Total CVEs

144,202

Critical Severity

4,148

High Severity

14,963

Last 7 Days

1,649
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,701 - 2,720 of 40,607 CVEs
CVE-2026-57723 HIGH - 7.4

Cross-Site Request Forgery (CSRF) vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows Path Traversal. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.12.

Vendor: e4jvikwp
Product: VikBooking Hotel Booking Engine & PMS
Published: Jul 01, 2026
Source: NVD
CVE-2026-57722 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1.

Vendor: ShortPixel
Product: Enable Media Replace
Published: Jul 01, 2026
Source: NVD
CVE-2026-54428 HIGH - 7.5

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2 S...

Vendor: Apache Software Foundation
Product: Apache HttpComponents Core
Published: Jul 01, 2026
Source: NVD
CVE-2026-51946 MEDIUM - 6.5

SQL Injection vulnerability in GoAdminGroup GoAdmin (last release v1.2.26) allows a remote attacker to execute arbitrary code and obtain sensitive information via the the __sort_type URL parameter on all /admin/info/{table} endpoints

Published: Jul 01, 2026
Source: NVD
CVE-2026-49091 HIGH - 8.0

Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log Injection-Tampering-Forging (CAPEC-93). An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal th...

Vendor: elastic
Product: kibana
Published: Jul 01, 2026
Source: NVD
CVE-2026-49090 MEDIUM - 6.5

Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process reques...

Vendor: elastic
Product: elasticsearch
Published: Jul 01, 2026
Source: NVD
CVE-2026-49857 HIGH - 7.4

auth-fetch-mcp has SSRF Protection Bypass via IPv4-mapped IPv6 Loopback

Vendor: npm
Product: auth-fetch-mcp
Published: Jul 01, 2026
Source: GitHub
CVE-2026-49856 MEDIUM - 4.3

@jshookmcp/jshook: ICMP probe and traceroute skip local-network SSRF authorization

Vendor: npm
Product: @jshookmcp/jshook
Published: Jul 01, 2026
Source: GitHub
CVE-2026-46487 HIGH - 7.5

GeoNetwork has ACL bypass on Elasticsearch search when request body omits query field

Vendor: maven
Product: org.geonetwork-opensource:geonetwork
Published: Jul 01, 2026
Source: GitHub
CVE-2026-39379 HIGH - 7.1

GeoNetwork has reflected XSS through client-side template injection

Vendor: maven
Product: org.geonetwork-opensource:geonetwork
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46295 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46294 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46293 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46291 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46290 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.The loop that sto...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46289 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.nAtoms calculatio...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46280 HIGH - 7.8

A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-44451 HIGH - 7.8

A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-43607 HIGH - 7.8

An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-43467 HIGH - 7.8

An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub