Total CVEs

144,278

Critical Severity

4,164

High Severity

14,985

Last 7 Days

1,612
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 3,801 - 3,820 of 40,683 CVEs
CVE-2026-9105 MEDIUM - 6.5

An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated attacker can send crafted HTTP requests to cause the embedded web server to overflow a stack buffer, resulting in a crash of the affected process. Succ...

Vendor: tp-link
Product: tl-wr841n_firmware
Published: Jun 29, 2026
Source: NVD
CVE-2026-41052 CRITICAL - 8.4

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10.

Vendor: SUSE
Product: Rancher
Published: Jun 29, 2026
Source: NVD
CVE-2026-13750 MEDIUM - 5.5

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as passw...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13749 HIGH - 8.8

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generated P...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13748 MEDIUM - 6.3

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended pro...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13746 MEDIUM - 5.4

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the conte...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13744 HIGH - 8.8

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL in t...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends updating...

Vendor: Honeywell Technologies
Product: IQ MultiAccess
Published: Jun 29, 2026
Source: NVD

A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument captured_packet_length results in heap-based buffer overflow. It is possible to i...

Vendor: seladb
Product: PcapPlusPlus
Published: Jun 29, 2026
Source: NVD
CVE-2026-13583 HIGH - 8.8

A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The expl...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13582 HIGH - 8.8

A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13581 MEDIUM - 6.3

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotely. ...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13580 HIGH - 8.8

A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13437 MEDIUM - 6.5

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API resp...

Vendor: devolutions
Product: powershell_universal
Published: Jun 29, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jun 29, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jun 29, 2026
Source: NVD
CVE-2026-57341 MEDIUM - 6.5

Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.

Vendor: Colissimo
Product: Colissimo Officiel : Méthodes de livraison pour WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57340 MEDIUM - 6.5

Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.

Vendor: shohei.tanaka
Product: Japanized For WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57339 MEDIUM - 6.5

Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57338 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.

Vendor: Repute InfoSystems
Product: ARForms
Published: Jun 29, 2026
Source: NVD