Total CVEs

143,232

Critical Severity

4,056

High Severity

14,610

Last 7 Days

1,261
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 341 - 360 of 1,573 CVEs

A flaw has been found in dask up to 3.0. Affected by this issue is the function nunique_approx of the file dask/dataframe/hyperloglog.py of the component HLL Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. A high degree of complexity is need...

Product: dask
Published: Jun 03, 2026
Source: NVD

Improper Encoding or Escaping of Output vulnerability in elixir-tesla tesla allows multipart part header injection via unescaped Content-Disposition parameter values. Tesla.Multipart.part_headers_for_disposition/1 interpolates each disposition parameter as #{k}="#{v}" with no validation o...

Vendor: elixir-tesla
Product: tesla
Published: Jun 02, 2026
Source: NVD

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_param/2. Tesla.Multipart.add_content_type_param/2 appends caller-supplied strings to the mult...

Vendor: elixir-tesla
Product: tesla
Published: Jun 02, 2026
Source: NVD

HCL iReflection Third party vulnerable and outdated components issue was detected in the web application

Vendor: HCL
Product: iReflection
Published: Jun 02, 2026
Source: NVD

Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encode_request_line/2 function splices the caller-supplied method and target arguments directly into t...

Vendor: elixir-mint
Product: mint
Published: Jun 02, 2026
Source: NVD

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and complete account loc...

Vendor: Aiven-Open
Product: klaw
Published: Jun 02, 2026
Source: NVD

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site scripti...

Vendor: 1Panel-dev
Product: CordysCRM
Published: Jun 02, 2026
Source: NVD

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm_state_security_mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack...

Product: Open5GS
Published: Jun 02, 2026
Source: NVD

A weakness has been identified in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. Impacted is an unknown function of the file src/main/java/com/zhiliao/module/web/system/ScheduleJobController.java of the component Task Scheduling Management Module. Executing a manipulation can lea...

Vendor: westboy
Product: CicadasCMS
Published: Jun 02, 2026
Source: NVD

A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer overflow. Attacking lo...

Vendor: Orthanc
Product: DICOM Server
Published: Jun 02, 2026
Source: NVD

A vulnerability has been found in 1Panel-dev CordysCRM up to 1.6.2. This affects an unknown function of the file backend/framework/src/main/java/cn/cordys/config/RequestParamTrimConfig.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit ha...

Vendor: 1Panel-dev
Product: CordysCRM
Published: Jun 02, 2026
Source: NVD

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource owners...

Vendor: kiteworks
Product: Secure Data Forms
Published: Jun 01, 2026
Source: NVD

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora_manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora_path leads to reachable assertion. The attack can be launched remotel...

Product: SGLang
Published: Jun 01, 2026
Source: NVD

A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be initiated remotely. The expl...

Vendor: code-projects
Product: Online Hospital Management System
Published: Jun 01, 2026
Source: NVD

A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null pointer dereference. Attacking locally is a requirement. The exploit has been released to the public and m...

Vendor: ggml-org
Product: whisper.cpp
Published: Jun 01, 2026
Source: NVD

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local appro...

Vendor: SourceCodester
Product: Customer Review App
Published: Jun 01, 2026
Source: NVD

In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: Google
Product: Android
Published: Jun 01, 2026
Source: NVD
CVE-2026-0056 LOW - 3.3

In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Jun 01, 2026
Source: NVD
CVE-2026-0050 LOW - 3.3

In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor: google
Product: android
Published: Jun 01, 2026
Source: NVD
CVE-2026-0016 LOW - 3.3

In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitatio...

Vendor: google
Product: android
Published: Jun 01, 2026
Source: NVD