Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,297
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 61 - 80 of 39,613 CVEs

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, using Role Based Access Control. For more details, see: https://docs.xenserver.com/en-us/xencenter/current-rel...

Vendor: Xen
Product: XAPI
Published: Jul 09, 2026
Source: NVD

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, using Role Based Access Control. For more details, see: https://docs.xenserver.com/en-us/xencenter/current-rel...

Vendor: Xen
Product: XAPI
Published: Jul 09, 2026
Source: NVD

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, using Role Based Access Control. For more details, see: https://docs.xenserver.com/en-us/xencenter/current-rel...

Vendor: Xen
Product: XAPI
Published: Jul 09, 2026
Source: NVD

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] XAPI can configure different users with different roles, using Role Based Access Control. For more details, see: https://docs.xenserver.com/en-us/xencenter/current-...

Vendor: Xen
Product: XAPI
Published: Jul 09, 2026
Source: NVD

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota.

Vendor: Xen
Product: oxenstored
Published: Jul 09, 2026
Source: NVD
CVE-2026-15189 MEDIUM - 6.3

A security vulnerability has been detected in aerostackdev aerostack-mcp up to 6315dfde7df0a15aaf743f88d91347115e09ba23. Affected by this issue is the function upload_media of the component mcp-whatsapp. Such manipulation of the argument media_url leads to server-side request forgery. The attack may...

Vendor: aerostackdev
Product: aerostack-mcp
Published: Jul 09, 2026
Source: NVD
CVE-2026-15188 MEDIUM - 6.3

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the argumen...

Vendor: manjurulhoque
Product: django-job-portal
Published: Jul 09, 2026
Source: NVD
CVE-2026-15187 MEDIUM - 4.3

A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes. The attack can be launched remotely. Th...

Product: enquirer
Published: Jul 09, 2026
Source: NVD
CVE-2026-11404 HIGH - 7.5

Cesanta Mongoose before 7.22 contains an out-of-bounds read in the built-in TLS server function mg_tls_server_recv_hello(), which uses an attacker-controlled session_id_len byte from a TLS ClientHello as a buffer index without validating it against the length of received data. A remote, unauthentica...

Vendor: Cesanta
Product: Mongoose
Published: Jul 09, 2026
Source: NVD

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

Vendor: Xen
Product: varstored
Published: Jul 09, 2026
Source: NVD

There are multiple issues. 1. Updates to the XAPI database sanitise input strings, but try generating the notification using the unsanitised input. This causes the database's event thread to terminate and cease further processing. 2. XAPI's UTF-8 encoder implements v3.0 of...

Vendor: Xen
Product: XAPI
Published: Jul 09, 2026
Source: NVD

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. Thes...

Vendor: Xen
Product: Windows PV drivers
Published: Jul 09, 2026
Source: NVD

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. Thes...

Vendor: Xen
Product: Windows PV drivers
Published: Jul 09, 2026
Source: NVD

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. ...

Vendor: Xen
Product: Windows PV drivers
Published: Jul 09, 2026
Source: NVD
CVE-2026-60109 HIGH - 7.5

Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRB_ERROR message with error-code 25 (KDC_ERR_PREAUTH_REQUIRED) containing a PA-DATA element with padata-type 2,...

Vendor: zeek
Product: zeek
Published: Jul 09, 2026
Source: NVD
CVE-2026-60108 HIGH - 7.5

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit the ...

Vendor: zeek
Product: zeek
Published: Jul 09, 2026
Source: NVD
CVE-2026-5005 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals allows Stored XSS. This issue affects OKRs & Goals: from 28220 before 28398.

Published: Jul 09, 2026
Source: NVD

A SQLi vulnerability in AcyMailing component < 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage.

Vendor: acymailing.com
Product: acymailing.com AcyMailing extension for Joomla
Published: Jul 09, 2026
Source: NVD
CVE-2026-54801 HIGH - 7.2

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains insufficient validation of authentication credentials when processing administrative account modifications thr...

Vendor: Siemens
Product: CPCI85 Central Processing/Communication, SICORE Base system
Published: Jul 09, 2026
Source: NVD
CVE-2026-54800 MEDIUM - 4.8

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application ships with a default configuration that disables all OPC UA security mechanisms. This could allow an attacker to gain u...

Vendor: Siemens
Product: CPCI85 Central Processing/Communication, SICORE Base system
Published: Jul 09, 2026
Source: NVD