Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,564
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 801 - 820 of 40,149 CVEs
CVE-2026-0288 HIGH - 7.5

Multiple buffer overflow vulnerabilities in the User-ID Terminal Server Agent (TSA) component of Palo Alto Networks PAN-OS software allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition or potentially execute arbitrary code by sending specially crafted ne...

Vendor: paloaltonetworks
Product: pan-os
Published: Jul 08, 2026
Source: NVD

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from the ...

Vendor: GitLab
Product: GitLab
Published: Jul 08, 2026
Source: NVD
CVE-2026-49464 HIGH - 8.1

NL Portal: IDOR allows any authenticated user to complete and tamper with another user's taak

Vendor: maven
Product: nl.nl-portal:taak
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49463 MEDIUM - 6.5

NL Portal: Missing per-user authorization on document and decision GraphQL queries in nl-portal-backend-libraries

Vendor: maven
Product: nl.nl-portal:documenten-api
Published: Jul 08, 2026
Source: GitHub

Waku has an Open Redirect via `unstable_redirect` Helper

Vendor: npm
Product: waku
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49455 MEDIUM - 6.5

Waku: Cross-Origin CSRF on RSC Server Action Dispatch

Vendor: npm
Product: waku
Published: Jul 08, 2026
Source: GitHub
CVE-2026-53649 CRITICAL - 9.6

Joro: Unauthenticated Cross-Origin Plugin Upload Leads to RCE

Vendor: go
Product: github.com/BishopFox/joro
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49833 MEDIUM - 5.5

DSpace: Path Traversal is possible through LDN message generation

Vendor: maven
Product: org.dspace:dspace-api
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49830 MEDIUM - 4.4

DSpace: ORE resource URI does not validate scheme for non-web resources

Vendor: maven
Product: org.dspace:dspace-api
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49831 MEDIUM - 5.5

DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path

Vendor: maven
Product: org.dspace:dspace-api
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49832 HIGH - 8.0

DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN

Vendor: maven
Product: org.dspace:dspace-api
Published: Jul 08, 2026
Source: GitHub
CVE-2026-52831 CRITICAL - 10.0

Nuclio: Unsanitized cron trigger event headers/body injected into CronJob shell command leads to persistent RCE

Vendor: go
Product: github.com/nuclio/nuclio
Published: Jul 08, 2026
Source: GitHub

async-tar PAX extension-header desync enables tar entry/content smuggling

Vendor: rust
Product: async-tar
Published: Jul 08, 2026
Source: GitHub
CVE-2026-50197 HIGH - 8.7

Skipper: opaAuthorizeRequestWithBody filter bypasses OPA policy on Transfer-Encoding โ€” chunked / HTTP/2 requests

Vendor: go
Product: github.com/zalando/skipper
Published: Jul 08, 2026
Source: GitHub
CVE-2026-49825 HIGH - 8.2

`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes

Vendor: pip
Product: lxml_html_clean
Published: Jul 08, 2026
Source: GitHub
CVE-2026-8801 LOW - 3.5

Path equivalence: vulnerability in Progress MOVEit Transfer (File Upload modules). This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4.

Vendor: progress
Product: moveit_transfer
Published: Jul 08, 2026
Source: NVD
CVE-2026-8800 LOW - 2.7

Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

Vendor: progress
Product: moveit_transfer
Published: Jul 08, 2026
Source: NVD
CVE-2026-8651 LOW - 3.7

Limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

Vendor: progress
Product: moveit_transfer
Published: Jul 08, 2026
Source: NVD
CVE-2026-8650 MEDIUM - 4.5

Relative path traversal vulnerability in Progress MOVEit Transfer (Admin Settings module). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

Vendor: progress
Product: moveit_transfer
Published: Jul 08, 2026
Source: NVD
CVE-2026-8649 MEDIUM - 6.4

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer (Custom Reports modules). This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3.

Vendor: progress
Product: moveit_transfer
Published: Jul 08, 2026
Source: NVD