Total CVEs

143,232

Critical Severity

4,056

High Severity

14,610

Last 7 Days

1,242
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 381 - 400 of 1,573 CVEs

A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_check.php. The manipulation of the argument Message results in cross site scripting. The attack can be ex...

Vendor: raisulislamg4
Product: student_management_system_by_php
Published: Jun 01, 2026
Source: NVD

An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: * 7.0.X ...

Vendor: OTRS AG
Product: OTRS
Published: Jun 01, 2026
Source: NVD

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: * 7.0...

Vendor: OTRS AG
Product: OTRS
Published: Jun 01, 2026
Source: NVD

A vulnerability was detected in unitedbyai droidclaw up to 0.5.3. The affected element is an unknown function of the file server/src/routes/pairing.ts of the component claim Endpoint. The manipulation results in improper restriction of excessive authentication attempts. The attack may be launched re...

Vendor: unitedbyai
Product: droidclaw
Published: Jun 01, 2026
Source: NVD

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has been ...

Product: Assimp
Published: Jun 01, 2026
Source: NVD

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the publ...

Product: Assimp
Published: May 31, 2026
Source: NVD

A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has b...

Product: Assimp
Published: May 31, 2026
Source: NVD

A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possible with local acces...

Product: Assimp
Published: May 31, 2026
Source: NVD

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajax_forgot_password of the file application/controllers/Login.php of the component Forgot Password Endpoint. The m...

Vendor: OUSL-GROUP-BrinaryBrains
Product: School Student Management System
Published: May 31, 2026
Source: NVD

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the publi...

Vendor: sambitraj
Product: STUDENT-MANAGEMENT-SYSTEM
Published: May 30, 2026
Source: NVD

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In versions 4.38.0 through 4.39.19, when a user authenticates via Basic Auth (i.e via the `Authorization` header with the `Basic` scheme)...

Vendor: go
Product: github.com/authelia/authelia/v4
Published: May 29, 2026
Source: GitHub

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.

Vendor: rizinorg
Product: rizin
Published: May 29, 2026
Source: NVD

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.

Vendor: rizinorg
Product: rizin
Published: May 29, 2026
Source: NVD

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible

Vendor: JetBrains
Product: IntelliJ IDEA
Published: May 29, 2026
Source: NVD

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible

Vendor: JetBrains
Product: TeamCity
Published: May 29, 2026
Source: NVD

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible

Vendor: JetBrains
Product: TeamCity
Published: May 29, 2026
Source: NVD

In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests

Vendor: JetBrains
Product: YouTrack
Published: May 29, 2026
Source: NVD

Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Object.prototype in their chain. The setProxy() function at lib/adapters/http.js:209-223 reads proxy.use...

Vendor: npm
Product: axios
Published: May 29, 2026
Source: GitHub

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a pr...

Vendor: Indian Motorcycle (Polaris Inc.)
Product: Scout Bobber + Tech
Published: May 29, 2026
Source: NVD

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module (WCM) traffic during its boot window as a pr...

Vendor: Indian Motorcycle (Polaris Inc.)
Product: Scout Bobber + Tech
Published: May 29, 2026
Source: NVD