Total CVEs

140,426

Critical Severity

3,747

High Severity

13,550

Last 7 Days

1,486
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 7,841 - 7,860 of 13,565 CVEs
CVE-2018-25226 MEDIUM - 6.2

FTPShell Server 6.83 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the account name field. Attackers can trigger a denial of service by pasting a 417-byte payload into the 'Account name to ban' param...

Vendor: Ftpshell
Product: FTPShell Server
Published: Mar 30, 2026
Source: NVD
CVE-2026-5119 MEDIUM - 5.9

A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential sess...

Vendor: gnome
Product: libsoup
Published: Mar 30, 2026
Source: NVD
CVE-2026-5107 MEDIUM - 4.2

A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to ha...

Published: Mar 30, 2026
Source: NVD
CVE-2026-5105 MEDIUM - 6.3

A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument pptpPassThru results in command injection. It is possible to initi...

Vendor: totolink
Product: a3300r_firmware
Published: Mar 30, 2026
Source: NVD
CVE-2026-5104 MEDIUM - 6.3

A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_b20221024. Impacted is the function setStaticRoute of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument ip leads to command injection. The attack may be performed from remote. The exploit has been disclosed pub...

Vendor: totolink
Product: a3300r_firmware
Published: Mar 30, 2026
Source: NVD
CVE-2026-5103 MEDIUM - 6.3

A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes command injection. The attack is possible to be carried out remotely. The exploit has been made avail...

Vendor: totolink
Product: a3300r_firmware
Published: Mar 30, 2026
Source: NVD
CVE-2026-5102 MEDIUM - 6.3

A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b20221024. This vulnerability affects the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument qos_up_bw results in command injection. The attack can be execut...

Vendor: totolink
Product: a3300r_firmware
Published: Mar 30, 2026
Source: NVD
CVE-2026-5101 MEDIUM - 6.3

A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument lanIp leads to command injection. Remote exploitation of the attack is possible. The exp...

Vendor: totolink
Product: a3300r_firmware
Published: Mar 29, 2026
Source: NVD
CVE-2026-34210 MEDIUM - 8.1

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a ne...

Vendor: npm
Product: mppx
Published: Mar 29, 2026
Source: GitHub
CVE-2026-33574 MEDIUM - 6.2

OpenClaw before 2026.3.8 contains a path traversal vulnerability in the skills download installer that validates the tools root lexically but reuses the mutable path during archive download and copy operations. A local attacker can rebind the tools-root path between validation and final write to red...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-32923 MEDIUM - 5.4

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in Discord guild reaction ingestion that fails to enforce member users and roles allowlist checks. Non-allowlisted guild members can trigger reaction events accepted as trusted system events, injecting reaction text into downst...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-32919 MEDIUM - 6.1

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding o...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 29, 2026
Source: NVD
CVE-2026-5041 MEDIUM - 4.7

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The exploit...

Published: Mar 29, 2026
Source: NVD
CVE-2026-5031 MEDIUM - 4.3

A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the argument ID results in improper control of resource identifiers. The attack can be launched remotely. ...

Published: Mar 29, 2026
Source: NVD
CVE-2026-5030 MEDIUM - 6.3

A vulnerability has been found in Totolink NR1800X 9.1.0u.6279_B20210910. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument host_time leads to command injection. The attack can be initiated remotely. The...

Vendor: totolink
Product: nr1800x_firmware
Published: Mar 29, 2026
Source: NVD
CVE-2026-5023 MEDIUM - 5.3

A vulnerability has been found in DeDeveloper23 codebase-mcp up to 3ec749d237dd8eabbeef48657cf917275792fde6. This vulnerability affects the function getCodebase/getRemoteCodebase/saveCodebase of the file src/tools/codebase.ts of the component RepoMix Command Handler. Such manipulation leads to os co...

Published: Mar 29, 2026
Source: NVD
CVE-2026-2602 MEDIUM - 6.4

The Twentig plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'featuredImageSizeWidth' parameter in versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-...

Published: Mar 29, 2026
Source: NVD
CVE-2026-5020 MEDIUM - 6.3

A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of the argument NoticeUrl results in command injection. The attack may be launched remotel...

Vendor: totolink
Product: a3600r_firmware
Published: Mar 29, 2026
Source: NVD
CVE-2026-5015 MEDIUM - 4.3

A vulnerability was determined in elecV2 elecV2P up to 3.8.3. The impacted element is an unknown function of the file /logs of the component Endpoint. This manipulation of the argument filename causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly...

Published: Mar 28, 2026
Source: NVD
CVE-2026-5014 MEDIUM - 5.3

A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The pr...

Published: Mar 28, 2026
Source: NVD