Total CVEs

143,377

Critical Severity

4,061

High Severity

14,648

Last 7 Days

1,370
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 601 - 620 of 39,782 CVEs
CVE-2026-41122 HIGH - 7.1

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with r...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Jul 08, 2026
Source: NVD
CVE-2026-22927 HIGH - 7.8

Omnissa Workspace ONE® Tunnel for Windows addresses a Local Privilege Escalation Vulnerability.

Vendor: Omnissa
Product: Omnissa Workspace ONE® Tunnel for Windows
Published: Jul 08, 2026
Source: NVD
CVE-2026-15053 HIGH - 7.5

Tanium addressed a denial of service vulnerability in Tanium Server.

Vendor: Tanium
Product: Tanium Server
Published: Jul 08, 2026
Source: NVD
CVE-2026-15035 MEDIUM - 5.3

A vulnerability was found in bentoml OpenLLM 0.6.30. This affects the function async_run_command of the file src/openllm/common.py of the component Model Repository Directory Name Handler. Performing a manipulation of the argument cmd results in command injection. Attacking locally is a requirement....

Vendor: bentoml
Product: OpenLLM
Published: Jul 08, 2026
Source: NVD
CVE-2026-15034 MEDIUM - 4.3

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The...

Vendor: flask-dashboard
Product: Flask-MonitoringDashboard
Published: Jul 08, 2026
Source: NVD
CVE-2026-15033 MEDIUM - 6.3

A flaw has been found in christopherthielen check-peer-dependencies up to 4.3.4. Affected by this vulnerability is the function shelljs.exec of the file dist/packageUtils.js of the component peerDependencies. This manipulation causes os command injection. The attack may be initiated remotely. The pr...

Vendor: christopherthielen
Product: check-peer-dependencies
Published: Jul 08, 2026
Source: NVD
CVE-2026-8315 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webbeyaz Web Design Mediküm Web allows Stored XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported.

Published: Jul 08, 2026
Source: NVD
CVE-2026-8310 MEDIUM - 6.1

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Webbeyaz Web Design Mediküm Web allows Reflected XSS. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

Published: Jul 08, 2026
Source: NVD
CVE-2026-8307 CRITICAL - 9.8

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Webbeyaz Web Design Mediküm Web allows SQL Injection. This issue affects Mediküm Web: through 08072026. NOTE: The vendor was contacted and it was learned that the product is not supported...

Published: Jul 08, 2026
Source: NVD
CVE-2026-6820 HIGH - 7.2

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attac...

Published: Jul 08, 2026
Source: NVD
CVE-2026-6740 MEDIUM - 6.4

The Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'commentIcon' parameter in all versions up to, and including, 4.7.4 due to insufficient input sanitization and output escaping. This makes i...

Published: Jul 08, 2026
Source: NVD
CVE-2026-6459 MEDIUM - 6.4

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Event Calendar widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on event titles source...

Published: Jul 08, 2026
Source: NVD
CVE-2026-5459 MEDIUM - 5.3

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.3.1 via the payment_page() function due to missing validation on the 'user_i...

Published: Jul 08, 2026
Source: NVD
CVE-2026-5356 HIGH - 7.5

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes ...

Published: Jul 08, 2026
Source: NVD
CVE-2026-14454 CRITICAL - 9.8

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

Vendor: TONYC
Product: Imager
Published: Jul 08, 2026
Source: NVD
CVE-2026-12002 MEDIUM - 4.7

The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.11.1. This is due to missing or incorrect nonce validation on the maybe_connection_data function. This makes it possible for unauthe...

Vendor: smub
Product: Smash Balloon Social Photo Feed – Easy Social Feeds Plugin
Published: Jul 08, 2026
Source: NVD
CVE-2026-6854 HIGH - 7.5

The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'mc_auth' parameter in all versions up to, and including, 3.7.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis...

Published: Jul 08, 2026
Source: NVD
CVE-2026-6818 HIGH - 7.2

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'special_requests' parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti...

Published: Jul 08, 2026
Source: NVD
CVE-2026-6742 MEDIUM - 6.4

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor...

Published: Jul 08, 2026
Source: NVD
CVE-2026-6371 MEDIUM - 4.8

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS. This issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any wa...

Published: Jul 08, 2026
Source: NVD