-authorization-tokenCVE-2025-68932: Php Weak Prng Token Hashcve-2025-68932-php-weak-prng-token-hashCVE-2025-69201: Pydantic Unvalidated Command List Fieldcve-2025-69201-pydantic-unvalidated-command-list-fieldCVE-2025-6921: Cve 2025 6921 Redos Possessive Quantifier Regex Compilecve-2025-6921-cve-2025-6921-redos-possessive-quantifier-regex-compileCVE-2025-69217: Insecure Prng For Keys Or Noncescve-2025-69217-insecure-prng-for-keys-or-noncesCVE-2025-69286: Insecure Urlsafetimedserializer Token Generationcve-2025-69286-insecure-urlsafetimedserializer-token-generationCVE-2025-69662: Sqlalchemy Text Dynamic String Sqlicve-2025-69662-sqlalchemy-text-dynamic-string-sqliCVE-2025-69971: Hardcoded Jwt Secretcve-2025-69971-hardcoded-jwt-secretCVE-2025-69981: Express File Upload Missing Auth Middlewarecve-2025-69981-express-file-upload-missing-auth-middlewareCVE-2025-69983: Nodejs Naive Path Traversal Sanitizationcve-2025-69983-nodejs-naive-path-traversal-sanitizationCVE-2025-70041: Webpack Dev Server Bound All Interfacescve-2025-70041-webpack-dev-server-bound-all-interfacesCVE-2025-70888: Missing X509 Key Usage Digital Signature Checkcve-2025-70888-missing-x509-key-usage-digital-signature-checkCVE-2025-70952: Path Traversal String Startswith Bypasscve-2025-70952-path-traversal-string-startswith-bypassCVE-2025-71063: Caldav Client Ssl Verify Cert Disabledcve-2025-71063-caldav-client-ssl-verify-cert-disabledCVE-2025-7659: Improper Vulnerability Grouping By Scannercve-2025-7659-improper-vulnerability-grouping-by-scannerCVE-2025-8267: Incomplete Private Ip Cidr Blocklistcve-2025-8267-incomplete-private-ip-cidr-blocklistCVE-2025-8406: Tar Unsafe Member Extractioncve-2025-8406-tar-unsafe-member-extractionCVE-2025-8747: Python Unsafe Dynamic Module Attribute Returncve-2025-8747-python-unsafe-dynamic-module-attribute-returnCVE-2025-9556: Gonja Default Env Ssti Arbitrary File Readcve-2025-9556-gonja-default-env-ssti-arbitrary-file-readCVE-2025-9636: Python Dict Missing Coop Headercve-2025-9636-python-dict-missing-coop-headerCVE-2026-0752: Insufficient Scanner Grouping Keycve-2026-0752-insufficient-scanner-grouping-keyCVE-2026-0859: Php Unserialize Allowedclasses Bypasscve-2026-0859-php-unserialize-allowedclasses-bypassCVE-2026-10042: Insecure Fastapi Pickle Deserializationcve-2026-10042-insecure-fastapi-pickle-deserializationCVE-2026-10044: Python Incomplete Path Traversal Bypasscve-2026-10044-python-incomplete-path-traversal-bypassCVE-2026-10107: Ssrf Missing Private Ip Blockcve-2026-10107-ssrf-missing-private-ip-blockCVE-2026-10108: Path Traversal Startswith Missing Separatorcve-2026-10108-path-traversal-startswith-missing-separatorCVE-2026-1470: Ast Sandbox Missing With Statement Visitorcve-2026-1470-ast-sandbox-missing-with-statement-visitorCVE-2026-1774: Prototype Pollution Via Path Reducecve-2026-1774-prototype-pollution-via-path-reduceCVE-2026-1839: Python Torch Load Without Weights Onlycve-2026-1839-python-torch-load-without-weights-onlyCVE-2026-21446: Php Laravel Ajax Bypass Security Guardcve-2026-21446-php-laravel-ajax-bypass-security-guardCVE-2026-21622: Password Reset Token Without Expirationcve-2026-21622-password-reset-token-without-expirationCVE-2026-21675: Iccdev Hint Manager Add Then Delete Uafcve-2026-21675-iccdev-hint-manager-add-then-delete-uafCVE-2026-21697: Go Shared Httpclient Racecve-2026-21697-go-shared-httpclient-raceCVE-2026-21854: Js Auth Bracket Lookup Loose Equalitycve-2026-21854-js-auth-bracket-lookup-loose-equalityCVE-2026-22031: Findmyway Safedecodeuri Middleware Bypasscve-2026-22031-findmyway-safedecodeuri-middleware-bypassCVE-2026-22037: Raw Url Assignment Without Decodingcve-2026-22037-raw-url-assignment-without-decodingCVE-2026-22038: Logger Credential Leak Get Secret Valuecve-2026-22038-logger-credential-leak-get-secret-valueCVE-2026-22039: Kyverno Apicall Missing Policy Namespacecve-2026-22039-kyverno-apicall-missing-policy-namespaceCVE-2026-22686: Host Realm Error Sandbox Prototype Chain Escapecve-2026-22686-host-realm-error-sandbox-prototype-chain-escapeCVE-2026-22688: Go Mcp Stdio Unvalidated Command Injectioncve-2026-22688-go-mcp-stdio-unvalidated-command-injectionCVE-2026-22778: Vllm Fastapi Exception Handler Leaks Memory Addresscve-2026-22778-vllm-fastapi-exception-handler-leaks-memory-addressCVE-2026-22850: Unvalidated Bulk Sql Import Executioncve-2026-22850-unvalidated-bulk-sql-import-executionCVE-2026-22852: Freerdp Audin Formats Realloc Without Resetcve-2026-22852-freerdp-audin-formats-realloc-without-resetCVE-2026-23517: Insufficient Role Check In Middlewarecve-2026-23517-insufficient-role-check-in-middlewareCVE-2026-23519: Rust Constant Time Bitnz Missing Black Box Barriercve-2026-23519-rust-constant-time-bitnz-missing-black-box-barrierCVE-2026-23524: Php Unserialize Without Allowed Classescve-2026-23524-php-unserialize-without-allowed-classesCVE-2026-23530: Freerdp Received Capabilities Desync Resizecve-2026-23530-freerdp-received-capabilities-desync-resizeCVE-2026-23535: Path Traversal From Untrusted Slugcve-2026-23535-path-traversal-from-untrusted-slugCVE-2026-2361: Postgresql Seclabels Security Definercve-2026-2361-postgresql-seclabels-security-definerCVE-2026-23631: Do Not Free Yielding Engine Synccve-2026-23631-do-not-free-yielding-engine-syncCVE-2026-23744: Hono Node Server Bound To All Interfacescve-2026-23744-hono-node-server-bound-to-all-interfacesCVE-2026-23830: Sandbox Incomplete Constructor Interception Missing Asyncfunctioncve-2026-23830-sandbox-incomplete-constructor-interception-missing-asyncfunctionCVE-2026-23846: Python Sensitive Query Paramcve-2026-23846-python-sensitive-query-paramCVE-2026-23869: React Unbounded Dev Error Tracecve-2026-23869-react-unbounded-dev-error-traceCVE-2026-23870: React Native Sparse Array Doscve-2026-23870-react-native-sparse-array-dosCVE-2026-23881: Missing Context Size Limit Amplificationcve-2026-23881-missing-context-size-limit-amplificationCVE-2026-23944: Arcane Env Proxy Middleware Without Auth Validatorcve-2026-23944-arcane-env-proxy-middleware-without-auth-validatorCVE-2026-23949: Tarfile Unsafe Custom Filtercve-2026-23949-tarfile-unsafe-custom-filterCVE-2026-24010: Django Path Traversal Insecure Joincve-2026-24010-django-path-traversal-insecure-joinCVE-2026-24162: Model Base Py Cwe 502 Cve 2026 24162cve-2026-24162-model-base-py-cwe-502-cve-2026-24162CVE-2026-24467: Yarnrc Missing Enable Scripts Falsecve-2026-24467-yarnrc-missing-enable-scripts-falseCVE-2026-24470: Unconditional K8s External Namecve-2026-24470-unconditional-k8s-external-nameCVE-2026-24486: Unsanitized Uploaded Filename Splitcve-2026-24486-unsanitized-uploaded-filename-splitCVE-2026-2469: Php Imap Unescaped Id Injectioncve-2026-2469-php-imap-unescaped-id-injectionCVE-2026-24737: Jspdf Unescaped Pdf Injectioncve-2026-24737-jspdf-unescaped-pdf-injectionCVE-2026-24740: Dozzle Findcontainer Labels Authz Bypasscve-2026-24740-dozzle-findcontainer-labels-authz-bypassCVE-2026-24741: Unvalidated File Deletioncve-2026-24741-unvalidated-file-deletionCVE-2026-24749: CVE 2026 24749 Silverstripe Assets Grant True Defaultcve-2026-24749-cve-2026-24749-silverstripe-assets-grant-true-defaultCVE-2026-24781: Vm2 Proxy Handler Missing Construction Tokencve-2026-24781-vm2-proxy-handler-missing-construction-tokenCVE-2026-24811: Rntuple Deserializer Warns On Unsupported Feature Flagcve-2026-24811-rntuple-deserializer-warns-on-unsupported-feature-flagCVE-2026-24832: Openssl Bn Bn2dec Post Write Bounds Checkcve-2026-24832-openssl-bn-bn2dec-post-write-bounds-checkCVE-2026-24884: Tar Extraction Path Traversalcve-2026-24884-tar-extraction-path-traversalCVE-2026-24895: Go Tolower Index Applied To Original Stringcve-2026-24895-go-tolower-index-applied-to-original-stringCVE-2026-24898: Unauthenticated Api Login Response Disclosurecve-2026-24898-unauthenticated-api-login-response-disclosureCVE-2026-24901: Unsafe Zip Decompression Readcve-2026-24901-unsafe-zip-decompression-readCVE-2026-25060: Custom Insecure Skip Verifycve-2026-25060-custom-insecure-skip-verifyCVE-2026-25115: Python Ast Visitor Denylist Missing Match Class Handlercve-2026-25115-python-ast-visitor-denylist-missing-match-class-handlerCVE-2026-25221: Oauth Missing State Parameter Validationcve-2026-25221-oauth-missing-state-parameter-validationCVE-2026-25506: Munge Cve Unbounded Copycve-2026-25506-munge-cve-unbounded-copyCVE-2026-25520: Sandboxjs Unwrapped Native Call Return Valuecve-2026-25520-sandboxjs-unwrapped-native-call-return-valueCVE-2026-25586: Unsafe Hasownproperty Shadowingcve-2026-25586-unsafe-hasownproperty-shadowingCVE-2026-25587: Prototype Guard Unsafe Hasownproperty Instance Methodcve-2026-25587-prototype-guard-unsafe-hasownproperty-instance-methodCVE-2026-25632: Unsafe Dynamic Importlib Class