Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,602
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,841 - 9,860 of 37,942 CVEs

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTM_DELQDISC, taprio_graft() is called with new == NULL and stores NULL into q->qdiscs[cl - 1]. Subsequent RTM_GETTCLASS dum...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arp_packet_match() unconditionally parses the ARP payload assuming two hardware addresses are present (source and target). However, IPv4-over-IEEE139...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD
CVE-2026-45843 HIGH - 8.2

In the Linux kernel, the following vulnerability has been resolved: slip: bound decode() reads against the compressed packet length slhc_uncompress() parses a VJ-compressed TCP header by advancing a pointer through the packet via decode() and pull16(). Neither helper bounds-checks against isize, a...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhc_init() accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation loop in slh...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO nf_osf_match_one() computes ctx->window % f->wss.val in the OSF_WSS_MODULO branch with no guard for f->wss.val == 0. A CAP_NET_ADMIN user can add such a finge...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with nlmsg_new(NLMSG_DEFAULT_SIZE, ...) but serialize the full upcall PID array via ovs_vport_get_upcall_p...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec() CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struc...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroup_storage_get_next_key() list_next_entry() never returns NULL -- when the current element is the last entry it wraps to the list head via container_of(). The subsequent NULL check is therefor...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena_vm_close on fork arena_vm_open() only bumps vml->mmap_count but never registers the child VMA in arena->vma_list. The vml->vma always points at the parent VMA, so after parent munmap the p...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD
CVE-2026-42762 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS vikbooking allows DOM-Based XSS.This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through <= 1.8.9.

Vendor: e4jvikwp
Product: VikBooking Hotel Booking Engine & PMS
Published: May 27, 2026
Source: NVD
CVE-2026-42761 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a thro...

Vendor: RealMag777
Product: Active Products Tables for WooCommerce
Published: May 27, 2026
Source: NVD
CVE-2026-42760 HIGH - 7.5

Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Password Recovery Exploitation.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.25.

Vendor: revmakx
Product: Backup and Staging by WP Time Capsule
Published: May 27, 2026
Source: NVD
CVE-2026-42759 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through <= 1.10.1.

Vendor: Timo
Product: Affiliate Super Assistent
Published: May 27, 2026
Source: NVD
CVE-2026-42758 CRITICAL - 9.8

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through < 4.08.253.

Vendor: Saleswonder Team: Tobias
Product: WebinarIgnition
Published: May 27, 2026
Source: NVD
CVE-2026-42757 CRITICAL - 9.9

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Path Traversal.This issue affects WebinarIgnition: from n/a through < 4.08.253.

Vendor: Saleswonder Team: Tobias
Product: WebinarIgnition
Published: May 27, 2026
Source: NVD
CVE-2026-42756 CRITICAL - 9.9

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ludwig You QuickWebP &#8211; Compress / Optimize Images &amp; Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP &#8211; Compress / Optimize Ima...

Vendor: Ludwig You
Product: QuickWebP &#8211; Compress / Optimize Images &amp; Convert WebP | SEO Friendly
Published: May 27, 2026
Source: NVD
CVE-2026-42755 CRITICAL - 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.

Vendor: RealMag777
Product: TableOn
Published: May 27, 2026
Source: NVD
CVE-2026-42754 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phbernard Favicon favicon-by-realfavicongenerator allows Reflected XSS.This issue affects Favicon: from n/a through <= 1.3.46.

Vendor: phbernard
Product: Favicon
Published: May 27, 2026
Source: NVD
CVE-2026-42753 HIGH - 7.3

Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCFM Membership: from n/a through <= 2.11.10.

Vendor: WC Lovers
Product: WCFM Membership
Published: May 27, 2026
Source: NVD
CVE-2026-42751 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop Booking Manager booking-manager allows Stored XSS.This issue affects Booking Manager: from n/a through <= 2.1.18.

Vendor: wpdevelop
Product: Booking Manager
Published: May 27, 2026
Source: NVD