Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,863
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 6,121 - 6,140 of 37,677 CVEs
CVE-2026-9698 CRITICAL - 9.8

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buf...

Vendor: perl
Product: dbi
Published: Jun 09, 2026
Source: NVD
CVE-2026-5068 HIGH - 7.6

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation (via chan_ops.alloc_buf) and the chosen RX pool has a user_data_size smaller than 2 bytes, the segmentation counter stored i...

Published: Jun 09, 2026
Source: NVD
CVE-2026-44083 CRITICAL - 9.8

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later

Vendor: QNAP Systems Inc.
Product: QuMagie
Published: Jun 09, 2026
Source: NVD

Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Jun 09, 2026
Source: NVD
CVE-2026-41985 MEDIUM - 5.1

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.

Vendor: Huawei
Product: HarmonyOS
Published: Jun 09, 2026
Source: NVD
CVE-2026-41984 MEDIUM - 5.2

UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.

Vendor: Huawei
Product: HarmonyOS
Published: Jun 09, 2026
Source: NVD
CVE-2026-41983 MEDIUM - 4.3

DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Jun 09, 2026
Source: NVD
CVE-2026-41982 MEDIUM - 6.4

Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Jun 09, 2026
Source: NVD
CVE-2026-41981 MEDIUM - 5.3

Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Jun 09, 2026
Source: NVD
CVE-2026-41977 MEDIUM - 5.0

DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS, EMUI
Published: Jun 09, 2026
Source: NVD
CVE-2026-41976 MEDIUM - 6.6

Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Vendor: Huawei
Product: HarmonyOS, EMUI
Published: Jun 09, 2026
Source: NVD

Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS, EMUI
Published: Jun 09, 2026
Source: NVD
CVE-2026-41973 MEDIUM - 5.9

Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS, EMUI
Published: Jun 09, 2026
Source: NVD
CVE-2026-41972 MEDIUM - 5.4

Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability.

Vendor: Huawei
Product: HarmonyOS
Published: Jun 09, 2026
Source: NVD
CVE-2025-62858 MEDIUM - 6.5

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QT...

Vendor: QNAP Systems Inc.
Product: QTS, QuTS hero
Published: Jun 09, 2026
Source: NVD
CVE-2026-8981 LOW - 3.5

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code fields, allowing administrators on multisite installations (or single-site installs with DISALLOW_UNFILTERED_HTML defined) to inje...

Published: Jun 09, 2026
Source: NVD
CVE-2026-5067 CRITICAL - 9.8

A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the header into a fixed-size buffer using a bounded copy that does not guarantee NUL termination when th...

Published: Jun 09, 2026
Source: NVD
CVE-2026-4986 MEDIUM - 5.3

The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions.

Published: Jun 09, 2026
Source: NVD
CVE-2026-41539 MEDIUM - 6.1

A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS 5.2.9...

Vendor: QNAP Systems Inc.
Product: QTS, QuTS hero
Published: Jun 09, 2026
Source: NVD
CVE-2026-11572 HIGH - 8.8

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec() method by _cloneWithGit() and fetchRefs() functions. An attacker can execute arbitrary operating ...

Product: degit
Published: Jun 09, 2026
Source: NVD