Resolutioncve-2026-25632-unsafe-dynamic-importlib-class-resolutionCVE-2026-25636: Path Traversal Uri Getcwdcve-2026-25636-path-traversal-uri-getcwdCVE-2026-25639: Javascript Recursive Merge Prototype Pollutioncve-2026-25639-javascript-recursive-merge-prototype-pollutionCVE-2026-25641: Property Key Type Confusion Toctoucve-2026-25641-property-key-type-confusion-toctouCVE-2026-25660: Codechecker Permission Helper Missing Is Auth Enabledcve-2026-25660-codechecker-permission-helper-missing-is-auth-enabledCVE-2026-25731: Insecure Templite Enginecve-2026-25731-insecure-templite-engineCVE-2026-25755: Pdf Js Injectioncve-2026-25755-pdf-js-injectionCVE-2026-2577: Websocketserver Missing Localhost Bindingcve-2026-2577-websocketserver-missing-localhost-bindingCVE-2026-25793: Nebula Ecdsa Fingerprint Malleability Bypasscve-2026-25793-nebula-ecdsa-fingerprint-malleability-bypassCVE-2026-25803: Bcrypt Hash With Hardcoded Password Literalcve-2026-25803-bcrypt-hash-with-hardcoded-password-literalCVE-2026-25873: Python Pickle Loads On Http Request Bodycve-2026-25873-python-pickle-loads-on-http-request-bodyCVE-2026-25890: Gorilla Mux Skipclean Path Bypasscve-2026-25890-gorilla-mux-skipclean-path-bypassCVE-2026-25893: Jwt Sign Identity From Request Headercve-2026-25893-jwt-sign-identity-from-request-headerCVE-2026-25924: Controller Plugincontroller Php Cwe 000 Cve 2026 25924cve-2026-25924-controller-plugincontroller-php-cwe-000-cve-2026-25924CVE-2026-25938: Express Auth Bypass Via Referer Headercve-2026-25938-express-auth-bypass-via-referer-headerCVE-2026-25940: Jspdf Acroform Pdf Injectioncve-2026-25940-jspdf-acroform-pdf-injectionCVE-2026-25955: Freerdp Rdpgfx Missing Unmap Window For Surface Callbackcve-2026-25955-freerdp-rdpgfx-missing-unmap-window-for-surface-callbackCVE-2026-25996: Inspektor Gadget Textcolumns Unescaped Terminal Stringcve-2026-25996-inspektor-gadget-textcolumns-unescaped-terminal-stringCVE-2026-25997: Freerdp Xf Cliprdr Free Last Sent Formats Without X11 Lockcve-2026-25997-freerdp-xf-cliprdr-free-last-sent-formats-without-x11-lockCVE-2026-26011: Nav2 Pose With Covariance Stamped Missing Covariance Validationcve-2026-26011-nav2-pose-with-covariance-stamped-missing-covariance-validationCVE-2026-26021: Prototype Pollution Via Includes Guardcve-2026-26021-prototype-pollution-via-includes-guardCVE-2026-26187: Path Traversal Prefix Bypasscve-2026-26187-path-traversal-prefix-bypassCVE-2026-26190: Milvus Rest Api Group Missing Authenticate Middlewarecve-2026-26190-milvus-rest-api-group-missing-authenticate-middlewareCVE-2026-26210: Python Pickle Loads On Zmq Recvcve-2026-26210-python-pickle-loads-on-zmq-recvCVE-2026-26280: Stale Variable In Retrycve-2026-26280-stale-variable-in-retryCVE-2026-2646: Untrusted Buffer Loop Boundcve-2026-2646-untrusted-buffer-loop-boundCVE-2026-2673: Openssl Conf Parse List Flatteningcve-2026-2673-openssl-conf-parse-list-flatteningCVE-2026-26830: Nodejs Child Process Exec Util Format Command Injectioncve-2026-26830-nodejs-child-process-exec-util-format-command-injectionCVE-2026-26831: Textract Cve 2026 26831 Shell Injection Incomplete Path Escapecve-2026-26831-textract-cve-2026-26831-shell-injection-incomplete-path-escapeCVE-2026-26833: Nodejs Child Process Exec String Concatcve-2026-26833-nodejs-child-process-exec-string-concatCVE-2026-26861: Insecure Postmessage Origin Validationcve-2026-26861-insecure-postmessage-origin-validationCVE-2026-26862: Insecure Postmessage Includes Origin Checkcve-2026-26862-insecure-postmessage-includes-origin-checkCVE-2026-26954: Sandboxjs Call Result Missing Sanitize Arraycve-2026-26954-sandboxjs-call-result-missing-sanitize-arrayCVE-2026-26974: Fast Glob Unanchored Recursive Glob Rcecve-2026-26974-fast-glob-unanchored-recursive-glob-rceCVE-2026-27018: Gotenberg Filter Go Cwe 000 Cve 2026 27018cve-2026-27018-gotenberg-filter-go-cwe-000-cve-2026-27018CVE-2026-27112: Kargo Createdprojects Tracked Without Err Nil Checkcve-2026-27112-kargo-createdprojects-tracked-without-err-nil-checkCVE-2026-27192: Insecure Origin Validation Startswithcve-2026-27192-insecure-origin-validation-startswithCVE-2026-27203: Insecure Env File Updatecve-2026-27203-insecure-env-file-updateCVE-2026-27459: Pyopenssl Dtls Cookie Callback Buffer Overflowcve-2026-27459-pyopenssl-dtls-cookie-callback-buffer-overflowCVE-2026-27489: Cpp Symlink Validation Missing Canonicalizationcve-2026-27489-cpp-symlink-validation-missing-canonicalizationCVE-2026-27591: Winter Form Context User Controlled Overridecve-2026-27591-winter-form-context-user-controlled-overrideCVE-2026-27613: Pascal Cgi Shell Escape Double Quote In Caret Setcve-2026-27613-pascal-cgi-shell-escape-double-quote-in-caret-setCVE-2026-27626: Olivetin Webhook Execution Request Unfiltered Argumentscve-2026-27626-olivetin-webhook-execution-request-unfiltered-argumentsCVE-2026-27627: Unsanitized Metascraper Htmlcve-2026-27627-unsanitized-metascraper-htmlCVE-2026-27700: X Forwarded For Spoofingcve-2026-27700-x-forwarded-for-spoofingCVE-2026-27820: Cve 2026 27820 Conditional Buffer Expansion Before Memmove Prependcve-2026-27820-cve-2026-27820-conditional-buffer-expansion-before-memmove-prependCVE-2026-27830: Custom Deserialization Wrapper Cwe502cve-2026-27830-custom-deserialization-wrapper-cwe502CVE-2026-27833: Piwigo History Search Missing Authcve-2026-27833-piwigo-history-search-missing-authCVE-2026-27886: Nodemailer Pick Strips Security Propertiescve-2026-27886-nodemailer-pick-strips-security-propertiesCVE-2026-27890: Cpp Unvalidated Path Prefix Traversalcve-2026-27890-cpp-unvalidated-path-prefix-traversalCVE-2026-27905: Tarfile Custom Extract Symlink Traversalcve-2026-27905-tarfile-custom-extract-symlink-traversalCVE-2026-27941: Github Actions Pull Request Target With Untrusted Checkoutcve-2026-27941-github-actions-pull-request-target-with-untrusted-checkoutCVE-2026-27960: Opencti Authenticate User By Token Or Userid Cve 2026 27960cve-2026-27960-opencti-authenticate-user-by-token-or-userid-cve-2026-27960CVE-2026-27965: Vitess Cve 2026 27965 Manifest External Decompressor Command Injectioncve-2026-27965-vitess-cve-2026-27965-manifest-external-decompressor-command-injectionCVE-2026-27971: Js Require Dynamic Module And Symbol From Inputcve-2026-27971-js-require-dynamic-module-and-symbol-from-inputCVE-2026-27975: Ajenti Http X Url Prefix Unvalidatedcve-2026-27975-ajenti-http-x-url-prefix-unvalidatedCVE-2026-28229: Argo Workflow Template Get Missing Authzcve-2026-28229-argo-workflow-template-get-missing-authzCVE-2026-28291: Git Upload Pack Blocklist Bypasscve-2026-28291-git-upload-pack-blocklist-bypassCVE-2026-28409: Php Shell Exec Unsanitized User Inputcve-2026-28409-php-shell-exec-unsanitized-user-inputCVE-2026-28416: Gradio Unvalidated Proxy Allowlist Additioncve-2026-28416-gradio-unvalidated-proxy-allowlist-additionCVE-2026-28445: Solidjs Unsanitized Innerhtmlcve-2026-28445-solidjs-unsanitized-innerhtmlCVE-2026-28498: Fail Open Crypto Comparisoncve-2026-28498-fail-open-crypto-comparisonCVE-2026-28518: Console App Py Cwe 000 Cve 2026 28518cve-2026-28518-console-app-py-cwe-000-cve-2026-28518CVE-2026-28678: Jwt Cleartext Cookie Storagecve-2026-28678-jwt-cleartext-cookie-storageCVE-2026-28681: Starlette Missing Trustedhostmiddlewarecve-2026-28681-starlette-missing-trustedhostmiddlewareCVE-2026-28795: Python Unvalidated File Format Path Traversalcve-2026-28795-python-unvalidated-file-format-path-traversalCVE-2026-28802: Jws None Algorithm Verify Missing Empty Sig Checkcve-2026-28802-jws-none-algorithm-verify-missing-empty-sig-checkCVE-2026-28808: Erlang Inets Mod Alias Which Alias Missing Script Aliascve-2026-28808-erlang-inets-mod-alias-which-alias-missing-script-aliasCVE-2026-29004: Busybox Ipv6 Buffer Overflowcve-2026-29004-busybox-ipv6-buffer-overflowCVE-2026-29058: Php Command Injection Untrusted Input Shell Execcve-2026-29058-php-command-injection-untrusted-input-shell-execCVE-2026-29063: Immutable Js Iterate Unguarded Key Assignment Prototype Pollutioncve-2026-29063-immutable-js-iterate-unguarded-key-assignment-prototype-pollutionCVE-2026-29080: Sqlalchemy Text Hardcoded Bindparam Val Collisioncve-2026-29080-sqlalchemy-text-hardcoded-bindparam-val-collisionCVE-2026-29090: Psycopg2 Execute Format String Sqlicve-2026-29090-psycopg2-execute-format-string-sqliCVE-2026-29112: Unbounded Regex Dimension Extractioncve-2026-29112-unbounded-regex-dimension-extractionCVE-2026-29642: Xiangshan Dte Sdt Isolation Bypasscve-2026-29642-xiangshan-dte-sdt-isolation-bypassCVE-2026-29646: Nemu Rvh Vmode Sie Sip Incorrect Dispatchcve-2026-29646-nemu-rvh-vmode-sie-sip-incorrect-dispatchCVE-2026-29649: Nemu Henvcfg Overbroad Menvcfg Wmaskcve-2026-29649-nemu-henvcfg-overbroad-menvcfg-wmaskCVE-2026-29789: Php Workflow Action Missing