Total CVEs

140,151

Critical Severity

3,698

High Severity

13,312

Last 7 Days

1,742
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 8,741 - 8,760 of 36,556 CVEs
CVE-2026-25444 MEDIUM - 4.3

Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9.

Vendor: Magepeople inc.
Product: WpBookingly
Published: May 26, 2026
Source: NVD
CVE-2026-25426 MEDIUM - 5.3

Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.1.

Vendor: Magepeople inc.
Product: Taxi Booking Manager for WooCommerce
Published: May 26, 2026
Source: NVD
CVE-2026-24520 MEDIUM - 4.3

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24.

Vendor: bPlugins
Product: Tiktok Feed
Published: May 26, 2026
Source: NVD
CVE-2025-68710 LOW - 2.4

Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flo...

Published: May 26, 2026
Source: NVD
CVE-2025-68709 MEDIUM - 5.2

SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege esc...

Published: May 26, 2026
Source: NVD
CVE-2026-48047 MEDIUM

XWiki Platform vulnerable to potential arbitrary file writing using path traversal from (subwiki) admin

Vendor: maven
Product: org.xwiki.platform:xwiki-platform-webjars-api
Published: May 26, 2026
Source: GitHub
CVE-2026-35202 LOW

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken a...

Vendor: composer
Product: pterodactyl/panel
Published: May 26, 2026
Source: GitHub
CVE-2026-9572 LOW - 3.3

A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of the argument cat leads to memory leak. The attack can only be performed from a local environment. The ...

Vendor: gpac
Product: gpac
Published: May 26, 2026
Source: NVD
CVE-2026-9568 MEDIUM - 5.0

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack...

Published: May 26, 2026
Source: NVD
CVE-2026-8890 HIGH - 8.2

code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP header. The middleware in middleware.ts skips identity header generation when an Auth-Key head...

Published: May 26, 2026
Source: NVD
CVE-2026-4051 HIGH - 7.2

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an attacker with administrative privileges to execute remote code due to exposed method that is not properly restricted.

Vendor: ibm
Product: engineering_lifecycle_management
Published: May 26, 2026
Source: NVD
CVE-2026-48689 CRITICAL - 9.8

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an i...

Vendor: pavel-odintsov
Product: fastnetmon
Published: May 26, 2026
Source: NVD
CVE-2026-3660 CRITICAL - 9.8

IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application.

Vendor: ibm
Product: engineering_lifecycle_management
Published: May 26, 2026
Source: NVD
CVE-2026-3603 HIGH - 7.1

IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit t...

Vendor: ibm
Product: engineering_lifecycle_management
Published: May 26, 2026
Source: NVD
CVE-2026-9567 LOW - 3.3

A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been released to the public...

Published: May 26, 2026
Source: NVD
CVE-2026-9566 MEDIUM - 4.3

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried ou...

Published: May 26, 2026
Source: NVD
CVE-2026-9560 HIGH - 7.8

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

Vendor: openvpn
Product: connect
Published: May 26, 2026
Source: NVD
CVE-2026-9170 HIGH - 7.5

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to denial of service and a potential remote code execution due to improper input validation.

Vendor: ibm
Product: http_server
Published: May 26, 2026
Source: NVD
CVE-2026-8856 HIGH - 7.7

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.

Vendor: ibm
Product: http_server
Published: May 26, 2026
Source: NVD
CVE-2026-8855 HIGH - 8.1

IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).

Vendor: ibm
Product: http_server
Published: May 26, 2026
Source: NVD