Total CVEs

139,258

Critical Severity

3,630

High Severity

13,017

Last 7 Days

1,250
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 7,841 - 7,860 of 35,663 CVEs
CVE-2025-14361 HIGH - 7.1

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1.

Vendor: AA-Team
Product: Woocommerce Envato Affiliates
Published: May 26, 2026
Source: NVD
CVE-2026-48048 HIGH - 7.5

XWiki Platform's Livetable results still allow reconstructing password hashes using 768 requests

Vendor: maven
Product: org.xwiki.platform:xwiki-platform-livetable-ui
Published: May 26, 2026
Source: GitHub
CVE-2026-9575 HIGH - 7.3

A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has ...

Published: May 26, 2026
Source: NVD
CVE-2026-9574 HIGH - 7.3

A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched remotely. The exploit has...

Published: May 26, 2026
Source: NVD
CVE-2026-9573 HIGH - 7.3

A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated remotely. The exploit ...

Published: May 26, 2026
Source: NVD
CVE-2026-8453

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: May 26, 2026
Source: NVD
CVE-2026-27331 MEDIUM - 6.3

Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5.

Vendor: Magepeople inc.
Product: WpTravelly
Published: May 26, 2026
Source: NVD
CVE-2026-25444 MEDIUM - 4.3

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9.

Vendor: Magepeople inc.
Product: WpBookingly
Published: May 26, 2026
Source: NVD
CVE-2026-25426 MEDIUM - 5.3

Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.1.

Vendor: Magepeople inc.
Product: Taxi Booking Manager for WooCommerce
Published: May 26, 2026
Source: NVD
CVE-2026-24520 MEDIUM - 4.3

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24.

Vendor: bPlugins
Product: Tiktok Feed
Published: May 26, 2026
Source: NVD
CVE-2025-68710 LOW - 2.4

Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flo...

Published: May 26, 2026
Source: NVD
CVE-2025-68709 MEDIUM - 5.2

SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege esc...

Published: May 26, 2026
Source: NVD
CVE-2026-48047 MEDIUM

XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Vendor: maven
Product: org.xwiki.platform:xwiki-platform-webjars-api
Published: May 26, 2026
Source: GitHub
CVE-2026-35202 LOW

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken a...

Vendor: composer
Product: pterodactyl/panel
Published: May 26, 2026
Source: GitHub
CVE-2026-9572 LOW - 3.3

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. The ...

Vendor: gpac
Product: gpac
Published: May 26, 2026
Source: NVD
CVE-2026-9568 MEDIUM - 5.0

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack...

Published: May 26, 2026
Source: NVD
CVE-2026-8890 HIGH - 8.2

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key head...

Published: May 26, 2026
Source: NVD
CVE-2026-4051 HIGH - 7.2

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.

Vendor: ibm
Product: engineering_lifecycle_management
Published: May 26, 2026
Source: NVD
CVE-2026-48689 CRITICAL - 9.8

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an i...

Vendor: pavel-odintsov
Product: fastnetmon
Published: May 26, 2026
Source: NVD
CVE-2026-3660 CRITICAL - 9.8

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

Vendor: ibm
Product: engineering_lifecycle_management
Published: May 26, 2026
Source: NVD