Authorize On Foreign Modelcve-2026-29789-php-workflow-action-missing-authorize-on-foreign-modelCVE-2026-29792: Feathersjs Oauth Authenticate Params Query Fallbackcve-2026-29792-feathersjs-oauth-authenticate-params-query-fallbackCVE-2026-29793: Feathersjs Mongodb Id Nosql Injectioncve-2026-29793-feathersjs-mongodb-id-nosql-injectionCVE-2026-30242: Unruleable Custom Ssrf Domain Denylistcve-2026-30242-unruleable-custom-ssrf-domain-denylistCVE-2026-30351: Skipped Project Specific Command Executioncve-2026-30351-skipped-project-specific-command-executionCVE-2026-30363: Struct Field Toctou Derefcve-2026-30363-struct-field-toctou-derefCVE-2026-30405: Gobgp Unconditional Validate Update Msgcve-2026-30405-gobgp-unconditional-validate-update-msgCVE-2026-30793: Rust Fs Set Permissions World Writable 0o0777cve-2026-30793-rust-fs-set-permissions-world-writable-0o0777CVE-2026-30822: Insecure Filename Replace Path Traversalcve-2026-30822-insecure-filename-replace-path-traversalCVE-2026-30836: Scep Updatereq Grouped With Csr Handlerscve-2026-30836-scep-updatereq-grouped-with-csr-handlersCVE-2026-30849: Mantisbt Soap Mci Check Login Untyped Credential Paramscve-2026-30849-mantisbt-soap-mci-check-login-untyped-credential-paramsCVE-2026-30860: Weknora Sandbox Manager Execute Without Validationcve-2026-30860-weknora-sandbox-manager-execute-without-validationCVE-2026-30893: Python Os Path Join Decoded Untrusted Writecve-2026-30893-python-os-path-join-decoded-untrusted-writeCVE-2026-30919: Php Insecure Htmlspecialchars Noquotescve-2026-30919-php-insecure-htmlspecialchars-noquotesCVE-2026-30923: Modsecurity Libinjection Error Mishandlingcve-2026-30923-modsecurity-libinjection-error-mishandlingCVE-2026-30966: Parse Server Missing Join Table Access Guardcve-2026-30966-parse-server-missing-join-table-access-guardCVE-2026-31040: Python Stata Dofile Executed Without Shell Escape Validationcve-2026-31040-python-stata-dofile-executed-without-shell-escape-validationCVE-2026-31235: Python Pickle Loads On Multiprocessing Queue Datacve-2026-31235-python-pickle-loads-on-multiprocessing-queue-dataCVE-2026-31814: Rust Panic On Checked Mathcve-2026-31814-rust-panic-on-checked-mathCVE-2026-31817: Weak Fallback Id Validationcve-2026-31817-weak-fallback-id-validationCVE-2026-31840: Parse Logical Op Array Like Bypasscve-2026-31840-parse-logical-op-array-like-bypassCVE-2026-31856: Postgres Jsonb Increment Sql Injection Via Template Literalcve-2026-31856-postgres-jsonb-increment-sql-injection-via-template-literalCVE-2026-31871: Parse Server Postgres Increment Jsonb Sql Injectioncve-2026-31871-parse-server-postgres-increment-jsonb-sql-injectionCVE-2026-31877: Frappe Sanitize Fields Single Paren Blacklist Bypasscve-2026-31877-frappe-sanitize-fields-single-paren-blacklist-bypassCVE-2026-31898: Jspdf Freetext Annotation Injectioncve-2026-31898-jspdf-freetext-annotation-injectionCVE-2026-31899: Python Unbounded Svg Use Amplificationcve-2026-31899-python-unbounded-svg-use-amplificationCVE-2026-31900: Permissive Pip Requirement Version Regexcve-2026-31900-permissive-pip-requirement-version-regexCVE-2026-31940: User Controlled Session Idcve-2026-31940-user-controlled-session-idCVE-2026-31952: Incomplete Sql Keyword Blocklist Bypasscve-2026-31952-incomplete-sql-keyword-blocklist-bypassCVE-2026-31969: Postfix Decrement Bounds Check Oobcve-2026-31969-postfix-decrement-bounds-check-oobCVE-2026-31971: Htslib Cram Byte Array Len Overruncve-2026-31971-htslib-cram-byte-array-len-overrunCVE-2026-31972: Samtools Mplp Ref Undersized Lru Cache Uafcve-2026-31972-samtools-mplp-ref-undersized-lru-cache-uafCVE-2026-31973: Samtools Cram Decode Null Derefcve-2026-31973-samtools-cram-decode-null-derefCVE-2026-31975: Shell Command Injection Via Cd Template Literalcve-2026-31975-shell-command-injection-via-cd-template-literalCVE-2026-32038: Docker Network Container Namespace Join Allowed By Defaultcve-2026-32038-docker-network-container-namespace-join-allowed-by-defaultCVE-2026-32105: Xrdp Missing Fips Mac Validationcve-2026-32105-xrdp-missing-fips-mac-validationCVE-2026-32135: Urldecoding Off By One Overflowcve-2026-32135-urldecoding-off-by-one-overflowCVE-2026-32136: Go H2c Newhandler Outside Auth Middlewarecve-2026-32136-go-h2c-newhandler-outside-auth-middlewareCVE-2026-32241: Dynamic Shell Command Executioncve-2026-32241-dynamic-shell-command-executionCVE-2026-32247: Insecure Valueerror For Security Checkcve-2026-32247-insecure-valueerror-for-security-checkCVE-2026-32248: Parse Logical Op Arraylike Bypasscve-2026-32248-parse-logical-op-arraylike-bypassCVE-2026-32260: Insecure Shell Arg Concat Or Flawed Regexcve-2026-32260-insecure-shell-arg-concat-or-flawed-regexCVE-2026-32300: Laravel Idor Profile Updatecve-2026-32300-laravel-idor-profile-updateCVE-2026-32304: Js Function Constructor Non Literal Bodycve-2026-32304-js-function-constructor-non-literal-bodyCVE-2026-32311: Python Subprocess Shell True Fstring Injectioncve-2026-32311-python-subprocess-shell-true-fstring-injectionCVE-2026-32313: Php Openssl Decrypt Unvalidated Tag Lengthcve-2026-32313-php-openssl-decrypt-unvalidated-tag-lengthCVE-2026-32604: Java Git Shell Command Injection Via Concatenationcve-2026-32604-java-git-shell-command-injection-via-concatenationCVE-2026-32605: Rust Off By One Bounds Checkcve-2026-32605-rust-off-by-one-bounds-checkCVE-2026-32610: Fastapi Starlette Cors Wildcard Credentialscve-2026-32610-fastapi-starlette-cors-wildcard-credentialsCVE-2026-32613: Java Spel Standard Evaluation Context Rcecve-2026-32613-java-spel-standard-evaluation-context-rceCVE-2026-32616: Php Host Header Injection Email Linkcve-2026-32616-php-host-header-injection-email-linkCVE-2026-32621: Js Prototype Pollution Dynamic Key Mergecve-2026-32621-js-prototype-pollution-dynamic-key-mergeCVE-2026-32634: Glances Zeroconf Credential Leakcve-2026-32634-glances-zeroconf-credential-leakCVE-2026-32695: Traefik Missing Encoded Chars Middlewarecve-2026-32695-traefik-missing-encoded-chars-middlewareCVE-2026-32701: Qwik City Formdata Array Pollutioncve-2026-32701-qwik-city-formdata-array-pollutionCVE-2026-32711: Pydicom Referencedfileid Path Traversalcve-2026-32711-pydicom-referencedfileid-path-traversalCVE-2026-32714: Python Sqlite3 Format Sql Injectioncve-2026-32714-python-sqlite3-format-sql-injectionCVE-2026-32716: Path Startswith Bypasscve-2026-32716-path-startswith-bypassCVE-2026-32729: Promisified Child Process Execcve-2026-32729-promisified-child-process-execCVE-2026-32730: Ast Node Falsy Bypass To Xsscve-2026-32730-ast-node-falsy-bypass-to-xssCVE-2026-32763: Ast Visitor Unsanitized Query Appendcve-2026-32763-ast-visitor-unsanitized-query-appendCVE-2026-32767: Siyuan Fulltextsearchblock Missing Admin Checkcve-2026-32767-siyuan-fulltextsearchblock-missing-admin-checkCVE-2026-32768: Pulumi K8s Networkpolicy Inverted Deny Egresscve-2026-32768-pulumi-k8s-networkpolicy-inverted-deny-egressCVE-2026-32769: Pulumi K8s Networkpolicy Egress Namespaceselector Notin Metadata Namecve-2026-32769-pulumi-k8s-networkpolicy-egress-namespaceselector-notin-metadata-nameCVE-2026-32805: Go Zip Slip Prefix Bypasscve-2026-32805-go-zip-slip-prefix-bypassCVE-2026-32808: Tarfile Symlink Validation Bypasscve-2026-32808-tarfile-symlink-validation-bypassCVE-2026-32811: Ignored Url Parse Errorcve-2026-32811-ignored-url-parse-errorCVE-2026-32815: Unsegregated Websocket Session Storagecve-2026-32815-unsegregated-websocket-session-storageCVE-2026-32829: Lz4 Improper Offset Clampingcve-2026-32829-lz4-improper-offset-clampingCVE-2026-32853: Unchecked Sequential Memcpy Parsingcve-2026-32853-unchecked-sequential-memcpy-parsingCVE-2026-32854: Unchecked Strchr Derefcve-2026-32854-unchecked-strchr-derefCVE-2026-32871: Url Path Param Not Percent Encodedcve-2026-32871-url-path-param-not-percent-encodedCVE-2026-32874: Python C Api Memory Leak Fromstringcve-2026-32874-python-c-api-memory-leak-fromstringCVE-2026-32875: Unchecked Indent Multiplicationcve-2026-32875-unchecked-indent-multiplicationCVE-2026-32938: Siyuan Html2blockdom Missing Admin Readonly Guardscve-2026-32938-siyuan-html2blockdom-missing-admin-readonly-guardsCVE-2026-32949: Python Sqli Format Executecve-2026-32949-python-sqli-format-executeCVE-2026-33017: Langflow Public Build Rce Via Data Paramcve-2026-33017-langflow-public-build-rce-via-data-paramCVE-2026-33028: Vueuse Websocket Reactive Credentialscve-2026-33028-vueuse-websocket-reactive-credentialsCVE-2026-33054: Pathlib Path Traversal Unvalidated Token Concatcve-2026-33054-pathlib-path-traversal-unvalidated-token-concatCVE-2026-33055: Tar Pax Size Conditional Overridecve-2026-33055-tar-pax-size-conditional-overrideCVE-2026-33057: Python Flask Request Code Executioncve-2026-33057-python-flask-request-code-executionCVE-2026-33069: