Total CVEs

140,323

Critical Severity

3,747

High Severity

13,514

Last 7 Days

1,800
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1 - 20 of 36,728 CVEs
CVE-2026-13486 HIGH - 7.3

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0/6.php. This impacts an unknown function of the file /preview6.php. Executing a manipulation of the argument course_year_section can lead to sql injection. The attack can be launched remotely. The exploit has been ...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13485 HIGH - 7.3

A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument course_year_section results in sql injection. The attack can be initiated remotely. The exploit has been made public...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jun 28, 2026
Source: NVD
CVE-2026-13484 MEDIUM - 5.0

A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the component Experiment-scoped Label Schema CRUD API. Such manipulation leads to missing authorization. It is possible to launch the attack remotely. A high comple...

Product: MLflow
Published: Jun 28, 2026
Source: NVD
CVE-2026-13483 LOW - 3.1

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_credentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the at...

Vendor: arc53
Product: DocsGPT
Published: Jun 28, 2026
Source: NVD
CVE-2026-13482 LOW - 3.7

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by high c...

Vendor: skypilot-org
Product: skypilot
Published: Jun 28, 2026
Source: NVD
CVE-2026-10646 HIGH - 7.4

Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocated state object (struct getaddrinfo_state ai_state) as the user_data of an asynchronous DNS resolver query. The socket layer waits on a semaphore with a timeout deliberate...

Vendor: zephyrproject
Product: zephyr
Published: Jun 28, 2026
Source: NVD
CVE-2026-10644 MEDIUM - 4.2

The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous (DMA) receive path. When uart_rx_enable() is invoked with a one-byte receive buffer (len == 1) and CONFIG_UART_MCHP_ASYNC is enabled, the...

Vendor: zephyrproject
Product: zephyr
Published: Jun 28, 2026
Source: NVD
CVE-2026-10593 MEDIUM - 6.5

The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE state notifications. In unicast_client_ep_qos_state() (subsys/bluetooth/audio/bap_unicast_client.c), the handler writes attacker-controlled QoS fields (interval, framing, phy, sdu, rtn, latency, pd) t...

Vendor: zephyrproject
Product: zephyr
Published: Jun 28, 2026
Source: NVD
CVE-2026-58058 MEDIUM - 6.5

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a cra...

Vendor: Nmap
Product: Nmap
Published: Jun 28, 2026
Source: NVD
CVE-2026-58057 MEDIUM - 5.0

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who can configur...

Vendor: Flowise
Product: Flowise
Published: Jun 28, 2026
Source: NVD
CVE-2026-58056 HIGH - 7.6

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded sc...

Vendor: RustDesk
Product: RustDesk
Published: Jun 28, 2026
Source: NVD
CVE-2026-58055 MEDIUM - 5.4

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting ...

Vendor: nghttp2
Product: nghttp2
Published: Jun 28, 2026
Source: NVD
CVE-2026-58054 HIGH - 7.2

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group (gid 4) and its datahandler's verify_usergroup() unconditionally returns true. An admin holding only the delegated user-man...

Vendor: MyBB
Product: MyBB
Published: Jun 28, 2026
Source: NVD
CVE-2026-58053 CRITICAL - 9.9

Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --s...

Vendor: Gitea
Product: act_runner
Published: Jun 28, 2026
Source: NVD
CVE-2026-58052 LOW - 3.3

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA...

Vendor: 7-Zip
Product: 7-Zip
Published: Jun 28, 2026
Source: NVD
CVE-2026-58051 MEDIUM - 6.5

libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2_publickey_list_free operating on an uninitialized entry. A malicious SSH server offering the publickey...

Vendor: libssh2
Product: libssh2
Published: Jun 28, 2026
Source: NVD
CVE-2026-58050 HIGH - 7.0

libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit platforms the multiplication overflows to an undersized buffer. A malicio...

Vendor: libssh2
Product: libssh2
Published: Jun 28, 2026
Source: NVD
CVE-2026-58049 HIGH - 8.6

FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel rather than byte units, so a DLTA run on a PAL8 frame can access several bytes past the row allocation...

Vendor: FFmpeg
Product: FFmpeg
Published: Jun 28, 2026
Source: NVD
CVE-2026-8095 HIGH - 8.1

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler, where supplying WPFM_DIR_PA...

Published: Jun 28, 2026
Source: NVD
CVE-2026-10643 HIGH - 8.7

Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg_controllen < pktinfo_len) before writing a full control message consisting of an aligned cms...

Vendor: zephyrproject
Product: zephyr
Published: Jun 28, 2026
Source: NVD