Search Vulnerabilities

FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force

Apr 21, 2026

CVE-2026-40306

DNN has same HostGUID for all new installs

Apr 17, 2026

CVE-2026-33710

Chamilo LMS has Weak REST API Key Generation (Predictable)

Apr 10, 2026

CVE-2026-34511

OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter

Apr 3, 2026

CVE-2025-15603

open-webui JWT Key start_windows.bat random values

Mar 9, 2026

CVE-2026-25072

XikeStor SKS8310-8X Predictable Session Identifiers

Mar 7, 2026

CVE-2026-20101

A vulnerability in the SAML 2

Mar 4, 2026

CVE-2026-28415

Gradio has Open Redirect in OAuth Flow

CVE-2026-27755

SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID

CVE-2026-23999

Fleet: Device lock PIN can be predicted if lock time is known

Feb 26, 2026

CVE-2026-27637

FreeScout's Predictable Authentication Token Enables Account Takeover

Feb 25, 2026

CVE-2024-48928

Piwigo's secret key can be brute forced

CVE-2026-27515

Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers

CVE-2026-2966

Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values

Feb 23, 2026

CVE-2025-15574

Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection

Feb 12, 2026

CVE-2025-64097

NervesHub has Insufficient Token Entropy that Allows Authentication Bypass via Brute Force

Jan 22, 2026

CVE-2025-68704

Jervis has a Weak Random for Timing Attack Mitigation

Jan 13, 2026

CVE-2025-11723

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure

Jan 6, 2026

CVE-2026-21444

libtpms returns wrong initialization vector when certain symmetric ciphers are used

Jan 2, 2026

CVE-2025-11707

Dec 13, 2025

Showing 1 - 20 of 1,000+ results

...

Searching...

Filters

1,000+ results

CVE-2026-40496

FreeScout has Predictable Attachment Token that Allows Unauthenticated Private File Download via Brute Force

Apr 21, 2026

CVE-2026-40306

DNN has same HostGUID for all new installs

Apr 17, 2026

CVE-2026-33710

Chamilo LMS has Weak REST API Key Generation (Predictable)

Apr 10, 2026

CVE-2026-34511

OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter

Apr 3, 2026

CVE-2025-15603

open-webui JWT Key start_windows.bat random values

Mar 9, 2026

CVE-2026-25072

XikeStor SKS8310-8X Predictable Session Identifiers

Mar 7, 2026

CVE-2026-20101

A vulnerability in the SAML 2

Mar 4, 2026

CVE-2026-28415

Gradio has Open Redirect in OAuth Flow

CVE-2026-27755

SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID

CVE-2026-23999

Fleet: Device lock PIN can be predicted if lock time is known

Feb 26, 2026

CVE-2026-27637

FreeScout's Predictable Authentication Token Enables Account Takeover

Feb 25, 2026

CVE-2024-48928

Piwigo's secret key can be brute forced

CVE-2026-27515

Binardat 10G08-0800GSM Network Switch Predictable Session Identifiers

CVE-2026-2966

Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values

Feb 23, 2026

CVE-2025-15574

Insecure Credential Generation for Solax Power Pocket WiFi models MQTT Cloud Connection

Feb 12, 2026

CVE-2025-64097

NervesHub has Insufficient Token Entropy that Allows Authentication Bypass via Brute Force

Jan 22, 2026

CVE-2025-68704

Jervis has a Weak Random for Timing Attack Mitigation

Jan 13, 2026

CVE-2025-11723

Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.9.5 - Unauthenticated Sensitive Information Exposure

Jan 6, 2026

CVE-2026-21444

libtpms returns wrong initialization vector when certain symmetric ciphers are used

Jan 2, 2026

CVE-2025-11707