Total CVEs

139,448

Critical Severity

3,643

High Severity

13,083

Last 7 Days

1,262
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 8,041 - 8,060 of 35,853 CVEs
CVE-2025-68710 LOW - 2.4

Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flo...

Published: May 26, 2026
Source: NVD
CVE-2025-68709 MEDIUM - 5.2

SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege esc...

Published: May 26, 2026
Source: NVD
CVE-2026-48047 MEDIUM

XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Vendor: maven
Product: org.xwiki.platform:xwiki-platform-webjars-api
Published: May 26, 2026
Source: GitHub
CVE-2026-35202 LOW

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken a...

Vendor: composer
Product: pterodactyl/panel
Published: May 26, 2026
Source: GitHub
CVE-2026-9572 LOW - 3.3

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. The ...

Vendor: gpac
Product: gpac
Published: May 26, 2026
Source: NVD
CVE-2026-9568 MEDIUM - 5.0

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack...

Published: May 26, 2026
Source: NVD
CVE-2026-8890 HIGH - 8.2

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key head...

Published: May 26, 2026
Source: NVD
CVE-2026-4051 HIGH - 7.2

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.

Vendor: ibm
Product: engineering_lifecycle_management
Published: May 26, 2026
Source: NVD
CVE-2026-48689 CRITICAL - 9.8

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an i...

Vendor: pavel-odintsov
Product: fastnetmon
Published: May 26, 2026
Source: NVD
CVE-2026-3660 CRITICAL - 9.8

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

Vendor: ibm
Product: engineering_lifecycle_management
Published: May 26, 2026
Source: NVD
CVE-2026-3603 HIGH - 7.1

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit t...

Vendor: ibm
Product: engineering_lifecycle_management
Published: May 26, 2026
Source: NVD
CVE-2026-9567 LOW - 3.3

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the public...

Published: May 26, 2026
Source: NVD
CVE-2026-9566 MEDIUM - 4.3

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried ou...

Published: May 26, 2026
Source: NVD
CVE-2026-9560 HIGH - 7.8

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

Vendor: openvpn
Product: connect
Published: May 26, 2026
Source: NVD
CVE-2026-9170 HIGH - 7.5

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to denial of service and a potential remote code execution due to improper input validation.

Vendor: ibm
Product: http_server
Published: May 26, 2026
Source: NVD
CVE-2026-8856 HIGH - 7.7

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.

Vendor: ibm
Product: http_server
Published: May 26, 2026
Source: NVD
CVE-2026-8855 HIGH - 8.1

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

Vendor: ibm
Product: http_server
Published: May 26, 2026
Source: NVD
CVE-2026-8854 HIGH - 7.5

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.

Vendor: ibm
Product: http_server
Published: May 26, 2026
Source: NVD
CVE-2026-8835 HIGH - 7.3

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service.

Vendor: ibm
Product: http_server
Published: May 26, 2026
Source: NVD
CVE-2026-8834 HIGH - 8.0

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service.

Vendor: ibm
Product: http_server
Published: May 26, 2026
Source: NVD