Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,636
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 10,621 - 10,640 of 37,942 CVEs
CVE-2026-47120 MEDIUM - 5.4

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check). This issue has been patched in version 2.0.8.

Vendor: go
Product: github.com/nezhahq/nezha
Published: May 23, 2026
Source: GitHub
CVE-2026-46717 HIGH - 8.5

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin (Role==0) and RoleMember (Role==1). The notification routes POST /api/v1/notification and PATCH /a...

Vendor: go
Product: github.com/nezhahq/nezha
Published: May 23, 2026
Source: GitHub
CVE-2026-47280 CRITICAL - 10.0

Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: azure_resource_manager
Published: May 22, 2026
Source: NVD
CVE-2026-45659 HIGH - 8.8

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: sharepoint_server
Published: May 22, 2026
Source: NVD
CVE-2026-42901 CRITICAL - 10.0

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: entra_id
Published: May 22, 2026
Source: NVD
CVE-2026-42827 MEDIUM - 6.5

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: 365_copilot
Published: May 22, 2026
Source: NVD
CVE-2026-41104 CRITICAL - 10.0

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.

Vendor: microsoft
Product: planetary_computer
Published: May 22, 2026
Source: NVD
CVE-2026-41090 CRITICAL - 9.3

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

Vendor: microsoft
Product: 365_copilot
Published: May 22, 2026
Source: NVD
CVE-2026-40412 CRITICAL - 10.0

Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: azure_orbital_spatio
Published: May 22, 2026
Source: NVD
CVE-2026-40411 CRITICAL - 9.9

Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network.

Vendor: microsoft
Product: azure_virtual_network_gateway
Published: May 22, 2026
Source: NVD
CVE-2026-35430 HIGH - 8.8

Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: azure_privileged_identity_management
Published: May 22, 2026
Source: NVD
CVE-2026-33843 CRITICAL - 9.1

Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: entra_id
Published: May 22, 2026
Source: NVD
CVE-2026-26147 HIGH - 7.7

Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network.

Vendor: microsoft
Product: azure_stack_hci
Published: May 22, 2026
Source: NVD
CVE-2026-23663 HIGH - 7.5

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network.

Vendor: microsoft
Product: global_secure_access
Published: May 22, 2026
Source: NVD
CVE-2026-23652 CRITICAL - 10.0

Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.

Vendor: microsoft
Product: power_pages
Published: May 22, 2026
Source: NVD
CVE-2026-41076 HIGH - 8.1

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.9 and prior in addition to 6.0.0 through 6.0.2 contain an authentication bypass vulnerability in RT installations that use LDAP/AD for user authentication. Under certain LDAP server configurations, an attacker may ...

Published: May 22, 2026
Source: NVD
CVE-2026-41075 HIGH - 8.8

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing them ...

Published: May 22, 2026
Source: NVD
CVE-2026-41074 HIGH - 7.1

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 6.0.0 through 6.0.2 contain a Cross-Site Request Forgery (CSRF) vulnerability. An attacker who can induce a logged-in RT user to visit a malicious web page can trigger arbitrary state-changing actions in RT on that use...

Published: May 22, 2026
Source: NVD
CVE-2026-41073 MEDIUM - 4.6

RT is an open source, enterprise-grade issue and ticket tracking system. Versions prior to 5.0.10 and 6.0.0 through 6.0.2 contain a spreadsheet (CSV/formula) injection vulnerability. User-controlled data in spreadsheet exports is not sanitized before being written to the output file, which can cause...

Published: May 22, 2026
Source: NVD
CVE-2026-41071 HIGH - 8.1

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the SampleAuxInfoReader constructo...

Vendor: struktur
Product: libheif
Published: May 22, 2026
Source: NVD