Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,830
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,941 - 2,960 of 37,697 CVEs
CVE-2019-25756 HIGH - 8.2

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloads ...

Vendor: Wdmtech
Product: vAccount
Published: Jun 19, 2026
Source: NVD
CVE-2019-25755 HIGH - 8.2

Joomla Component vReview 1.9.11 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cmId parameter. Attackers can send POST requests to the editReview task endpoint with URL-encoded SQL UNION statement...

Vendor: Wdmtech
Product: vReview
Published: Jun 19, 2026
Source: NVD
CVE-2019-25754 HIGH - 8.2

Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint with crafted SQL payload...

Vendor: Wdmtech
Product: vRestaurant
Published: Jun 19, 2026
Source: NVD
CVE-2019-25753 HIGH - 8.2

Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=com_vmap&task=loadmarker parameters...

Vendor: Wdmtech
Product: VMap
Published: Jun 19, 2026
Source: NVD
CVE-2019-25752 HIGH - 8.2

Joomla! Component J-BusinessDirectory 4.9.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the type parameter. Attackers can send GET requests to index.php with the option=com_jbusinessdirectory&t...

Vendor: Cmsjunkie
Product: BusinessDirectory
Published: Jun 19, 2026
Source: NVD
CVE-2019-25751 HIGH - 8.2

Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch para...

Vendor: Cmsjunkie
Product: ClassifiedsManager
Published: Jun 19, 2026
Source: NVD
CVE-2019-25750 HIGH - 8.2

Joomla Component J-MultipleHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hotel_id parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL...

Vendor: Cmsjunkie
Product: MultipleHotelReservation
Published: Jun 19, 2026
Source: NVD
CVE-2019-25749 HIGH - 7.1

Joomla J-CruisePortal 6.0.4 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the guest_adult parameter. Attackers can send POST requests to the cruises endpoint with crafted SQL payloads in the guest_adul...

Vendor: Cmsjunkie
Product: CruisePortal
Published: Jun 19, 2026
Source: NVD
CVE-2026-56211 HIGH - 7.1

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer co...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux AI (RHEL AI) 3, Red Hat Hardened Images
Published: Jun 19, 2026
Source: NVD
CVE-2026-56210 HIGH - 7.1

A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap re...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux AI (RHEL AI) 3, Red Hat Hardened Images
Published: Jun 19, 2026
Source: NVD
CVE-2026-56209 HIGH - 7.1

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux AI (RHEL AI) 3, Red Hat Hardened Images
Published: Jun 19, 2026
Source: NVD
CVE-2026-56208 HIGH - 7.6

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when g_lag_in_frames is set to 1 or higher. This results in a 2...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux AI (RHEL AI) 3, Red Hat Hardened Images
Published: Jun 19, 2026
Source: NVD
CVE-2026-51846 CRITICAL - 9.8

In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to remote arbitrary code execution.

Published: Jun 19, 2026
Source: NVD
CVE-2026-51845 CRITICAL - 9.8

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.

Published: Jun 19, 2026
Source: NVD
CVE-2026-51844 CRITICAL - 9.8

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter.

Published: Jun 19, 2026
Source: NVD
CVE-2026-51843 CRITICAL - 9.8

Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.

Published: Jun 19, 2026
Source: NVD
CVE-2026-49260 HIGH - 8.2

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.5.1, `pontedilana/php-weasyprint` builds the shell command for WeasyPrint by passing the binary path through `escapeshellarg()` first and then checking the *quoted* result with `is_executable()`. On...

Vendor: pontedilana
Product: php-weasyprint
Published: Jun 19, 2026
Source: NVD
CVE-2026-3196 MEDIUM - 5.5

An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bounds stream counts, potentially leading to unbounded memory allocation on the host and a denial of service condition.

Published: Jun 19, 2026
Source: NVD
CVE-2026-3195 HIGH - 7.4

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730.

Published: Jun 19, 2026
Source: NVD
CVE-2019-25748 HIGH - 8.2

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the rooms...

Vendor: Cmsjunkie
Product: JHotelReservation
Published: Jun 19, 2026
Source: NVD