| CVE-2026-24853 | Caido is a web security auditing toolkit. Prior to 0.55.0, Caido blocks non whitelisted domains to reach out through the 8080 port, and shows Host/IP is not allowed to connect to Caido on all endpoints. But this is bypassable by injecting a X-Forwarded-Host: 127.0.0.1:8080 header. This vulnerability is fixed in 0.55.0. | high |
| CVE-2025-70956 | A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves critical resources (specifically libraries and log) from the parent state to a new child state in a non-atomic manner. If an Out-of-Gas (OOG) exception occurs after resources are moved but before the state transition is finalized, the parent VM retains a corrupted state where these resources are emptied/invalid. Because RUNVM supports gas isolation, the parent VM continues execution with this corrupted state, leading to unexpected behavior or denial of service within the contract's context. | high |
| CVE-2025-36552 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority... | critical |
| CVE-2025-35997 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority... | critical |
| CVE-2025-32009 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority... | critical |
| CVE-2025-20089 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority... | critical |
| CVE-2026-1844 | The PixelYourSite PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pysTrafficSource' parameter and the 'pys_landing_page' parameter in all versions up to, and including, 12.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | high |
| CVE-2025-15157 | The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function in all versions up to, and including, 3.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | high |
| CVE-2026-26335 | Calero VeraSMART versions prior to 2022 R1 use static ASP.NET/IIS machineKey values configured for the VeraSMART web application and stored in C:\\Program Files (x86)\\Veramark\\VeraSMART\\WebRoot\\web.config. An attacker who obtains these keys can craft a valid ASP.NET ViewState payload that passes integrity validation and is accepted by the application, resulting in server-side deserialization and remote code execution in the context of the IIS application. | critical |
| CVE-2026-26334 | Calero VeraSMART versions prior to 2026 R1 contain hardcoded static AES encryption keys within Veramark.Framework.dll (Veramark.Core.Config class). These keys are used to encrypt the password of the service account stored in C:\\VeraSMART Data\\app.settings. An attacker with local access to the system can extract the hardcoded keys from the Veramark.Framework.dll module and decrypt the stored credentials. The recovered credentials can then be used to authenticate to the Windows host, potentially resulting in local privilege escalation depending on the privileges of the configured service account. | high |
| CVE-2025-68128 | Rejected reason: reserved but not needed | No Score |
| CVE-2025-68125 | Rejected reason: reserved but not needed | No Score |
| CVE-2025-68124 | Rejected reason: reserved but not needed | No Score |
| CVE-2025-58184 | Rejected reason: reserved but not needed | No Score |
| CVE-2025-58182 | Rejected reason: reserved but not needed | No Score |
| CVE-2025-47915 | Rejected reason: reserved but not needed | No Score |
| CVE-2023-45291 | Rejected reason: reserved but not needed | No Score |
| CVE-2026-26269 | Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148. | medium |
| CVE-2026-26264 | BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0rc4 and 1.4.3rc2, a malformed WriteProperty request can trigger a length underflow in the BACnet stack, leading to an out‑of‑bounds read and a crash (DoS). The issue is in wp.c within wp_decode_service_request. When decoding the optional priority context tag, the code passes apdu_len - apdu_size to bacnet_unsigned_context_decode without validating that apdu_size <= apdu_len. If a truncated APDU reaches this path, apdu_len - apdu_size underflows, resulting in a large size being used for decoding and an out‑of‑bounds read. This vulnerability is fixed in 1.5.0rc4 and 1.4.3rc2. | high |
| CVE-2026-2441 | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | high |
| CVE-2026-26208 | ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserialize the App.txt settings file using Newtonsoft.Json with TypeNameHandling set to Objects. This allows an attacker to supply a crafted JSON file containing a gadget chain (e.g., ObjectDataProvider) to execute arbitrary code when the application launches and subsequently saves its settings. This vulnerability is fixed in Beta 0.9.26020. | high |
| CVE-2026-26190 | Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus exposes TCP port 9091 by default, which enables authentication bypasses. The /expr debug endpoint uses a weak, predictable default authentication token derived from etcd.rootPath (default: by-dev), enabling arbitrary expression evaluation. The full REST API (/api/v1/*) is registered on the metrics/management port without any authentication, allowing unauthenticated access to all business operations including data manipulation and credential management. This vulnerability is fixed in 2.5.27 and 2.6.10. | critical |
| CVE-2026-25991 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, there is a Blind Server-Side Request Forgery (SSRF) vulnerability in the Cookmate recipe import feature of Tandoor Recipes. The application fails to validate the destination URL after following HTTP redirects, allowing any authenticated user (including standard users without administrative privileges) to force the server to connect to arbitrary internal or external resources. The vulnerability lies in cookbook/integration/cookmate.py, within the Cookmate integration class. This vulnerability can be leveraged to scan internal network ports, access cloud instance metadata (e.g., AWS/GCP Metadata Service), or disclose the server's real IP address. This vulnerability is fixed in 2.5.1. | high |
| CVE-2026-25964 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This vulnerability stems from a lack of input validation in the file_path parameter and insufficient checks in the Local storage backend, enabling an attacker to bypass storage directory restrictions and access sensitive system files (e.g., /etc/passwd) or application configuration files (e.g., settings.py), potentially leading to full system compromise. This vulnerability is fixed in 2.5.1. | medium |
| CVE-2025-36545 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36534 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36532 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36526 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36524 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36523 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-36517 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-35993 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-35961 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-35960 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-32734 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-32733 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-32090 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-31942 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-31364 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-31358 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-31145 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-29869 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-27941 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-27569 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-27251 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24524 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24518 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24492 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24321 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24300 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
