Total CVEs

143,835

Critical Severity

4,094

High Severity

14,788

Last 7 Days

1,466
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,441 - 21,460 of 40,240 CVEs

Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD

Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD
CVE-2026-28553 MEDIUM - 6.9

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendor: Huawei
Product: HarmonyOS, EMUI
Published: Apr 13, 2026
Source: NVD

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser

Published: Apr 13, 2026
Source: NVD
CVE-2026-6152 HIGH - 7.3

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFF_ID causes sql injection. The attack can be initiated remotely. The exploit has been pu...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6151 HIGH - 7.3

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMER_ID results in sql injection. It is possible to launch the attack remotely. The exploit has...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6150 MEDIUM - 4.3

A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the ...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6149 HIGH - 7.3

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCH_ID can lead to sql injection. The attack may be performed from remote. The ex...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6148 HIGH - 7.3

A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCH_ID results in sql injection. The attack is possible ...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6143 MEDIUM - 6.3

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be ...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6142 HIGH - 7.3

A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the a...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6141 MEDIUM - 6.3

A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6140 CRITICAL - 9.8

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely. Th...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6139 CRITICAL - 9.8

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The explo...

Published: Apr 13, 2026
Source: NVD
CVE-2026-25204 MEDIUM - 6.2

Deserialization of untrusted data vulnerability in Samsung Open Source Escarogt Java Script allows denial of service condition via process abort. This issue affects escarogt prior toย commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335

Vendor: Samsung Open Source
Product: Escargot
Published: Apr 13, 2026
Source: NVD
CVE-2026-6138 CRITICAL - 9.8

A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit ...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6137 HIGH - 8.8

A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6136 HIGH - 8.8

A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publi...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6135 HIGH - 8.8

A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made avai...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6134 HIGH - 8.8

A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The ex...

Published: Apr 12, 2026
Source: NVD