Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,564
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 721 - 740 of 1,590 CVEs
CVE-2026-7027 LOW - 2.4

A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and migh...

Vendor: dlink
Product: dsl-2740r_firmware
Published: Apr 26, 2026
Source: NVD
CVE-2026-7021 LOW - 3.5

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The expl...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7016 LOW - 2.4

A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7015 LOW - 2.4

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_email leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed ...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7014 LOW - 2.4

A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component down_count Plugin. This manipulation of the argument f_file/f_prefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7013 LOW - 2.4

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail_send Plugin. The manipulation of the argument f_subject/f_files/f_from leads to cross site scripting. The attack can be initiated remotely. The exploit ha...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7012 LOW - 2.4

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument f_all/f_all404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versio...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7011 LOW - 2.4

A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/plugin_antispam of the component Antispam Plugin. Executing a manipulation of the argument f_logging_file can lead to cross site scripting. It is possible to launc...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7001 LOW - 2.4

A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configuration Page. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public an...

Published: Apr 25, 2026
Source: NVD
CVE-2026-7000 LOW - 2.4

A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of the component VLAN Page. Such manipulation of the argument VLAN Name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to th...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6999 LOW - 2.4

A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component Wireless Setting. This manipulation of the argument Network Name SSID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been pub...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6998 LOW - 2.4

A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. T...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6997 LOW - 2.4

A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulation of the argument Owner leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been dis...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6996 LOW - 2.4

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available ...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6995 LOW - 2.4

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated remotely....

Published: Apr 25, 2026
Source: NVD
CVE-2026-6990 LOW - 3.5

A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descriรงรฃo results in cross site scripting. The attack can be initiated remotely. The exploit has been made pu...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6986 LOW - 3.7

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg_aes_gcm_decrypt of the file /src/tls_aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be ...

Vendor: cesanta
Product: mongoose
Published: Apr 25, 2026
Source: NVD

LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) validated URLs for SSRF protection and then fetched them in a separate network operation with inde...

Vendor: langchain-ai
Product: langchain-openai
Published: Apr 24, 2026
Source: NVD

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent('\x00'...

Vendor: axios
Product: axios
Published: Apr 24, 2026
Source: NVD

Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team...

Vendor: composer
Product: kimai/kimai
Published: Apr 24, 2026
Source: GitHub