Multipart Oob Read Parser Incrementcve-2026-33069-multipart-oob-read-parser-incrementCVE-2026-33076: Python Path Traversal Fstring Host Param Unvalidatedcve-2026-33076-python-path-traversal-fstring-host-param-unvalidatedCVE-2026-33077: Unvalidated Flask Request Path Traversalcve-2026-33077-unvalidated-flask-request-path-traversalCVE-2026-33082: Java Sql Where Clause String Concat Injectioncve-2026-33082-java-sql-where-clause-string-concat-injectionCVE-2026-33083: Dataease Order Direction Sql Injectioncve-2026-33083-dataease-order-direction-sql-injectionCVE-2026-33084: Dataease Order By Direction Sql Injectioncve-2026-33084-dataease-order-by-direction-sql-injectionCVE-2026-33121: Dataease Engine Provider Table Name Sql Injectioncve-2026-33121-dataease-engine-provider-table-name-sql-injectionCVE-2026-33122: Dataease Engine Provider Ddl Identifier Injectioncve-2026-33122-dataease-engine-provider-ddl-identifier-injectionCVE-2026-33146: Share Search Unrestricted Page Descendantscve-2026-33146-share-search-unrestricted-page-descendantsCVE-2026-33150: Uaf Dangling Pointer Assignmentcve-2026-33150-uaf-dangling-pointer-assignmentCVE-2026-33151: Unbounded Attachments Doscve-2026-33151-unbounded-attachments-dosCVE-2026-33154: Unsafe Template Evaluation Dynaconfcve-2026-33154-unsafe-template-evaluation-dynaconfCVE-2026-33166: Improper Html Assignment Unsanitizedcve-2026-33166-improper-html-assignment-unsanitizedCVE-2026-33174: Activestorage Unbounded Byte Ranges Doscve-2026-33174-activestorage-unbounded-byte-ranges-dosCVE-2026-33180: Hapifhir Validationengine Global Security Bypasscve-2026-33180-hapifhir-validationengine-global-security-bypassCVE-2026-33182: Php Url Join Absolute Overridecve-2026-33182-php-url-join-absolute-overrideCVE-2026-33184: Rust Unwrap Unchecked Subtractioncve-2026-33184-rust-unwrap-unchecked-subtractionCVE-2026-33193: Cve 2026 33193 Multipart Mime Type Spoofing Stored Xsscve-2026-33193-cve-2026-33193-multipart-mime-type-spoofing-stored-xssCVE-2026-33212: Celery Task Pending State Missing Authorizationcve-2026-33212-celery-task-pending-state-missing-authorizationCVE-2026-33216: Improper Password To Jwt Assignmentcve-2026-33216-improper-password-to-jwt-assignmentCVE-2026-33228: Array Index Via String Wrapper Prototype Pollutioncve-2026-33228-array-index-via-string-wrapper-prototype-pollutionCVE-2026-33231: Nltk Lexical Path Traversal Symlinkcve-2026-33231-nltk-lexical-path-traversal-symlinkCVE-2026-33236: Insecure Path Join Opencve-2026-33236-insecure-path-join-openCVE-2026-33306: Java Int Shift Loop Boundcve-2026-33306-java-int-shift-loop-boundCVE-2026-33335: Double Escape Before Goldmarkcve-2026-33335-double-escape-before-goldmarkCVE-2026-33439: Openam Application Object Input Stream Unsafe Deserializationcve-2026-33439-openam-application-object-input-stream-unsafe-deserializationCVE-2026-33494: Oathkeeper Rule Matching Without Path Cleancve-2026-33494-oathkeeper-rule-matching-without-path-cleanCVE-2026-33496: Go Auth Cache Key Confusioncve-2026-33496-go-auth-cache-key-confusionCVE-2026-33516: Xrdp Memcpy From Stream Read Pointercve-2026-33516-xrdp-memcpy-from-stream-read-pointerCVE-2026-33524: Unchecked Stream Array Allocationcve-2026-33524-unchecked-stream-array-allocationCVE-2026-33526: Squid Uaf Rfc1738 Escapecve-2026-33526-squid-uaf-rfc1738-escapeCVE-2026-33544: Stateful Singleton Interface Oauthcve-2026-33544-stateful-singleton-interface-oauthCVE-2026-33632: Endpointsecurity Missing Exchangedata Clonecve-2026-33632-endpointsecurity-missing-exchangedata-cloneCVE-2026-33633: Rectangle Bounds Integer Overflowcve-2026-33633-rectangle-bounds-integer-overflowCVE-2026-33640: Otp Verify Without Attempt Limitcve-2026-33640-otp-verify-without-attempt-limitCVE-2026-33654: Python Channel Acl Fail Open Empty Allowlistcve-2026-33654-python-channel-acl-fail-open-empty-allowlistCVE-2026-33656: Php Attachment Getsourceid Path No Basenamecve-2026-33656-php-attachment-getsourceid-path-no-basenameCVE-2026-33661: Psr7 Host Header Localhost Bypasscve-2026-33661-psr7-host-header-localhost-bypassCVE-2026-33669: Siyuan Asset Handler Missing Publish Access Checkcve-2026-33669-siyuan-asset-handler-missing-publish-access-checkCVE-2026-33678: Double Escape Before Markdowncve-2026-33678-double-escape-before-markdownCVE-2026-33680: Vikunja Missing Linksharing Auth Checkcve-2026-33680-vikunja-missing-linksharing-auth-checkCVE-2026-33701: Java Objectinput Readobject Without Filtercve-2026-33701-java-objectinput-readobject-without-filterCVE-2026-33711: Insecure Tmp File Creationcve-2026-33711-insecure-tmp-file-creationCVE-2026-33729: Openfga Cache Key Injective Serializationcve-2026-33729-openfga-cache-key-injective-serializationCVE-2026-33744: Py Httpx Dns Rebinding Toctoucve-2026-33744-py-httpx-dns-rebinding-toctouCVE-2026-33746: Lcobucci Jwt Validate Without Signedwithcve-2026-33746-lcobucci-jwt-validate-without-signedwithCVE-2026-33752: Curl Cffi Ssrf Unsafe Redirectscve-2026-33752-curl-cffi-ssrf-unsafe-redirectsCVE-2026-33756: Unbounded Custom Graphql Batch Processingcve-2026-33756-unbounded-custom-graphql-batch-processingCVE-2026-33804: Fastify Middie Normalization Options Missing Config Fallbackcve-2026-33804-fastify-middie-normalization-options-missing-config-fallbackCVE-2026-3381: Bundled Zlib Pre 1 3 2 Vulnerablecve-2026-3381-bundled-zlib-pre-1-3-2-vulnerableCVE-2026-33850: Stb Image Fractional Subsampling Oobcve-2026-33850-stb-image-fractional-subsampling-oobCVE-2026-33851: Insecure Buffer Size Underflowcve-2026-33851-insecure-buffer-size-underflowCVE-2026-33852: Unguided Oldns Clear Memory Leakcve-2026-33852-unguided-oldns-clear-memory-leakCVE-2026-33856: Xml Document Oldns Memory Leakcve-2026-33856-xml-document-oldns-memory-leakCVE-2026-33877: Password Reset Timing Side Channel User Enumerationcve-2026-33877-password-reset-timing-side-channel-user-enumerationCVE-2026-33890: Ts Admin Auth Gated On Loginrequired Config Flagcve-2026-33890-ts-admin-auth-gated-on-loginrequired-config-flagCVE-2026-33891: Fallback Jsbn Modinverse Missing Zero Checkcve-2026-33891-fallback-jsbn-modinverse-missing-zero-checkCVE-2026-33908: Unbounded Xml Tree Recursioncve-2026-33908-unbounded-xml-tree-recursionCVE-2026-33937: Handlebars Compile Untrusted Ast Inputcve-2026-33937-handlebars-compile-untrusted-ast-inputCVE-2026-33938: Unvalidated Ast Passthroughcve-2026-33938-unvalidated-ast-passthroughCVE-2026-33940: Insecure Ast Node Returncve-2026-33940-insecure-ast-node-returnCVE-2026-33942: Php Unserialize Allowed Classes Truecve-2026-33942-php-unserialize-allowed-classes-trueCVE-2026-33945: Go Filepath Join Untrusted Key Writefile Traversalcve-2026-33945-go-filepath-join-untrusted-key-writefile-traversalCVE-2026-33979: Sanitizer Config Ignored Empty Arraycve-2026-33979-sanitizer-config-ignored-empty-arrayCVE-2026-33986: Premature Dimension Update Before Allocationcve-2026-33986-premature-dimension-update-before-allocationCVE-2026-33994: Js Prototype Pollution Regex Test Guardcve-2026-33994-js-prototype-pollution-regex-test-guardCVE-2026-34041: Act Set Env Add Path Without Unsecure Commands Guardcve-2026-34041-act-set-env-add-path-without-unsecure-commands-guardCVE-2026-34060: Ruby Gemfile Template Source Option Interpolationcve-2026-34060-ruby-gemfile-template-source-option-interpolationCVE-2026-34063: Rust Libp2p Handler Paniccve-2026-34063-rust-libp2p-handler-panicCVE-2026-34078: Flatpak Run App Missing Fd Bind Paramscve-2026-34078-flatpak-run-app-missing-fd-bind-paramsCVE-2026-34209: Payment Channel Insecure Voucher Comparisoncve-2026-34209-payment-channel-insecure-voucher-comparisonCVE-2026-34212: Authorization Check And Of Not Equal Throwscve-2026-34212-authorization-check-and-of-not-equal-throwsCVE-2026-34213: Authorization Guard And Not Equals Bypasscve-2026-34213-authorization-guard-and-not-equals-bypassCVE-2026-34226: Leaky Cookie Origin In Fetchcve-2026-34226-leaky-cookie-origin-in-fetchCVE-2026-34232: Path Traversal Unvalidated Plugin Namecve-2026-34232-path-traversal-unvalidated-plugin-nameCVE-2026-34236: Configuration Sdkconfiguration Php Cwe 000 Cve 2026 34236cve-2026-34236-configuration-sdkconfiguration-php-cwe-000-cve-2026-34236CVE-2026-34243: Github Actions Untrusted Context In Runcve-2026-34243-github-actions-untrusted-context-in-runCVE-2026-34352: Shmget Permissive Creationcve-2026-34352-shmget-permissive-creationCVE-2026-34404: Nuxt Og Image Html Ssrfcve-2026-34404-nuxt-og-image-html-ssrfCVE-2026-34415: Incomplete Php Extension Denylist Regex Php Glob Misusecve-2026-34415-incomplete-php-extension-denylist-regex-php-glob-misuseCVE-2026-34444: Lupa Luaruntime Attribute Filter Without Register Builtins Falsecve-2026-34444-lupa-luaruntime-attribute-filter-without-register-builtins-falseCVE-2026-34478: