Total CVEs

145,438

Critical Severity

4,245

High Severity

15,631

Last 7 Days

2,406
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 23,321 - 23,340 of 41,843 CVEs
CVE-2026-6030 MEDIUM - 6.3

A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Published: Apr 10, 2026
Source: NVD
CVE-2026-6029 CRITICAL - 9.8

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument User results in os command injection. The attack may be launched remotely. The ...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6028 CRITICAL - 9.8

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable leads to os command injection. The attack may be initiated remotely. T...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6027 CRITICAL - 9.8

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack can be launched remot...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6026 CRITICAL - 9.8

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument enable results in os command injection. The attack can be...

Published: Apr 10, 2026
Source: NVD
CVE-2026-4432 MEDIUM - 6.5

The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page, m...

Published: Apr 10, 2026
Source: NVD
CVE-2026-28704 HIGH - 7.8

Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck.

Vendor: Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)
Product: Emocheck
Published: Apr 10, 2026
Source: NVD
CVE-2026-1115 CRITICAL - 9.6

A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` function within `backend/routers/social/__init__.py`, where user-provided content is directly assigned...

Vendor: lollms
Product: lollms
Published: Apr 10, 2026
Source: NVD
CVE-2025-14545 MEDIUM - 6.5

The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process.

Vendor: Unknown
Product: YML for Yandex Market
Published: Apr 10, 2026
Source: NVD
CVE-2026-6025 CRITICAL - 9.8

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument enable leads to os command injection. It is possible to launch the attack remotely. The exp...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6024 HIGH - 7.3

A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be ut...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6016 HIGH - 8.8

A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of the argument WANS results in stack-based buffer overflow. The attack can be initiated remotely. The ...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6015 HIGH - 8.8

A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. T...

Published: Apr 10, 2026
Source: NVD

An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-zeros and the XOR is a no-op). However, totalSz is word32 ...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6014 HIGH - 8.8

A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup of the component POST Request Handler. This manipulation of the argument webpage causes buffer overflow. It is possible to initiate the attack remotely. The exploit has...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6013 HIGH - 8.8

A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /goform/formSetRoute of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack may be performed from remote. The exploit ...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6012 HIGH - 8.8

A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file /goform/formSetPassword of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is possible to be carried out remotely...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6011 MEDIUM - 5.6

A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler. Executing a manipulation can lead to server-side request forgery. The attack can be executed remot...

Published: Apr 10, 2026
Source: NVD

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems (users have read and execute access). For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any loca...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6010 MEDIUM - 6.3

A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploitation of the attack i...

Published: Apr 10, 2026
Source: NVD