Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,632
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,721 - 2,740 of 40,623 CVEs
CVE-2026-49091 HIGH - 8.0

Improper Output Neutralization for Logs (CWE-117) in Kibana can lead to log injection via Log Injection-Tampering-Forging (CAPEC-93). An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal th...

Vendor: elastic
Product: kibana
Published: Jul 01, 2026
Source: NVD
CVE-2026-49090 MEDIUM - 6.5

Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process reques...

Vendor: elastic
Product: elasticsearch
Published: Jul 01, 2026
Source: NVD
CVE-2026-49857 HIGH - 7.4

auth-fetch-mcp has SSRF Protection Bypass via IPv4-mapped IPv6 Loopback

Vendor: npm
Product: auth-fetch-mcp
Published: Jul 01, 2026
Source: GitHub
CVE-2026-49856 MEDIUM - 4.3

@jshookmcp/jshook: ICMP probe and traceroute skip local-network SSRF authorization

Vendor: npm
Product: @jshookmcp/jshook
Published: Jul 01, 2026
Source: GitHub
CVE-2026-46487 HIGH - 7.5

GeoNetwork has ACL bypass on Elasticsearch search when request body omits query field

Vendor: maven
Product: org.geonetwork-opensource:geonetwork
Published: Jul 01, 2026
Source: GitHub
CVE-2026-39379 HIGH - 7.1

GeoNetwork has reflected XSS through client-side template injection

Vendor: maven
Product: org.geonetwork-opensource:geonetwork
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46295 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46294 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46293 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46291 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigge...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46290 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.The loop that sto...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46289 HIGH - 7.8

Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.nAtoms calculatio...

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-46280 HIGH - 7.8

A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-44451 HIGH - 7.8

A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-43607 HIGH - 7.8

An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-43467 HIGH - 7.8

An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-42885 HIGH - 7.8

A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-41793 HIGH - 7.8

An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2022-37331 HIGH - 7.8

An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vendor: pip
Product: openbabel
Published: Jul 01, 2026
Source: GitHub
CVE-2026-58454 HIGH - 7.5

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP e...

Vendor: JAIOTlink
Product: C492A-W6 Wi-Fi IP Camera
Published: Jul 01, 2026
Source: NVD