Log4j Rfc5424 Key Escapingcve-2026-34478-log4j-rfc5424-key-escapingCVE-2026-34513: Unbounded Dict Cachecve-2026-34513-unbounded-dict-cacheCVE-2026-34515: Aiohttp Unc Path Disclosurecve-2026-34515-aiohttp-unc-path-disclosureCVE-2026-34516: Unchecked Async Readline Accumulationcve-2026-34516-unchecked-async-readline-accumulationCVE-2026-34543: Openexr Bounds Check Capacity Mismatchcve-2026-34543-openexr-bounds-check-capacity-mismatchCVE-2026-34581: Goshs Unvalidated Path Traversalcve-2026-34581-goshs-unvalidated-path-traversalCVE-2026-34824: Unbounded Thread Creation In Loopcve-2026-34824-unbounded-thread-creation-in-loopCVE-2026-34827: Ruby Unescaped Regex Interpolationcve-2026-34827-ruby-unescaped-regex-interpolationCVE-2026-34829: Ruby Unescaped Prefix Regex Interpolationcve-2026-34829-ruby-unescaped-prefix-regex-interpolationCVE-2026-34840: Saml Assertion Wrapping Missing Length Checkcve-2026-34840-saml-assertion-wrapping-missing-length-checkCVE-2026-34841: Gha Npm Publish Static Secret Token Authcve-2026-34841-gha-npm-publish-static-secret-token-authCVE-2026-34935: Python Shlex Split Unvalidated Executablecve-2026-34935-python-shlex-split-unvalidated-executableCVE-2026-34936: Ai Agent Tool Unauthorized File Opcve-2026-34936-ai-agent-tool-unauthorized-file-opCVE-2026-34938: Static Method Destructive File Op No Instance Authzcve-2026-34938-static-method-destructive-file-op-no-instance-authzCVE-2026-34941: Improper Entityset Capacitycve-2026-34941-improper-entityset-capacityCVE-2026-34943: Wasmtime Jit Libcall Toctoucve-2026-34943-wasmtime-jit-libcall-toctouCVE-2026-34971: Wasmtime Insecure Passive Data Trackingcve-2026-34971-wasmtime-insecure-passive-data-trackingCVE-2026-34976: Missing Restore Tenant Middleware Registrationcve-2026-34976-missing-restore-tenant-middleware-registrationCVE-2026-34977: Python Bash Sh Dash C Dynamic Command Injectioncve-2026-34977-python-bash-sh-dash-c-dynamic-command-injectionCVE-2026-35047: Php Laravel Unrestricted File Upload To Public Pathcve-2026-35047-php-laravel-unrestricted-file-upload-to-public-pathCVE-2026-35051: Forwardauth Missing X Forwarded Stripcve-2026-35051-forwardauth-missing-x-forwarded-stripCVE-2026-35052: Python Unsafe Pickle Deserialization Storage Backendcve-2026-35052-python-unsafe-pickle-deserialization-storage-backendCVE-2026-35178: Php Create Function Code Injectioncve-2026-35178-php-create-function-code-injectionCVE-2026-35184: Php Switch Default Unsanitized Passthrough Sqlicve-2026-35184-php-switch-default-unsanitized-passthrough-sqliCVE-2026-35186: Wasmtime Libcall Passive Data Racecve-2026-35186-wasmtime-libcall-passive-data-raceCVE-2026-35194: Flink Raw Format Unbounded Recordscve-2026-35194-flink-raw-format-unbounded-recordsCVE-2026-35205: Fail Open Verification Bypasscve-2026-35205-fail-open-verification-bypassCVE-2026-35209: Object Assign Prototype Hijackcve-2026-35209-object-assign-prototype-hijackCVE-2026-35213: Redos In Regex Endingscve-2026-35213-redos-in-regex-endingsCVE-2026-35392: Go Http Request Path To File Write Without Containment Checkcve-2026-35392-go-http-request-path-to-file-write-without-containment-checkCVE-2026-35393: Go Net Http Url Path To Filesystem Traversalcve-2026-35393-go-net-http-url-path-to-filesystem-traversalCVE-2026-35394: Improper Error Class In Url Validationcve-2026-35394-improper-error-class-in-url-validationCVE-2026-35409: Directus Missing Oauth Validationcve-2026-35409-directus-missing-oauth-validationCVE-2026-35442: Express Missing Oauth Scope Validationcve-2026-35442-express-missing-oauth-scope-validationCVE-2026-35458: Go Dlclark Regexp2 Compile Without Match Timeoutcve-2026-35458-go-dlclark-regexp2-compile-without-match-timeoutCVE-2026-35464: Pyload Incomplete Admin Optionscve-2026-35464-pyload-incomplete-admin-optionsCVE-2026-35465: Custom Archive Filename Missing Validationcve-2026-35465-custom-archive-filename-missing-validationCVE-2026-35471: Go Path Traversal Guard Missing Returncve-2026-35471-go-path-traversal-guard-missing-returnCVE-2026-35523: Strawberry Graphql Ws Unauthenticated Startcve-2026-35523-strawberry-graphql-ws-unauthenticated-startCVE-2026-35526: Graphql Ws Missing Limits And Authcve-2026-35526-graphql-ws-missing-limits-and-authCVE-2026-35604: Missing Share Owner Permission Checkcve-2026-35604-missing-share-owner-permission-checkCVE-2026-35615: Praisonai Workspace Access Bypasscve-2026-35615-praisonai-workspace-access-bypassCVE-2026-37541: Ovms3 Gvret Binary Build Can Frame Length Unboundedcve-2026-37541-ovms3-gvret-binary-build-can-frame-length-unboundedCVE-2026-37709: Laravel Write Method With Read Only Authorizationcve-2026-37709-laravel-write-method-with-read-only-authorizationCVE-2026-38651: Go Jwt Missing Validity Checkcve-2026-38651-go-jwt-missing-validity-checkCVE-2026-38992: Php Sqlite Jsonpath Unsanitized Field Concatenationcve-2026-38992-php-sqlite-jsonpath-unsanitized-field-concatenationCVE-2026-39307: File Tools Py Cwe 000 Cve 2026 39307cve-2026-39307-file-tools-py-cwe-000-cve-2026-39307CVE-2026-39324: Rack Session Cookie Decoder Fallback Bypasses Encryptorscve-2026-39324-rack-session-cookie-decoder-fallback-bypasses-encryptorsCVE-2026-39355: Php Laravel Controller Ownership Reassignment Without Authorizationcve-2026-39355-php-laravel-controller-ownership-reassignment-without-authorizationCVE-2026-39363: Bypass Fs Check Via Hardcoded Envcve-2026-39363-bypass-fs-check-via-hardcoded-envCVE-2026-39408: Insecure Route Path Joincve-2026-39408-insecure-route-path-joinCVE-2026-3945: Strtol Missing Negative Check Before Arithmeticcve-2026-3945-strtol-missing-negative-check-before-arithmeticCVE-2026-3960: Cve 2026 3960 Incomplete Jdbc Denylist Missing Postgresql Paramscve-2026-3960-cve-2026-3960-incomplete-jdbc-denylist-missing-postgresql-paramsCVE-2026-39853: Osslsigncode Memcpy Buffer Overflowcve-2026-39853-osslsigncode-memcpy-buffer-overflowCVE-2026-39858: Traefik Http Chain Missing Deny Encoded Characterscve-2026-39858-traefik-http-chain-missing-deny-encoded-charactersCVE-2026-39859: Conditional Path Containment Bypasscve-2026-39859-conditional-path-containment-bypassCVE-2026-39865: Array Splice Missing Unconditional Return In Backward While Loopcve-2026-39865-array-splice-missing-unconditional-return-in-backward-while-loopCVE-2026-39888: Python Exec Unrestricted Builtins Sandboxcve-2026-39888-python-exec-unrestricted-builtins-sandboxCVE-2026-39889: Ai Agent Tool Static File Op Sandbox Bypasscve-2026-39889-ai-agent-tool-static-file-op-sandbox-bypassCVE-2026-39912: Php Magic Link Token Leak In Responsecve-2026-39912-php-magic-link-token-leak-in-responseCVE-2026-39958: Oma Topics Missing Control Char Validationcve-2026-39958-oma-topics-missing-control-char-validationCVE-2026-39962: Php Ldap Injection Unescaped Superglobal In Filtercve-2026-39962-php-ldap-injection-unescaped-superglobal-in-filterCVE-2026-39974: Array Filter Index Shift Logic Bugcve-2026-39974-array-filter-index-shift-logic-bugCVE-2026-39987: Marimo Websocket Missing Validate Authcve-2026-39987-marimo-websocket-missing-validate-authCVE-2026-40030: Os Popen Command Injectioncve-2026-40030-os-popen-command-injectionCVE-2026-40069: Case Sensitive Constant Inclusion Bypasscve-2026-40069-case-sensitive-constant-inclusion-bypassCVE-2026-40073: Unvalidated Content Length Limit Bypasscve-2026-40073-unvalidated-content-length-limit-bypassCVE-2026-40116: Static Validation Workspace Bypasscve-2026-40116-static-validation-workspace-bypassCVE-2026-40149: Static Method File Operation Sandbox Bypasscve-2026-40149-static-method-file-operation-sandbox-bypassCVE-2026-40154: Praisonai Tool Static Destructive File Op Without Workspace Guardcve-2026-40154-praisonai-tool-static-destructive-file-op-without-workspace-guardCVE-2026-40158: Sqli Fstring Interpolationcve-2026-40158-sqli-fstring-interpolationCVE-2026-40164: Hardcoded Murmurhash Seedcve-2026-40164-hardcoded-murmurhash-seedCVE-2026-40189: Goshs State Changing Handler Missing Acl Checkcve-2026-40189-goshs-state-changing-handler-missing-acl-checkCVE-2026-40258: Python Zipfile Extractall Zip Slipcve-2026-40258-python-zipfile-extractall-zip-slipCVE-2026-40259: Siyuan Av Api Missing Admin Role Checkcve-2026-40259-siyuan-av-api-missing-admin-role-checkCVE-2026-40288: Praisonai Filetools Missing Workspace Containmentcve-2026-40288-praisonai-filetools-missing-workspace-containmentCVE-2026-40289: Praisonai Filetools Destructive Missing Workspace Checkcve-2026-40289-praisonai-filetools-destructive-missing-workspace-checkCVE-2026-40315: Python Sql Identifier Injection Via Unvalidated Prefixcve-2026-40315-python-sql-identifier-injection-via-unvalidated-prefixCVE-2026-40318: Go Path Traversal Arbitrary File Delete Via Filepath Joincve-2026-40318-go-path-traversal-arbitrary-file-delete-via-filepath-joinCVE-2026-40322: Mermaid Svg Innerhtml Xss Without Dompurifycve-2026-40322-mermaid-svg-innerhtml-xss-without-dompurifyCVE-2026-40324: Hotchocolate Utf8graphqlparser Missing Recursion Depth Guardcve-2026-40324-hotchocolate-utf8graphqlparser-missing-recursion-depth-guardCVE-2026-40344: Skipped Architectural Feature Omissioncve-2026-40344-skipped-architectural-feature-omissionCVE-2026-40351: Typescript Nosql Injection Via Type Assertion On Request Bodycve-2026-40351-typescript-nosql-injection-via-type-assertion-on-request-bodyCVE-2026-40477: Thymeleaf Ssti Incomplete Expression Recognizercve-2026-40477-thymeleaf-ssti-incomplete-expression-recognizerCVE-2026-40492: C Bits Per Pixel Header Field Drives Wider Integer Castcve-2026-40492-c-bits-per-pixel-header-field-drives-wider-integer-castCVE-2026-40493: Image Codec Bpp From Raw Channels Depthcve-2026-40493-image-codec-bpp-from-raw-channels-depthCVE-2026-40494: Tga Rle Raw Packet Missing Bounds Checkcve-2026-40494-tga-rle-raw-packet-missing-bounds-checkCVE-2026-40497: Missing Style In Html Denylistcve-2026-40497-missing-style-in-html-denylistCVE-2026-40498: Php Laravel Md5 App Key Auth Tokencve-2026-40498-php-laravel-md5-app-key-auth-tokenCVE-2026-40525: Python Auth Fail Open Empty Api Keycve-2026-40525-python-auth-fail-open-empty-api-keyCVE-2026-40569: Php Laravel Mass Assignment Request All Into Fillcve-2026-40569-php-laravel-mass-assignment-request-all-into-fillCVE-2026-40576: Python Path Traversal Unsafe Sandbox Resolvercve-2026-40576-python-path-traversal-unsafe-sandbox-resolverCVE-2026-40719: Maradns Deadwood Use Before Null Check Dw Get Dnamecve-2026-40719-maradns-deadwood-use-before-null-check-dw-get-dnameCVE-2026-40869: Decidim Collaborative Texts Incorrect Authz Subjectcve-2026-40869-decidim-collaborative-texts-incorrect-authz-subjectCVE-2026-40884: Goshs Sftp Empty Username Auth Bypasscve-2026-40884-goshs-sftp-empty-username-auth-bypassCVE-2026-40890: Go Missing Bounds Check After Loopcve-2026-40890-go-missing-bounds-check-after-loopCVE-2026-40899: Lombok Data Class List Field Missing Jsonignorecve-2026-40899-lombok-data-class-list-field-missing-jsonignoreCVE-2026-40906: Elixir Permissive Validator Catchall Okcve-2026-40906-elixir-permissive-validator-catchall-okCVE-2026-41068: Kyverno Cross Namespace Rbac Bypasscve-2026-41068-kyverno-cross-namespace-rbac-bypassCVE-2026-41070: Cve 2026 41070 Openvpn Plugin Auth Deny Returns Successcve-2026-41070-cve-2026-41070-openvpn-plugin-auth-deny-returns-successCVE-2026-41082: Opam Dot Install Rel Filename Path Traversalcve-2026-41082-opam-dot-install-rel-filename-path-traversalCVE-2026-4111: Archive Missing Decompression Bounds Checkcve-2026-4111-archive-missing-decompression-bounds-checkCVE-2026-41145: Unsanitized Http Trailer In Custom Chunk Readercve-2026-41145-unsanitized-http-trailer-in-custom-chunk-readerCVE-2026-41163: Prctl Set Dumpable Unconditionalcve-2026-41163-prctl-set-dumpable-unconditionalCVE-2026-41167: Js Node Postgres Template Literal Sql Injectioncve-2026-41167-js-node-postgres-template-literal-sql-injectionCVE-2026-41180: Path Startswith Directory Traversalcve-2026-41180-path-startswith-directory-traversalCVE-2026-41193: Php Zip Slip Extract Without Path Containmentcve-2026-41193-php-zip-slip-extract-without-path-containmentCVE-2026-41197: Rust Brillig Array Undersize From Discarded Element Typescve-2026-41197-rust-brillig-array-undersize-from-discarded-element-typesCVE-2026-41205: Python Backslash Path Traversal Bypasscve-2026-41205-python-backslash-path-traversal-bypassCVE-2026-41228: Php Lfi Sprintf Path Require No Traversal Guardcve-2026-41228-php-lfi-sprintf-path-require-no-traversal-guardCVE-2026-41231: Froxlor Makecorrectdir Missing Fixed Homedircve-2026-41231-froxlor-makecorrectdir-missing-fixed-homedirCVE-2026-41242: Protobufjs Type Constructor Unsanitized Name Code Injectioncve-2026-41242-protobufjs-type-constructor-unsanitized-name-code-injectionCVE-2026-41246: Contour Envoy Lua Injectioncve-2026-41246-contour-envoy-lua-injectionCVE-2026-41247: Php Imagemagick Cli Sprintf Shell Injectioncve-2026-41247-php-imagemagick-cli-sprintf-shell-injectionCVE-2026-41248: Clerk Create Route Matcher Affirmative Gate Bypasscve-2026-41248-clerk-create-route-matcher-affirmative-gate-bypassCVE-2026-41278: Path Traversal Unsafe Prefix Replacecve-2026-41278-path-traversal-unsafe-prefix-replaceCVE-2026-41297: Unvalidated Url Extraction Pipestreamcve-2026-41297-unvalidated-url-extraction-pipestreamCVE-2026-41311: Uncontrolled Block Render Recursioncve-2026-41311-uncontrolled-block-render-recursionCVE-2026-41323: Kyverno Default Sa Token Readcve-2026-41323-kyverno-default-sa-token-readCVE-2026-41327: Dgraph Cve 2026 41327 Dql Cond Injectioncve-2026-41327-dgraph-cve-2026-41327-dql-cond-injectionCVE-2026-41328: Go Dgraph Dql Injection Via Fmt Sprintfcve-2026-41328-go-dgraph-dql-injection-via-fmt-sprintfCVE-2026-41415: Pjsip Pj Str Slen Underflow On Delimiter Stripcve-2026-41415-pjsip-pj-str-slen-underflow-on-delimiter-stripCVE-2026-41431: Mozconfig Unverified Updates Enabledcve-2026-41431-mozconfig-unverified-updates-enabledCVE-2026-41455: Meteor Simpleschema Ssrf Missing Validationcve-2026-41455-meteor-simpleschema-ssrf-missing-validationCVE-2026-41475: Bacnet Deprecated Decode Tag Number And Value Oob Readcve-2026-41475-bacnet-deprecated-decode-tag-number-and-value-oob-readCVE-2026-41477: Deskflow Ipc Lpe Skipcve-2026-41477-deskflow-ipc-lpe-skipCVE-2026-41491: Path Traversal Method Path Without Cleancve-2026-41491-path-traversal-method-path-without-cleanCVE-2026-41492: Go Incomplete Debug Cmdline Filter Leaks Expvar Varscve-2026-41492-go-incomplete-debug-cmdline-filter-leaks-expvar-varsCVE-2026-41500: Command Injection Exec Unsanitized Jsoncve-2026-41500-command-injection-exec-unsanitized-jsonCVE-2026-41524: Php Stored Xss Unsanitized Html Model Contentcve-2026-41524-php-stored-xss-unsanitized-html-model-contentCVE-2026-41571: Go Bcrypt Empty Password Placeholder Auth Bypasscve-2026-41571-go-bcrypt-empty-password-placeholder-auth-bypassCVE-2026-41588: Python Non Constant Time Secret Comparisoncve-2026-41588-python-non-constant-time-secret-comparisonCVE-2026-41677: Rust Openssl Passwd Cb Missing Length Bounds Checkcve-2026-41677-rust-openssl-passwd-cb-missing-length-bounds-checkCVE-2026-41678: Rust Openssl Aes Unwrap Key Inverted Bounds Assertioncve-2026-41678-rust-openssl-aes-unwrap-key-inverted-bounds-assertionCVE-2026-41681: Rust Openssl Evp Digest Final Missing Bounds Checkcve-2026-41681-rust-openssl-evp-digest-final-missing-bounds-checkCVE-2026-41693: Path Traversal Unvalidated Template Interpolationcve-2026-41693-path-traversal-unvalidated-template-interpolationCVE-2026-41705: Filter Expression String Injection Via String Formatcve-2026-41705-filter-expression-string-injection-via-string-formatCVE-2026-4176: Vendored Zlib Pre 1 3 2cve-2026-4176-vendored-zlib-pre-1-3-2CVE-2026-41893: Signalk Securitystrategy Login Without Rate Limitcve-2026-41893-signalk-securitystrategy-login-without-rate-limitCVE-2026-41895: Python Falsy Validation Bypasscve-2026-41895-python-falsy-validation-bypassCVE-2026-41898: Rust Openssl Ffi Trampoline Unchecked Callback Lengthcve-2026-41898-rust-openssl-ffi-trampoline-unchecked-callback-lengthCVE-2026-41901: Thymeleaf Cve 2026 41901 Typename Firstchar Shortcutcve-2026-41901-thymeleaf-cve-2026-41901-typename-firstchar-shortcutCVE-2026-41904: Overly Strict Realpath Validation Doscve-2026-41904-overly-strict-realpath-validation-dosCVE-2026-42009: Dtls Duplicate Sequence Type Checkcve-2026-42009-dtls-duplicate-sequence-type-checkCVE-2026-42031: Ckan Check Access Bypass Via Whitelistcve-2026-42031-ckan-check-access-bypass-via-whitelistCVE-2026-42046: Improper Multiplication Overflow Checkcve-2026-42046-improper-multiplication-overflow-checkCVE-2026-42072: Go Net Listen Port Only Wildcard Bindcve-2026-42072-go-net-listen-port-only-wildcard-bindCVE-2026-42079: Python Eval Empty Globalscve-2026-42079-python-eval-empty-globalsCVE-2026-42083: Gin Route Group Missing Auth Middlewarecve-2026-42083-gin-route-group-missing-auth-middlewareCVE-2026-42089: Yeoman Missing Authorization Promptcve-2026-42089-yeoman-missing-authorization-promptCVE-2026-42171: Nsis Insecure Temp Fallbackcve-2026-42171-nsis-insecure-temp-fallbackCVE-2026-42189: Unchecked Network Decoded Count Vec Capacitycve-2026-42189-unchecked-network-decoded-count-vec-capacityCVE-2026-42193: Missing Aws Sns Signature Verificationcve-2026-42193-missing-aws-sns-signature-verificationCVE-2026-42196: Python Pureposixpath Traversal Without Clean Namecve-2026-42196-python-pureposixpath-traversal-without-clean-nameCVE-2026-42197: Django Marksafe String