Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,568
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 681 - 700 of 1,590 CVEs

mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

In mutt before 2.3.2, the imap_auth_gss security level is mishandled.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 does not check for '\0' in url_pct_decode.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD
CVE-2026-7689 LOW - 3.7

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol_verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The att...

Published: May 03, 2026
Source: NVD
CVE-2026-7677 LOW - 3.5

A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java of the component System Notice Handler. This manipulation of the argument noticeCont...

Published: May 03, 2026
Source: NVD
CVE-2026-7671 LOW - 3.7

A vulnerability has been found in CodeWise Tornet Scooter Mobile App 4.75 on iOS/Android. The impacted element is an unknown function of the file /TwoFactor. Such manipulation leads to improper restriction of excessive authentication attempts. The attack may be performed from remote. Attacks of this...

Published: May 03, 2026
Source: NVD
CVE-2026-7611 LOW - 3.7

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...

Vendor: trendnet
Product: tew-821dap_firmware
Published: May 02, 2026
Source: NVD
CVE-2026-7610 LOW - 3.7

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized by ...

Vendor: trendnet
Product: tew-821dap_firmware
Published: May 02, 2026
Source: NVD
CVE-2026-7606 LOW - 3.7

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function find_hwid/new_gui_update_firmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launc...

Vendor: trendnet
Product: tew-821dap_firmware
Published: May 02, 2026
Source: NVD

An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab()

Vendor: Oracle Corporation
Product: Oracle Linux
Published: May 01, 2026
Source: NVD

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be divulged within an error message produced during handling of an unrelated e-mail message.

Vendor: Exim
Product: Exim
Published: Apr 30, 2026
Source: NVD
CVE-2026-7501 LOW - 3.5

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The ex...

Published: Apr 30, 2026
Source: NVD

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets.

Vendor: Absolute Software
Product: Secure Access
Published: Apr 30, 2026
Source: NVD
CVE-2026-3832 LOW - 3.7

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enable...

Published: Apr 30, 2026
Source: NVD

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-leve...

Vendor: composer
Product: admidio/admidio
Published: Apr 29, 2026
Source: GitHub

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint (members_assignment_data.php) includes hidden profile fields (BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY) in its SQL search condition regardless of field visibility settings. While th...

Vendor: composer
Product: admidio/admidio
Published: Apr 29, 2026
Source: GitHub
CVE-2026-7390 LOW - 3.5

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now p...

Published: Apr 29, 2026
Source: NVD