Total CVEs

145,906

Critical Severity

4,292

High Severity

15,777

Last 7 Days

2,236
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,521 - 23,540 of 42,311 CVEs
CVE-2026-6143 MEDIUM - 6.3

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be ...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6142 HIGH - 7.3

A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the a...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6141 MEDIUM - 6.3

A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6140 CRITICAL - 9.8

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument FileName results in os command injection. The attack may be initiated remotely. Th...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6139 CRITICAL - 9.8

A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The explo...

Published: Apr 13, 2026
Source: NVD
CVE-2026-25204 MEDIUM - 6.2

Deserialization of untrusted data vulnerability in Samsung Open Source Escarogt Java Script allows denial of service condition via process abort. This issue affects escarogt prior toย commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335

Vendor: Samsung Open Source
Product: Escargot
Published: Apr 13, 2026
Source: NVD
CVE-2026-6138 CRITICAL - 9.8

A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mac causes os command injection. The attack can be initiated remotely. The exploit ...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6137 HIGH - 8.8

A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6136 HIGH - 8.8

A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publi...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6135 HIGH - 8.8

A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made avai...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6134 HIGH - 8.8

A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The ex...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6133 HIGH - 8.8

A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and migh...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6132 CRITICAL - 9.8

A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument enable causes os command injection. Remote exploitation of the attack is possible...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6131 CRITICAL - 9.8

A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument command results in os command injection. The attack may be launched remo...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6130 HIGH - 7.3

A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management System. Executing a manipulation of the argument args/env can lead to os command injection...

Published: Apr 12, 2026
Source: NVD
CVE-2026-6129 HIGH - 7.3

A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is now public and may be used. The pro...

Published: Apr 12, 2026
Source: NVD
CVE-2026-40396 MEDIUM - 4.0

Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session releases its worker thread (timeout_linger) and resume traffic before the session is closed ...

Vendor: varnish-software
Product: Varnish Cache
Published: Apr 12, 2026
Source: NVD
CVE-2026-40395 MEDIUM - 4.0

Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, which is normally the original read-only request from which req is derived (readable and...

Vendor: varnish-software
Product: Varnish Enterprise
Published: Apr 12, 2026
Source: NVD
CVE-2026-40394 MEDIUM - 4.0

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request...

Vendor: varnish-software
Product: Varnish Cache
Published: Apr 12, 2026
Source: NVD
CVE-2026-40393 HIGH - 8.1

In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca.

Vendor: mesa3d
Product: Mesa
Published: Apr 12, 2026
Source: NVD