Total CVEs

145,577

Critical Severity

4,257

High Severity

15,676

Last 7 Days

2,350
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,781 - 21,800 of 41,982 CVEs
CVE-2026-6748 CRITICAL - 9.8

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6747 HIGH - 7.5

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6746 HIGH - 7.5

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-40520 HIGH - 7.2

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL m...

Vendor: FreePBX
Product: api
Published: Apr 21, 2026
Source: NVD

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (ssh_sftpd) stores the raw, user-supplied ...

Vendor: Erlang
Product: OTP
Published: Apr 21, 2026
Source: NVD

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful exploitati...

Vendor: Quantum Networks
Product: Router QN-I-470
Published: Apr 21, 2026
Source: NVD

This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading to...

Vendor: Quantum Networks
Product: Router QN-I-470
Published: Apr 21, 2026
Source: NVD

Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0.

Vendor: composer
Product: typo3/cms-backend
Published: Apr 21, 2026
Source: NVD

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vu...

Vendor: Quantum Networks
Product: Router QN-I-470
Published: Apr 21, 2026
Source: NVD

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vu...

Vendor: Quantum Networks
Product: Router QN-I-470
Published: Apr 21, 2026
Source: NVD

Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote a...

Published: Apr 21, 2026
Source: NVD
CVE-2026-39467 HIGH - 7.2

Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.

Vendor: MetaSlider
Product: Responsive Slider by MetaSlider
Published: Apr 21, 2026
Source: NVD

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is caused by inadequate validation of user-supplied input. An attacker can exploit this vulnerability by sending malicious requests. If the vulnerability is succes...

Vendor: Zervit
Product: portable HTTP/Web server
Published: Apr 21, 2026
Source: NVD
CVE-2026-6712 MEDIUM - 4.4

The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions a...

Published: Apr 21, 2026
Source: NVD
CVE-2026-6711 MEDIUM - 6.1

The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filter_input() without a sanitization filter and insufficient output escaping. This makes it possible for...

Published: Apr 21, 2026
Source: NVD
CVE-2026-6703 MEDIUM - 4.3

The Responsive Blocks โ€“ Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authentica...

Published: Apr 21, 2026
Source: NVD
CVE-2026-31370 MEDIUM - 6.3

Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.

Vendor: Honor
Product: Honor E
Published: Apr 21, 2026
Source: NVD

PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability

Vendor: Honor
Product: PcManager
Published: Apr 21, 2026
Source: NVD
CVE-2026-31368 HIGH - 7.8

AiAssistant is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.

Vendor: Honor
Product: AIAssistant
Published: Apr 21, 2026
Source: NVD
CVE-2026-5965 CRITICAL - 9.8

NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

Published: Apr 21, 2026
Source: NVD