Total CVEs

144,269

Critical Severity

4,162

High Severity

14,979

Last 7 Days

1,663
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 3,621 - 3,640 of 40,674 CVEs
CVE-2026-10817 HIGH - 7.5

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler

Vendor: NetScaler
Product: ADC, Gateway
Published: Jun 30, 2026
Source: NVD
CVE-2026-10816 HIGH - 7.5

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled

Vendor: NetScaler
Product: ADC, Gateway
Published: Jun 30, 2026
Source: NVD
CVE-2026-8402 CRITICAL - 9.8

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. SYSGUARD 6001 allows Blind SQL Injection. This issue affects SYSGUARD 6001: from 2.0.2 before 6.1.16.0.  NOTE: The vendor ...

Published: Jun 30, 2026
Source: NVD
CVE-2026-57082 MEDIUM - 5.9

Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE (Message Stream Encryption) handshake derives its 160-bit Diffie-Hellman private key from Perl's rand(), a non-cryptographic drand48-class generator seeded once pe...

Vendor: SANKO
Product: Net::BitTorrent
Published: Jun 30, 2026
Source: NVD
CVE-2026-57081 HIGH - 7.5

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches capture...

Vendor: SANKO
Product: Net::BitTorrent
Published: Jun 30, 2026
Source: NVD
CVE-2026-57080 HIGH - 7.5

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in _process_messages trusts the 4-byte length prefix sent by a connected peer with no upper bound, while receive_data appends every inbound byte to t...

Vendor: SANKO
Product: Net::BitTorrent
Published: Jun 30, 2026
Source: NVD
CVE-2026-57079 MEDIUM - 5.3

Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on the .torrent-file ingest path. The peer and magnet metadata path (_on_metadata_received, reached from the B...

Vendor: SANKO
Product: Net::BitTorrent
Published: Jun 30, 2026
Source: NVD

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials.

Vendor: Redeight
Product: Redeight CMS
Published: Jun 30, 2026
Source: NVD

An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upl...

Vendor: Redeight
Product: Redeight CMS
Published: Jun 30, 2026
Source: NVD

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allow...

Vendor: Redeight
Product: Redeight CMS
Published: Jun 30, 2026
Source: NVD
CVE-2026-41053 HIGH - 8.8

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2.

Vendor: SUSE
Product: Rancher
Published: Jun 30, 2026
Source: NVD
CVE-2026-14162 CRITICAL - 9.8

Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.

Vendor: Advantech
Product: Hospital Quering Management
Published: Jun 30, 2026
Source: NVD
CVE-2026-14161 HIGH - 7.5

Hospital Quening Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation.

Vendor: Advantech
Product: Hospital Queuing Management
Published: Jun 30, 2026
Source: NVD
CVE-2026-13766 CRITICAL - 9.8

DBIx::QuickORM versions before 0.000026 for Perl allow SQL injection via unquoted SQL identifiers. The default SQL builder, a SQL::Abstract subclass, sets bindtype in its constructor but never quote_char, so SQL::Abstract emits identifiers verbatim. Caller-supplied identifiers (order_by, where-clau...

Vendor: EXODIST
Product: DBIx::QuickORM
Published: Jun 30, 2026
Source: NVD
CVE-2026-54475 HIGH - 7.5

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a differen...

Vendor: Apache Software Foundation
Product: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ
Published: Jun 30, 2026
Source: NVD
CVE-2026-53917 HIGH - 7.5

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. An authenticated user can cause a broker DoS by sending a crafted OpenWire Message with a large encoded size value for the map. OpenWire message propert...

Vendor: Apache Software Foundation
Product: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker
Published: Jun 30, 2026
Source: NVD
CVE-2026-53916 HIGH - 7.5

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM heap...

Vendor: Apache Software Foundation
Product: Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp
Published: Jun 30, 2026
Source: NVD
CVE-2026-52760 MEDIUM - 6.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console. The browse page in the web console renders a message Id directly without sanitization. This allows an authenticated producer to send a messag...

Vendor: Apache Software Foundation
Product: Apache ActiveMQ, Apache ActiveMQ Web Console
Published: Jun 30, 2026
Source: NVD
CVE-2026-50750 HIGH - 7.5

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broker...

Vendor: Apache Software Foundation
Product: Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All
Published: Jun 30, 2026
Source: NVD
CVE-2026-50734 HIGH - 7.5

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes the...

Vendor: Apache Software Foundation
Product: Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All
Published: Jun 30, 2026
Source: NVD