Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,632
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 20,641 - 20,660 of 40,623 CVEs
CVE-2026-6588 MEDIUM - 6.5

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched rem...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6587 MEDIUM - 6.3

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the component Collections Module. Performing a manipulation of the argum...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6586 MEDIUM - 6.3

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. Th...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6585 MEDIUM - 5.4

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypas...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6584 MEDIUM - 5.4

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be perfo...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6583 MEDIUM - 5.4

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be car...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6582 HIGH - 7.3

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6581 HIGH - 8.8

A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now pu...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6580 HIGH - 7.3

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The attack may be launched...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6579 MEDIUM - 6.5

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the publi...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6578 MEDIUM - 5.6

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET_KEY results in hard-coded credentials. The attack can be launched remotely. The ...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6577 HIGH - 7.3

A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly ava...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6576 MEDIUM - 6.3

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is possible...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6574 HIGH - 7.3

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The ex...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6573 MEDIUM - 6.3

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. T...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6572 MEDIUM - 5.6

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote e...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6571 MEDIUM - 6.3

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotel...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6570 LOW - 2.7

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been ...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6569 HIGH - 7.3

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The ven...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6568 HIGH - 7.3

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remo...

Published: Apr 19, 2026
Source: NVD