Total CVEs

145,906

Critical Severity

4,292

High Severity

15,777

Last 7 Days

2,236
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,501 - 23,520 of 42,311 CVEs
CVE-2026-21003 MEDIUM - 6.8

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: Apr 13, 2026
Source: NVD
CVE-2026-6157 HIGH - 8.8

A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliSsid results in buffer overflow. The attack can be executed remotely. The exploit is now public and m...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6156 CRITICAL - 9.8

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument Comment leads to os command injection. Remote exploitation of the attack is pos...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6155 CRITICAL - 9.8

A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument pppoeServiceName can lead to os command injection. The attack may be launched remotely...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6154 CRITICAL - 9.8

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wizard results in os command injection. The attack may be initiated...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6153 HIGH - 7.3

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFF_ID leads to sql injection. The attack can be launched remotely. The exploit is publicly availabl...

Published: Apr 13, 2026
Source: NVD
CVE-2026-34867 MEDIUM - 5.6

Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD
CVE-2026-34860 MEDIUM - 4.1

Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD
CVE-2026-34856 HIGH - 7.3

UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD
CVE-2026-34853 HIGH - 7.7

Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS, EMUI
Published: Apr 13, 2026
Source: NVD
CVE-2026-34852 MEDIUM - 6.1

Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD

Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD

Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Apr 13, 2026
Source: NVD
CVE-2026-28553 MEDIUM - 6.9

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendor: Huawei
Product: HarmonyOS, EMUI
Published: Apr 13, 2026
Source: NVD

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser

Published: Apr 13, 2026
Source: NVD
CVE-2026-6152 HIGH - 7.3

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFF_ID causes sql injection. The attack can be initiated remotely. The exploit has been pu...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6151 HIGH - 7.3

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMER_ID results in sql injection. It is possible to launch the attack remotely. The exploit has...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6150 MEDIUM - 4.3

A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the ...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6149 HIGH - 7.3

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCH_ID can lead to sql injection. The attack may be performed from remote. The ex...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6148 HIGH - 7.3

A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCH_ID results in sql injection. The attack is possible ...

Published: Apr 13, 2026
Source: NVD