Total CVEs

145,923

Critical Severity

4,293

High Severity

15,785

Last 7 Days

2,179
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,941 - 23,960 of 42,328 CVEs
CVE-2026-21919 MEDIUM - 6.5

An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Denial-of-Service (DoS) of the management plane. When NETCONF sessions are quickly established and disc...

Vendor: Juniper Networks
Product: Junos OS, Junos OS Evolved
Published: Apr 09, 2026
Source: NVD
CVE-2026-21916 HIGH - 7.3

A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'fil...

Vendor: Juniper Networks
Product: Junos OS
Published: Apr 09, 2026
Source: NVD
CVE-2026-21915 MEDIUM - 6.7

A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their privileges to root. The CLI menu accepts input without carefully validating it, which allows for she...

Vendor: Juniper Networks
Product: JSI LWC
Published: Apr 09, 2026
Source: NVD
CVE-2026-21904 MEDIUM - 6.1

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the ta...

Vendor: Juniper Networks
Product: Junos Space
Published: Apr 09, 2026
Source: NVD
CVE-2025-59969 MEDIUM - 6.5

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service...

Vendor: Juniper Networks
Product: Junos OS Evolved
Published: Apr 09, 2026
Source: NVD
CVE-2025-13914 HIGH - 8.7

A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH con...

Vendor: Juniper Networks
Product: Apstra
Published: Apr 09, 2026
Source: NVD
CVE-2026-5980 HIGH - 8.8

A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation of the argument curTime causes buffer overflow. The attack may be initiated remotely. The exploit ha...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5979 HIGH - 8.8

A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The manipulation of the argument curTime results in buffer overflow. The attack can be launched remotely....

Published: Apr 09, 2026
Source: NVD
CVE-2026-5978 CRITICAL - 9.8

A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument mode leads to os command injection. The attack can be initiated remotely. The ...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5977 CRITICAL - 9.8

A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument wifiOff can lead to os command injection. It is possible to launch the attack rem...

Published: Apr 09, 2026
Source: NVD

Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.

Published: Apr 09, 2026
Source: NVD

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is zero-...

Published: Apr 09, 2026
Source: NVD

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any vali...

Vendor: fluxcd
Product: notification-controller
Published: Apr 09, 2026
Source: NVD
CVE-2026-40107 HIGH - 6.5

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive Mermaid's internal DOMPurify and land in SVG <foreignObject> blocks. The SV...

Vendor: siyuan-note
Product: siyuan
Published: Apr 09, 2026
Source: NVD
CVE-2026-40093 HIGH - 8.1

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and timestamp == parent.timestamp + MIN_PRODUCER_TIMEOUT for skip blocks, but there is no visib...

Vendor: nimiq
Product: core-rs-albatross
Published: Apr 09, 2026
Source: NVD
CVE-2026-35206 MEDIUM - 4.4

Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's contents to the immediate output directory (as defaulted to the current working directory; ...

Vendor: helm
Product: helm
Published: Apr 09, 2026
Source: NVD
CVE-2023-54364 MEDIUM - 6.1

Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter endpoint. Attackers can craft malicious URLs containing XSS payloads in the from_option, from_ctrl, fro...

Vendor: Hikashop
Product: Joomla HikaShop
Published: Apr 09, 2026
Source: NVD
CVE-2023-54363 MEDIUM - 6.1

Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show, reviews, type_id, distance, facilities, categories, prices, location, and Itemid. Attackers can cra...

Vendor: Solidres
Product: Joomla Solidres
Published: Apr 09, 2026
Source: NVD
CVE-2023-54362 MEDIUM - 6.1

Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants endpo...

Vendor: Virtuemart
Product: Cart
Published: Apr 09, 2026
Source: NVD
CVE-2023-54361 MEDIUM - 6.1

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can craft URLs containing JavaScript payloads in the filter_keyword GET parameter of the all-properties...

Vendor: Thethinkery
Product: Joomla iProperty Real Estate
Published: Apr 09, 2026
Source: NVD