Interpolationcve-2026-42197-django-marksafe-string-interpolationCVE-2026-42198: Scram Client Unbounded Pbkdf2cve-2026-42198-scram-client-unbounded-pbkdf2CVE-2026-42205: Avo Incomplete Action Lookup Missing Custom Controlscve-2026-42205-avo-incomplete-action-lookup-missing-custom-controlsCVE-2026-42221: Insecure Inline Session Cookie Generationcve-2026-42221-insecure-inline-session-cookie-generationCVE-2026-42238: Gin Conditional Auth Required Bypasscve-2026-42238-gin-conditional-auth-required-bypassCVE-2026-42268: Modsecurity Libinjection Boolean Failopencve-2026-42268-modsecurity-libinjection-boolean-failopenCVE-2026-42296: Argo Workflows Incomplete Workflowspec Restriction Checkcve-2026-42296-argo-workflows-incomplete-workflowspec-restriction-checkCVE-2026-42300: Go Admin Token Header Identity Assertion Bypasscve-2026-42300-go-admin-token-header-identity-assertion-bypassCVE-2026-42302: Code Server Auth None Unauthenticated Rcecve-2026-42302-code-server-auth-none-unauthenticated-rceCVE-2026-42304: Twisted Dns Decompression Loopcve-2026-42304-twisted-dns-decompression-loopCVE-2026-42311: C Struct Singleton Pointer Identity Tokencve-2026-42311-c-struct-singleton-pointer-identity-tokenCVE-2026-42315: Tarfile Incomplete Symlink Validationcve-2026-42315-tarfile-incomplete-symlink-validationCVE-2026-42345: Broken Json String Escaping Lookbehind Replacecve-2026-42345-broken-json-string-escaping-lookbehind-replaceCVE-2026-42352: Python Ssrf Unvalidated Callback Urlcve-2026-42352-python-ssrf-unvalidated-callback-urlCVE-2026-42449: Position Dependent Array Index Shiftcve-2026-42449-position-dependent-array-index-shiftCVE-2026-42461: Huma Auth Middleware Missing Api Security Fallbackcve-2026-42461-huma-auth-middleware-missing-api-security-fallbackCVE-2026-42463: Python Sqli Execute Formatcve-2026-42463-python-sqli-execute-formatCVE-2026-4248: Wp Um Hardcoded Usermeta Blacklistcve-2026-4248-wp-um-hardcoded-usermeta-blacklistCVE-2026-42551: Arbitrary File Write Via Upload Movecve-2026-42551-arbitrary-file-write-via-upload-moveCVE-2026-42552: Insecure File Move Uploaded Filecve-2026-42552-insecure-file-move-uploaded-fileCVE-2026-42560: Cve 2026 42560 Oauth User Id Self Hash Collisioncve-2026-42560-cve-2026-42560-oauth-user-id-self-hash-collisionCVE-2026-42563: Unquoted Replace Subprocesscve-2026-42563-unquoted-replace-subprocessCVE-2026-42569: Phpvms Laravel Importer Route Group Missing Authcve-2026-42569-phpvms-laravel-importer-route-group-missing-authCVE-2026-42574: Go Sanitize Path Symlink Following Traversalcve-2026-42574-go-sanitize-path-symlink-following-traversalCVE-2026-42605: Php Flysystem Local Adapter Path Not Normalizedcve-2026-42605-php-flysystem-local-adapter-path-not-normalizedCVE-2026-42796: Arelle Webserver Plugins From Request Query Rcecve-2026-42796-arelle-webserver-plugins-from-request-query-rceCVE-2026-42809: Polaris Iceberg Location Gate Missing Metadata Keycve-2026-42809-polaris-iceberg-location-gate-missing-metadata-keyCVE-2026-42864: Drf Allowany On Serializer Bound Viewcve-2026-42864-drf-allowany-on-serializer-bound-viewCVE-2026-42869: Python Hardcoded Secret Env Fallbackcve-2026-42869-python-hardcoded-secret-env-fallbackCVE-2026-43566: Openclaw Heartbeat Wake Pending Events Omittedcve-2026-43566-openclaw-heartbeat-wake-pending-events-omittedCVE-2026-43886: Loop Item Path Traversal Heuristiccve-2026-43886-loop-item-path-traversal-heuristicCVE-2026-43891: Falsy Dict Get Validation Bypasscve-2026-43891-falsy-dict-get-validation-bypassCVE-2026-43898: Sandbox Missing Function Caller Restrictioncve-2026-43898-sandbox-missing-function-caller-restrictionCVE-2026-43940: Ai Schema Authtype Missing Profile Constraintcve-2026-43940-ai-schema-authtype-missing-profile-constraintCVE-2026-43944: Unsanitized Json Parse To Object Assigncve-2026-43944-unsanitized-json-parse-to-object-assignCVE-2026-43948: Django Modelform Instance Field Tautological Comparisoncve-2026-43948-django-modelform-instance-field-tautological-comparisonCVE-2026-43997: Fragile Function Constructor Name Guardcve-2026-43997-fragile-function-constructor-name-guardCVE-2026-44005: Cve 2026 44005 Proxy Write Trap Missing Intrinsic Prototype Guardcve-2026-44005-cve-2026-44005-proxy-write-trap-missing-intrinsic-prototype-guardCVE-2026-44008: Sandbox Bridge Array Index Assign Bypasses Reflect Definecve-2026-44008-sandbox-bridge-array-index-assign-bypasses-reflect-defineCVE-2026-44009: Sandbox Array Prototype Setter Leakcve-2026-44009-sandbox-array-prototype-setter-leakCVE-2026-44050: Netatalk Cnid Dbd Unbounded Readt Namelencve-2026-44050-netatalk-cnid-dbd-unbounded-readt-namelenCVE-2026-44060: Network Length Underflowcve-2026-44060-network-length-underflowCVE-2026-44167: Phpseclib Asn1 Oid Length Bypasscve-2026-44167-phpseclib-asn1-oid-length-bypassCVE-2026-4424: Libarchive Rar Lzss Sign Comparecve-2026-4424-libarchive-rar-lzss-sign-compareCVE-2026-44296: Thread Blocking Sleep In Networkingcve-2026-44296-thread-blocking-sleep-in-networkingCVE-2026-44313: Ssrf Scheme Only Url Guard Before Server Fetchcve-2026-44313-ssrf-scheme-only-url-guard-before-server-fetchCVE-2026-44316: Go Nil Deref Before Nil Guardcve-2026-44316-go-nil-deref-before-nil-guardCVE-2026-44319: Go Fatal Log In Goroutinecve-2026-44319-go-fatal-log-in-goroutineCVE-2026-44322: Free5gc Nef Unset Problemdetails Causecve-2026-44322-free5gc-nef-unset-problemdetails-causeCVE-2026-44328: Nf Instance Id Ephemeral Uuid No Configcve-2026-44328-nf-instance-id-ephemeral-uuid-no-configCVE-2026-44329: Gin Router Group Missing Auth Middlewarecve-2026-44329-gin-router-group-missing-auth-middlewareCVE-2026-44339: File Op Static Method Bypasses Workspace Access Controlcve-2026-44339-file-op-static-method-bypasses-workspace-access-controlCVE-2026-44345: Ssrf Toctou Dns Rebindingcve-2026-44345-ssrf-toctou-dns-rebindingCVE-2026-44375: Nerdbank Messagepack Incorrect Skip Countcve-2026-44375-nerdbank-messagepack-incorrect-skip-countCVE-2026-44463: Missing Dynamic Mcp Oauth Authcve-2026-44463-missing-dynamic-mcp-oauth-authCVE-2026-44466: Mcp Static Auth Header Bypasscve-2026-44466-mcp-static-auth-header-bypassCVE-2026-44497: Ffi Sighash Callback Stale Buffer None Returncve-2026-44497-ffi-sighash-callback-stale-buffer-none-returnCVE-2026-44523: Jwt Hmac Secret Missing Min Length Validationcve-2026-44523-jwt-hmac-secret-missing-min-length-validationCVE-2026-44549: Xlsx Sheet To Html Stored Xsscve-2026-44549-xlsx-sheet-to-html-stored-xssCVE-2026-44643: Js Unsafe Method Style Hasownpropertycve-2026-44643-js-unsafe-method-style-hasownpropertyCVE-2026-44708: Inline Delimiter Regex Missing Escape Handlingcve-2026-44708-inline-delimiter-regex-missing-escape-handlingCVE-2026-44714: Bytebuffer Deserializer Throws Ioexceptioncve-2026-44714-bytebuffer-deserializer-throws-ioexceptionCVE-2026-44717: Python Mcp Tool Eval Code Injectioncve-2026-44717-python-mcp-tool-eval-code-injectionCVE-2026-44797: Python Requests Session Send Redirect Ssrfcve-2026-44797-python-requests-session-send-redirect-ssrfCVE-2026-4480: Weak Quote Replacement Command Injectioncve-2026-4480-weak-quote-replacement-command-injectionCVE-2026-44850: Tar Zipslip Vulnerabilitycve-2026-44850-tar-zipslip-vulnerabilityCVE-2026-44882: Archive Targz Go Cwe 000 Cve 2026 44882cve-2026-44882-archive-targz-go-cwe-000-cve-2026-44882CVE-2026-44895: Github Actions Publish Missing Event Type Guardcve-2026-44895-github-actions-publish-missing-event-type-guardCVE-2026-44896: Inline Span Regex Dot Any Body Xsscve-2026-44896-inline-span-regex-dot-any-body-xssCVE-2026-44897: Inline Delimiter Regex Missing Escape Handlingcve-2026-44897-inline-delimiter-regex-missing-escape-handlingCVE-2026-44900: Jws Payload Without Signature Verificationcve-2026-44900-jws-payload-without-signature-verificationCVE-2026-44974: Custom Parser Missing Duplicate Key Checkcve-2026-44974-custom-parser-missing-duplicate-key-checkCVE-2026-44988: Libvncclient Tight Rw Bounds Overflowcve-2026-44988-libvncclient-tight-rw-bounds-overflowCVE-2026-45055: Php Unsanitized Request Loop Interpolationcve-2026-45055-php-unsanitized-request-loop-interpolationCVE-2026-45090: Dalfox Missing Json Aware Injectioncve-2026-45090-dalfox-missing-json-aware-injectionCVE-2026-45108: Rust File Create Dynamic Pathcve-2026-45108-rust-file-create-dynamic-pathCVE-2026-45109: Next Js Hardcoded None Cache Handlercve-2026-45109-next-js-hardcoded-none-cache-handlerCVE-2026-45315: Fastapi Fileresponse Path Route Missing Protection Headerscve-2026-45315-fastapi-fileresponse-path-route-missing-protection-headersCVE-2026-45318: Open Webui Excel To Table Unsanitized Html Assignmentcve-2026-45318-open-webui-excel-to-table-unsanitized-html-assignmentCVE-2026-45325: Unquoted Dynamic Table Drop Or Showcve-2026-45325-unquoted-dynamic-table-drop-or-showCVE-2026-45332: