Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,659
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 10,221 - 10,240 of 37,697 CVEs
CVE-2026-5222 MEDIUM - 6.5

Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an attacker able to publish crates in a registry could obtain the credent...

Vendor: rust-lang
Product: cargo
Published: May 25, 2026
Source: NVD
CVE-2026-45361 HIGH - 8.1

Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to `apache-airflow-pr...

Vendor: Apache Software Foundation
Product: Apache Airflow Google provider
Published: May 25, 2026
Source: NVD

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message (message type 0x03) to the pipe, causing the service t...

Published: May 25, 2026
Source: NVD
CVE-2026-9440 MEDIUM - 6.3

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack remote...

Published: May 25, 2026
Source: NVD
CVE-2026-9439 MEDIUM - 6.3

A vulnerability was determined in Edimax BR-6675nD 1.12. Affected is the function stainfo of the file /goform/stainfo. This manipulation of the argument interface causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. Th...

Published: May 25, 2026
Source: NVD
CVE-2026-9438 MEDIUM - 5.4

A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argument ID results in improper control of resource identifiers. The attack may be performed from remote...

Published: May 25, 2026
Source: NVD
CVE-2026-9437 MEDIUM - 6.3

A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be ...

Published: May 25, 2026
Source: NVD
CVE-2026-9436 CRITICAL - 9.8

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be execute...

Published: May 25, 2026
Source: NVD
CVE-2026-9435 CRITICAL - 9.8

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of th...

Published: May 25, 2026
Source: NVD
CVE-2026-4915 MEDIUM - 6.5

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to filter nil elements from outgoing webhook attachment payloads before processing, which allows an authenticated user to cause a denial of service (server process termination) via a crafte...

Vendor: mattermost
Product: mattermost_server
Published: May 25, 2026
Source: NVD
CVE-2026-45249 MEDIUM - 6.1

A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines seriesย and tooltip are used, and no user-specified tooltip.formatter is provided, and ...

Vendor: Apache Software Foundation
Product: Apache ECharts
Published: May 25, 2026
Source: NVD
CVE-2026-9434 CRITICAL - 9.8

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be launch...

Published: May 25, 2026
Source: NVD
CVE-2026-9433 CRITICAL - 9.8

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. This manipulation of the argument enable causes os command injection. The attack may be initiated remo...

Published: May 25, 2026
Source: NVD
CVE-2026-9432 CRITICAL - 9.8

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument bgProtection results in os command injection. The attac...

Published: May 25, 2026
Source: NVD
CVE-2026-9431 HIGH - 8.8

A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd. The manipulation of the argument opttype leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be ...

Published: May 25, 2026
Source: NVD
CVE-2026-9430 HIGH - 8.8

A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file /goform/GstDhcpSetSerof. Executing a manipulation of the argument dips can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit ...

Published: May 25, 2026
Source: NVD
CVE-2026-9429 HIGH - 8.8

A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. Performing a manipulation of the argument delno results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit ...

Published: May 25, 2026
Source: NVD
CVE-2026-9428 HIGH - 8.8

A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the ...

Published: May 25, 2026
Source: NVD
CVE-2026-41863 MEDIUM - 6.5

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1....

Vendor: Spring
Product: Spring AI
Published: May 25, 2026
Source: NVD
CVE-2026-2651 CRITICAL - 9.0

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to ov...

Published: May 25, 2026
Source: NVD