Total CVEs

143,701

Critical Severity

4,088

High Severity

14,745

Last 7 Days

1,535
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 581 - 600 of 1,584 CVEs

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs, r...

Vendor: OpenClaw
Product: OpenClaw
Published: May 11, 2026
Source: NVD

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and da...

Vendor: zen-browser
Product: desktop
Published: May 11, 2026
Source: NVD

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.

Vendor: Wikimedia Foundation
Product: MediaWiki
Published: May 11, 2026
Source: NVD

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the ...

Vendor: npm
Product: next
Published: May 11, 2026
Source: GitHub

Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning. In affected conditions, collisions...

Vendor: npm
Product: next
Published: May 11, 2026
Source: GitHub

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core didn't enforce security rules on concurrent running of security procedures defined in TS 33.501 ยง6.9.5.1 โ€” it could send a NAS Security Mode Command while an N2 handover was still pending (and vice versa). Concurre...

Vendor: go
Product: github.com/ellanetworks/core
Published: May 11, 2026
Source: GitHub
CVE-2026-8276 LOW - 3.7

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires ...

Published: May 11, 2026
Source: NVD
CVE-2026-8275 LOW - 3.7

A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be initiat...

Published: May 11, 2026
Source: NVD
CVE-2026-8262 LOW - 2.4

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was conta...

Published: May 11, 2026
Source: NVD
CVE-2026-8257 LOW - 3.3

A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit ...

Published: May 11, 2026
Source: NVD
CVE-2026-8256 LOW - 2.4

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The ...

Published: May 11, 2026
Source: NVD
CVE-2026-8255 LOW - 2.4

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/add_new_customer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for att...

Published: May 11, 2026
Source: NVD
CVE-2026-8254 LOW - 2.4

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the publ...

Published: May 11, 2026
Source: NVD
CVE-2026-8253 LOW - 2.4

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase_save. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

Published: May 11, 2026
Source: NVD
CVE-2026-8242 LOW - 3.7

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree...

Published: May 10, 2026
Source: NVD

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

Vendor: libexpat project
Product: libexpat
Published: May 10, 2026
Source: NVD
CVE-2026-8232 LOW - 3.5

A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure.

Published: May 10, 2026
Source: NVD
CVE-2026-8221 LOW - 2.4

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted e...

Published: May 10, 2026
Source: NVD
CVE-2026-8220 LOW - 2.4

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early ...

Published: May 10, 2026
Source: NVD
CVE-2026-8219 LOW - 2.4

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly a...

Published: May 10, 2026
Source: NVD