Total CVEs

141,292

Critical Severity

3,799

High Severity

13,738

Last 7 Days

1,830
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 10,261 - 10,280 of 37,697 CVEs
CVE-2026-9411 MEDIUM - 6.3

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST_Invoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customer_name/category results in sql injection. The atta...

Published: May 25, 2026
Source: NVD
CVE-2026-9410 MEDIUM - 4.3

A vulnerability has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This vulnerability affects unknown code of the file /profile of the component Profile Workflow. Such manipulation of the argument ID leads to improper authorization. It is possible to launch t...

Published: May 25, 2026
Source: NVD
CVE-2026-9409 MEDIUM - 4.3

A flaw has been found in Sushmi-pal Invoice-System up to a0a3faa16dee2621b231ae227333f5761607283b. This affects an unknown part of the file /user of the component User Management Handler. This manipulation of the argument role causes improper authorization. It is possible to initiate the attack remo...

Published: May 25, 2026
Source: NVD
CVE-2026-9408 CRITICAL - 9.8

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument enable results in os command injection. The attack may be perfo...

Published: May 25, 2026
Source: NVD
CVE-2026-9407 CRITICAL - 9.8

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setFirewallType of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument firewallType leads to os command injection. ...

Published: May 25, 2026
Source: NVD
CVE-2026-9406 CRITICAL - 9.8

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remot...

Published: May 25, 2026
Source: NVD
CVE-2026-9405 CRITICAL - 9.8

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of ...

Published: May 25, 2026
Source: NVD
CVE-2026-9404 CRITICAL - 9.8

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. The ...

Published: May 24, 2026
Source: NVD
CVE-2026-9403 HIGH - 8.8

A vulnerability was determined in Edimax BR-6675nD 1.12. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. This manipulation of the argument selSSID causes buffer overflow. The attack may be initiated remotely. The explo...

Published: May 24, 2026
Source: NVD
CVE-2026-9402 MEDIUM - 6.3

A vulnerability was found in Edimax BR-6675nD 1.12. The affected element is the function formWlanMP of the file /goform/formWlanMP of the component POST Request Handler. The manipulation of the argument ateFunc/ateGain/ateRate/ateChan/ateTxCount/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2...

Published: May 24, 2026
Source: NVD
CVE-2026-9401 HIGH - 8.8

A vulnerability has been found in Edimax BR-6675nD 1.12. Impacted is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. The manipulation of the argument pppUserName leads to buffer overflow. The attack can be initiated remotely. The exploit ha...

Published: May 24, 2026
Source: NVD
CVE-2026-9400 MEDIUM - 6.3

A flaw has been found in Edimax BR-6675nD 1.12. This issue affects the function formUSBStorage of the file /goform/formUSBStorage of the component POST Request Handler. Executing a manipulation of the argument sub_dir can lead to command injection. It is possible to launch the attack remotely. The e...

Published: May 24, 2026
Source: NVD

action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.

Vendor: SPIP
Product: SPIP
Published: May 24, 2026
Source: NVD
CVE-2026-9399 HIGH - 8.8

A vulnerability was detected in Edimax BR-6675nD 1.12. This vulnerability affects the function formsetPPPoE of the file /goform/formsetPPPoE of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. It is possible to initiate the attack ...

Published: May 24, 2026
Source: NVD

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandbox...

Vendor: WineHQ
Product: Wine
Published: May 24, 2026
Source: NVD
CVE-2026-9398 LOW - 3.1

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this natur...

Published: May 24, 2026
Source: NVD
CVE-2026-9397 HIGH - 8.1

A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree of...

Published: May 24, 2026
Source: NVD
CVE-2026-9396 LOW - 3.7

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A hig...

Published: May 24, 2026
Source: NVD
CVE-2026-9395 LOW - 3.5

A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions, that...

Published: May 24, 2026
Source: NVD
CVE-2026-9394 LOW - 3.1

A vulnerability was determined in Besen BS20 EV Charging Station up to 20260426. This impacts an unknown function of the component Bluetooth Low Energy Handler. Executing a manipulation can lead to weak password requirements. The attack needs to be done within the local network. This attack is chara...

Published: May 24, 2026
Source: NVD