Total CVEs

145,521

Critical Severity

4,252

High Severity

15,657

Last 7 Days

2,330
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,681 - 23,700 of 41,926 CVEs
CVE-2026-34179 CRITICAL - 9.1

In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileg...

Vendor: Canonical
Product: lxd
Published: Apr 09, 2026
Source: NVD
CVE-2026-34178 CRITICAL - 9.1

In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same archive that is never checked against project restrictions. An authenticate...

Vendor: Canonical
Product: lxd
Published: Apr 09, 2026
Source: NVD
CVE-2026-34177 CRITICAL - 9.1

Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attack...

Vendor: Canonical
Product: lxd
Published: Apr 09, 2026
Source: NVD
CVE-2025-62188 HIGH - 7.5

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.*. Users are r...

Vendor: Apache Software Foundation
Product: Apache DolphinScheduler
Published: Apr 09, 2026
Source: NVD
CVE-2026-5854 CRITICAL - 9.8

A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEasyCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument merge results in os command injection. It is possible to initiate the ...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5853 CRITICAL - 9.8

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument addrPrefixLen leads to os command injection. The attack m...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5852 CRITICAL - 9.8

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The ex...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5851 CRITICAL - 9.8

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument enable results in os command injection. The attack can be executed remotely. The exploit ...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5850 CRITICAL - 9.8

A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument pptpPassThru leads to os command injection. Remote exploitation of the attack is possible. ...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5849 HIGH - 7.3

A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Published: Apr 09, 2026
Source: NVD
CVE-2026-5848 MEDIUM - 4.7

A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data Source Handler. Performing a manipulation of the argument dbUrl results in code injection. The atta...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5847 MEDIUM - 4.3

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disc...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5844 HIGH - 7.2

A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the component HNAP1 SetNetworkSettings Handler. The manipulation of the argument IPAddress results in os command injection. The attack may be performed from remote. The exploit has been made...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5842 HIGH - 7.3

A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation leads to authorization bypass. The attack is possible to be carried out remotely. The exploit has be...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5841 HIGH - 7.3

A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack can be executed remotely. The exploit has been made available to the public and could be...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5840 MEDIUM - 4.7

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been relea...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5839 MEDIUM - 4.7

A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescription leads to sql injection. The attack may be launched remotely. The exploit is publicly available a...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5838 MEDIUM - 4.7

A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5742 MEDIUM - 6.4

The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. This is due to insufficient input sanitization of user-supplied URL fields and improper output escaping when rendering user profile data in badge widgets. This makes it possible for ...

Published: Apr 09, 2026
Source: NVD
CVE-2026-4336 MEDIUM - 6.4

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling html_entity_decode() on post_content during rendering in the set_display_variables() function (View.FAQ.class.ph...

Published: Apr 09, 2026
Source: NVD