Total CVEs

144,714

Critical Severity

4,191

High Severity

15,264

Last 7 Days

1,943
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 4,241 - 4,260 of 41,119 CVEs
CVE-2026-13748 MEDIUM - 6.3

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended pro...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13746 MEDIUM - 5.4

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the conte...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD
CVE-2026-13744 HIGH - 8.8

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL in t...

Vendor: snowflake
Product: snowflake_cli
Published: Jun 29, 2026
Source: NVD

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends updating...

Vendor: Honeywell Technologies
Product: IQ MultiAccess
Published: Jun 29, 2026
Source: NVD

A vulnerability was found in seladb PcapPlusPlus 25.05. The affected element is the function parse_by_block_type of the file light_pcapng.c of the component LightPcapNg Parser. Performing a manipulation of the argument captured_packet_length results in heap-based buffer overflow. It is possible to i...

Vendor: seladb
Product: PcapPlusPlus
Published: Jun 29, 2026
Source: NVD
CVE-2026-13583 HIGH - 8.8

A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The expl...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13582 HIGH - 8.8

A flaw has been found in Edimax EW-7478APC 1.04. This issue affects the function formUSBAccount of the file /goform/formUSBAccount of the component POST Request Handler. This manipulation of the argument UserName/Password causes buffer overflow. The attack is possible to be carried out remotely. The...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13581 MEDIUM - 6.3

A vulnerability was detected in Edimax EW-7478APC 1.04. This vulnerability affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. The manipulation of the argument rootAPmac results in os command injection. The attack can be executed remotely. ...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13580 HIGH - 8.8

A security vulnerability has been detected in Edimax EW-7478APC 1.04. This affects the function formQoS of the file /goform/formQoS of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has...

Vendor: Edimax
Product: EW-7478APC
Published: Jun 29, 2026
Source: NVD
CVE-2026-13437 MEDIUM - 6.5

Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API resp...

Vendor: devolutions
Product: powershell_universal
Published: Jun 29, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jun 29, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Jun 29, 2026
Source: NVD
CVE-2026-57341 MEDIUM - 6.5

Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce <= 2.9.0 versions.

Vendor: Colissimo
Product: Colissimo Officiel : Méthodes de livraison pour WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57340 MEDIUM - 6.5

Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.

Vendor: shohei.tanaka
Product: Japanized For WooCommerce
Published: Jun 29, 2026
Source: NVD
CVE-2026-57339 MEDIUM - 6.5

Unauthenticated Broken Access Control in Business Directory <= 6.4.23 versions.

Vendor: Strategy11 Team
Product: Business Directory
Published: Jun 29, 2026
Source: NVD
CVE-2026-57338 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.

Vendor: Repute InfoSystems
Product: ARForms
Published: Jun 29, 2026
Source: NVD
CVE-2026-57337 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.

Vendor: PluginOps
Product: Landing Page Builder
Published: Jun 29, 2026
Source: NVD
CVE-2026-57336 HIGH - 7.1

Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.

Vendor: Astoundify
Product: Jobify
Published: Jun 29, 2026
Source: NVD
CVE-2026-57335 MEDIUM - 6.5

Subscriber Broken Access Control in Ads by WPQuads <= 3.0.3 versions.

Vendor: Ads WPQuads
Product: Ads by WPQuads
Published: Jun 29, 2026
Source: NVD
CVE-2026-57334 MEDIUM - 6.5

Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions.

Vendor: weDevs
Product: WP User Frontend
Published: Jun 29, 2026
Source: NVD