Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,646
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,881 - 21,900 of 40,623 CVEs
CVE-2026-6120 HIGH - 8.8

A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and ...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6119 MEDIUM - 6.3

A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. ...

Published: Apr 12, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR maybe_fork_scalars() is called for both BPF_AND and BPF_OR when the source operand is a constant. When dst has signed range [-1, 0], it forks the verifier state: ...

Vendor: Linux
Product: Linux
Published: Apr 12, 2026
Source: NVD
CVE-2026-6118 MEDIUM - 6.3

A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the argument command causes command injection. The attack is possible to be carried out remote...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6117 MEDIUM - 6.3

A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of the argument File results in sandbox issue. The attack can be executed rem...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6116 CRITICAL - 9.8

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument ip leads to os command injection. Remote exploitation of the attack is poss...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6115 CRITICAL - 9.8

A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has be...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6114 CRITICAL - 9.8

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument proto results in os command injection. The attack may be initiated remo...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6113 CRITICAL - 9.8

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument ttyEnable leads to os command injection. The attack ca...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6112 CRITICAL - 9.8

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument maxRtrAdvInterval causes os command injection. The attack can be initiated remotely. The expl...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6111 MEDIUM - 6.3

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit h...

Vendor: pip
Product: metagpt
Published: Apr 12, 2026
Source: NVD
CVE-2026-6110 HIGH - 7.3

A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit is pu...

Vendor: pip
Product: metagpt
Published: Apr 12, 2026
Source: NVD
CVE-2026-1116 HIGH - 8.2

A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This al...

Vendor: lollms
Product: lollms
Published: Apr 12, 2026
Source: NVD
CVE-2026-6109 MEDIUM - 4.3

A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing a manipulation can lead to cross-site request forgery. The attack ma...

Vendor: pip
Product: metagpt
Published: Apr 12, 2026
Source: NVD
CVE-2026-6108 MEDIUM - 6.3

A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Model Context Protocol Node. Performing a manipulation results in os command injection. The attack is po...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6107 LOW - 3.5

A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attac...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6106 LOW - 3.5

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting....

Published: Apr 11, 2026
Source: NVD
CVE-2026-6105 HIGH - 7.3

A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component doInstall Interface. The manipulation leads to improper authorization. The attack may be initiated r...

Published: Apr 11, 2026
Source: NVD
CVE-2026-31845 CRITICAL - 9.3

A reflected cross-site scripting (XSS) vulnerability exists in Rukovoditel CRM version 3.6.4 and earlier in the Zadarma telephony API endpoint (/api/tel/zadarma.php). The application directly reflects user-supplied input from the 'zd_echo' GET parameter into the HTTP response without prope...

Vendor: Rukovoditel
Product: Rukovoditel CRM
Published: Apr 11, 2026
Source: NVD

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confineme...

Vendor: Gleam
Product: Gleam
Published: Apr 11, 2026
Source: NVD