Total CVEs

143,656

Critical Severity

4,086

High Severity

14,732

Last 7 Days

1,512
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 1,041 - 1,060 of 40,061 CVEs
CVE-2026-48956 MEDIUM - 5.0

An improper access check allows users to display a list of modules in the frontend.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48955 MEDIUM - 6.5

An improper access check allows unauthorized users to access workflow stage and transition information.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48954 MEDIUM - 6.1

Improper validation leads to a generic XSS vector in the language override feature.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48953 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the generic image output layout.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48952 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48951 MEDIUM - 6.1

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48950 MEDIUM - 6.1

Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48949 MEDIUM - 6.1

Lack of validation leads to an XSS vulnerability in the MFA management views.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48948 HIGH - 8.8

An improper access check allows user to download vcard exports of com_contact contacts that are inaccessible.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-48947 MEDIUM - 4.9

An improper access check allows privileged users to overwrite media files without editing permissions.

Vendor: Joomla! Project
Product: Joomla! CMS
Published: Jul 07, 2026
Source: NVD
CVE-2026-57851 HIGH - 7.8

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator privile...

Vendor: Micro-Star International (MSI)
Product: KernCoreLib64.sys
Published: Jul 07, 2026
Source: NVD
CVE-2026-23698 HIGH - 7.2

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents dir...

Vendor: Vtiger
Product: Vtiger CRM
Published: Jul 07, 2026
Source: NVD
CVE-2026-23697 HIGH - 8.8

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the .phar...

Vendor: Vtiger
Product: Vtiger CRM
Published: Jul 07, 2026
Source: NVD
CVE-2026-14904 MEDIUM - 6.5

AWS Research and Engineering Studio (RES) is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue (CWE-59) in the Auth.GetUserPrivateKey API. An authenticated r...

Vendor: AWS
Product: res
Published: Jul 07, 2026
Source: NVD
CVE-2026-13020 HIGH - 8.1

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an em...

Vendor: Esri
Product: Portal for ArcGIS
Published: Jul 07, 2026
Source: NVD
CVE-2026-13019 CRITICAL - 9.8

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API.

Vendor: Esri
Product: Portal for ArcGIS
Published: Jul 07, 2026
Source: NVD
CVE-2025-12799 MEDIUM - 6.5

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting (XSS) attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling.

Published: Jul 07, 2026
Source: NVD
CVE-2026-56812 HIGH - 7.5

Improper Check for Unusual or Exceptional Conditions vulnerability in phoenixframework phoenix (Presence JavaScript client) allows an attacker with ordinary channel access to cause a persistent client-side denial of service against every viewer of a presence channel topic. This vulnerability is ass...

Vendor: phoenixframework
Product: phoenix
Published: Jul 07, 2026
Source: NVD
CVE-2026-56811 HIGH - 7.5

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix (Phoenix.Socket module) allows an unauthenticated attacker to cause a denial of service against any endpoint that mounts a Phoenix socket with a reachable channel transport (WebSocket or LongPoll). This v...

Vendor: phoenixframework
Product: phoenix
Published: Jul 07, 2026
Source: NVD
CVE-2026-14969 MEDIUM - 4.4

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext blocks.

Vendor: Red Hat
Product: Red Hat Directory Server 11, Red Hat Directory Server 12, Red Hat Directory Server 13, Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Jul 07, 2026
Source: NVD