Php Missing Totp Checkcve-2026-45332-php-missing-totp-checkCVE-2026-45346: Svelte Unsanitized Html Directive Xsscve-2026-45346-svelte-unsanitized-html-directive-xssCVE-2026-45357: Liquidjs Unvalidated Fs Fallbackcve-2026-45357-liquidjs-unvalidated-fs-fallbackCVE-2026-45365: Fastapi Internal Auth Bypass Flag As Query Paramcve-2026-45365-fastapi-internal-auth-bypass-flag-as-query-paramCVE-2026-45575: Insecure Hostnameverifier Chain Iterationcve-2026-45575-insecure-hostnameverifier-chain-iterationCVE-2026-45617: Fallback Path Traversal Yieldcve-2026-45617-fallback-path-traversal-yieldCVE-2026-45618: Liquidjs Missing Root Containment Fallbackcve-2026-45618-liquidjs-missing-root-containment-fallbackCVE-2026-45675: First User Admin Toctoucve-2026-45675-first-user-admin-toctouCVE-2026-45707: N8n Workflow Connection Index Shiftcve-2026-45707-n8n-workflow-connection-index-shiftCVE-2026-45725: Path Traversal Via Url Pathcve-2026-45725-path-traversal-via-url-pathCVE-2026-45783: Kad Dht Eclipse Vulnerabilitycve-2026-45783-kad-dht-eclipse-vulnerabilityCVE-2026-45799: Kotlin Protobuf Missing Negative Length Checkcve-2026-45799-kotlin-protobuf-missing-negative-length-checkCVE-2026-46345: Jinja Recursive Ssticve-2026-46345-jinja-recursive-sstiCVE-2026-46368: Openwrt Rpcd Init Command Injectioncve-2026-46368-openwrt-rpcd-init-command-injectionCVE-2026-46374: Sqlfluff Databricks Dos Missing Parameter Rulescve-2026-46374-sqlfluff-databricks-dos-missing-parameter-rulesCVE-2026-46378: Unbounded Peek Loopcve-2026-46378-unbounded-peek-loopCVE-2026-46415: Caddy Middleware Unsafe Remoteaddrcve-2026-46415-caddy-middleware-unsafe-remoteaddrCVE-2026-46439: Python Jinja Recursive Ssticve-2026-46439-python-jinja-recursive-sstiCVE-2026-46510: Prototype Pollution Via In Operatorcve-2026-46510-prototype-pollution-via-in-operatorCVE-2026-46679: Kad Dht Insufficient Initial Peerscve-2026-46679-kad-dht-insufficient-initial-peersCVE-2026-46719: Perl Net Statsd Lite Metric Injectioncve-2026-46719-perl-net-statsd-lite-metric-injectionCVE-2026-47092: Insecure Comspec Executioncve-2026-47092-insecure-comspec-executionCVE-2026-47125: Go Env File Write Without Key Regex Validationcve-2026-47125-go-env-file-write-without-key-regex-validationCVE-2026-47131: Sandbox Apply Trap Indirection Bypasscve-2026-47131-sandbox-apply-trap-indirection-bypassCVE-2026-47135: Incomplete Symbol For Namespace Blockcve-2026-47135-incomplete-symbol-for-namespace-blockCVE-2026-47138: Js Redos Adjacent Greedy Quantifiers On User Inputcve-2026-47138-js-redos-adjacent-greedy-quantifiers-on-user-inputCVE-2026-47139: Bypass Node Internal Modules Filtercve-2026-47139-bypass-node-internal-modules-filterCVE-2026-47140: Node Module Denylist Bypasscve-2026-47140-node-module-denylist-bypassCVE-2026-47210: Vm2 Jspi Sandbox Escapecve-2026-47210-vm2-jspi-sandbox-escapeCVE-2026-47269: Python Shell Command Injection Via String Formattingcve-2026-47269-python-shell-command-injection-via-string-formattingCVE-2026-47392: Agent Tool Static File Operationscve-2026-47392-agent-tool-static-file-operationsCVE-2026-47393: Ai Agent Uncontained File Operationcve-2026-47393-ai-agent-uncontained-file-operationCVE-2026-47394: Agent Tool Static File Access Bypasscve-2026-47394-agent-tool-static-file-access-bypassCVE-2026-47396: Ai Agent Tool Static File Sandbox Bypasscve-2026-47396-ai-agent-tool-static-file-sandbox-bypassCVE-2026-47397: Unsafe Static File Mutation Agentcve-2026-47397-unsafe-static-file-mutation-agentCVE-2026-47405: Static Path Validation Sandbox Bypasscve-2026-47405-static-path-validation-sandbox-bypassCVE-2026-47406: Praisonai Unisolated File Opcve-2026-47406-praisonai-unisolated-file-opCVE-2026-47407: Python Agent Tool Static File Operationcve-2026-47407-python-agent-tool-static-file-operationCVE-2026-47410: Static Method File Operation Sandbox Bypasscve-2026-47410-static-method-file-operation-sandbox-bypassCVE-2026-47414: Ai Agent Unscoped File Operationcve-2026-47414-ai-agent-unscoped-file-operationCVE-2026-47416: Ai Agent Unconfined File Operationcve-2026-47416-ai-agent-unconfined-file-operationCVE-2026-47744: Livewire Password Get Leakcve-2026-47744-livewire-password-get-leakCVE-2026-47759: Unsanitized Dynamic Attribute Restorecve-2026-47759-unsanitized-dynamic-attribute-restoreCVE-2026-47762: Tinymce Unsafe Astnode Xsscve-2026-47762-tinymce-unsafe-astnode-xssCVE-2026-47783: Auth Comparison Timing Leakcve-2026-47783-auth-comparison-timing-leakCVE-2026-4800: Unvalidated Dynamic Code Evaluationcve-2026-4800-unvalidated-dynamic-code-evaluationCVE-2026-48064: Python Shell Command Injectioncve-2026-48064-python-shell-command-injectionCVE-2026-4809: Laravel Mediable Prefer Client Mime Typecve-2026-4809-laravel-mediable-prefer-client-mime-typeCVE-2026-48544: Python Dynamic Method Json Loads Oomcve-2026-48544-python-dynamic-method-json-loads-oomCVE-2026-4868: Gitlab Improper Scan Grouping By Scanner Onlycve-2026-4868-gitlab-improper-scan-grouping-by-scanner-onlyCVE-2026-49128: Mpd Unvalidated Relative Uricve-2026-49128-mpd-unvalidated-relative-uriCVE-2026-5262: Gitlab Incomplete Scanner Groupingcve-2026-5262-gitlab-incomplete-scanner-groupingCVE-2026-5271: Python Sys Path Empty Stringcve-2026-5271-python-sys-path-empty-stringCVE-2026-5301: Rust Shell Command Injectioncve-2026-5301-rust-shell-command-injectionCVE-2026-5405: Qt Minizip Path Traversalcve-2026-5405-qt-minizip-path-traversalCVE-2026-5412: Juju Cloudspec Newcloudspec Missing Authorizercve-2026-5412-juju-cloudspec-newcloudspec-missing-authorizerCVE-2026-5503: Wolfssl Tlsx Find Unconditional Extensions Reassigncve-2026-5503-wolfssl-tlsx-find-unconditional-extensions-reassignCVE-2026-5747: Eager Device Instantiation Doscve-2026-5747-eager-device-instantiation-dosCVE-2026-5752: Pyodide Jsglobals Prototype Chain Escapecve-2026-5752-pyodide-jsglobals-prototype-chain-escapeCVE-2026-5816: Gitlab Missing Composite Key Resolutioncve-2026-5816-gitlab-missing-composite-key-resolutionCVE-2026-6057: Nodejs Formdata File Name Path Traversalcve-2026-6057-nodejs-formdata-file-name-path-traversalCVE-2026-6266: Unconditional Self Edit Privilegecve-2026-6266-unconditional-self-edit-privilegeCVE-2026-6270: Fastify Express Middleware Double Prefix Auth Bypasscve-2026-6270-fastify-express-middleware-double-prefix-auth-bypassCVE-2026-6409: Php Missing Negative Size Check In Buffer Readcve-2026-6409-php-missing-negative-size-check-in-buffer-readCVE-2026-6654: Draining Iterator Stale Slice From Raw Parts Uafcve-2026-6654-draining-iterator-stale-slice-from-raw-parts-uafCVE-2026-6823: System Prompt Py Cwe 000 Cve 2026 6823cve-2026-6823-system-prompt-py-cwe-000-cve-2026-6823CVE-2026-6911: Python Jwt Payload Decoded Without Signature Verificationcve-2026-6911-python-jwt-payload-decoded-without-signature-verificationCVE-2026-6942: R2mcp Incomplete Shell Metachar Filter Cve 2026 6942cve-2026-6942-r2mcp-incomplete-shell-metachar-filter-cve-2026-6942CVE-2026-7482: Unsafe Slice Unvalidated Count After Io Readallcve-2026-7482-unsafe-slice-unvalidated-count-after-io-readallCVE-2026-7507: Fail Open Validation Null Check Bypasscve-2026-7507-fail-open-validation-null-check-bypassCVE-2026-7573: Cve 2026 7573 User Context Identity Discarded No Authzcve-2026-7573-cve-2026-7573-user-context-identity-discarded-no-authzCVE-2026-8177: Cve 2026 8177 Unchecked Utf8 Decodecve-2026-8177-cve-2026-8177-unchecked-utf8-decodeCVE-2026-8178: Missing Format Validation In Url Host Buildercve-2026-8178-missing-format-validation-in-url-host-builderCVE-2026-8181: Wp Authenticate Application Password Iswperror Only Checkcve-2026-8181-wp-authenticate-application-password-iswperror-only-checkCVE-2026-8209: Php Path Traversal Blacklist Str Replacecve-2026-8209-php-path-traversal-blacklist-str-replaceCVE-2026-8656: Html Quoted Entity Interpolation Without Escapecve-2026-8656-html-quoted-entity-interpolation-without-escapeCVE-2026-8700: Perl Rand For Cryptographic Bytescve-2026-8700-perl-rand-for-cryptographic-bytesCVE-2026-8704: Perl Unsafe Two Arg Opencve-2026-8704-perl-unsafe-two-arg-openCVE-2026-8723: Qs Stringify Comma MaybeMap Unguarded Encodercve-2026-8723-qs-stringify-comma-maybemap-unguarded-encoderCVE-2026-8738: Publiccms Trade Payment Idor Missing Session Usercve-2026-8738-publiccms-trade-payment-idor-missing-session-userCVE-2026-8836: Lwip Snmp Asn1 Dec Raw Aliased Length And Bufmaxcve-2026-8836-lwip-snmp-asn1-dec-raw-aliased-length-and-bufmaxCVE-2026-8890: Next Middleware Unvalidated Header Bypasscve-2026-8890-next-middleware-unvalidated-header-bypassCVE-2026-8915: Escargot Resizable Arraybuffer Oobcve-2026-8915-escargot-resizable-arraybuffer-oobCVE-2026-9064: 389 Ds Unbounded Ldap Controlscve-2026-9064-389-ds-unbounded-ldap-controls