Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,576
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 11,081 - 11,100 of 37,942 CVEs

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: May 20, 2026
Source: NVD
CVE-2026-7613 HIGH - 7.2

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...

Published: May 20, 2026
Source: NVD
CVE-2026-44926 HIGH - 8.8

InfoScale CmdServer before 7.4.2 mishandles access control.

Published: May 20, 2026
Source: NVD
CVE-2026-44925 HIGH - 8.8

Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge.

Vendor: veritas
Product: infoscale_operations_manager
Published: May 20, 2026
Source: NVD
CVE-2026-44924 MEDIUM - 5.4

InfoScale VIOM 9.1.3 allows XSS.

Vendor: veritas
Product: infoscale_operations_manager
Published: May 20, 2026
Source: NVD
CVE-2026-44923 MEDIUM - 6.5

SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.

Vendor: veritas
Product: infoscale_operations_manager
Published: May 20, 2026
Source: NVD
CVE-2026-20223 CRITICAL - 10.0

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication wh...

Vendor: Cisco
Product: Cisco Secure Workload
Published: May 20, 2026
Source: NVD
CVE-2026-20206 MEDIUM - 6.3

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco ThousandEy...

Vendor: Cisco
Product: Cisco ThousandEyes Enterprise Agent
Published: May 20, 2026
Source: NVD
CVE-2026-20199 MEDIUM - 4.7

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An authentica...

Vendor: Cisco
Product: Cisco ThousandEyes Enterprise Agent
Published: May 20, 2026
Source: NVD
CVE-2026-20171 MEDIUM - 6.8

A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of servic...

Vendor: Cisco
Product: Cisco NX-OS Software
Published: May 20, 2026
Source: NVD

MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid OI...

Published: May 20, 2026
Source: NVD
CVE-2026-8598 CRITICAL - 9.1

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.

Published: May 20, 2026
Source: NVD
CVE-2026-8488 MEDIUM - 4.3

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

Vendor: progress
Product: moveit_automation
Published: May 20, 2026
Source: NVD
CVE-2026-8487 MEDIUM - 6.5

Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

Vendor: progress
Product: moveit_automation
Published: May 20, 2026
Source: NVD
CVE-2026-8486 MEDIUM - 5.3

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.

Vendor: progress
Product: moveit_automation
Published: May 20, 2026
Source: NVD
CVE-2026-5783 HIGH - 7.6

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This issue affects CityPLus: before V24.29750.1.0.

Published: May 20, 2026
Source: NVD
CVE-2026-4293 MEDIUM - 5.3

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.

Published: May 20, 2026
Source: NVD
CVE-2026-39047 HIGH - 7.5

Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100

Published: May 20, 2026
Source: NVD
CVE-2025-32750 HIGH - 7.5

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Vendor: Dell
Product: PowerFlex Manager (Appliance), PowerFlex Manager (Rack), PowerFlex Manager
Published: May 20, 2026
Source: NVD
CVE-2023-7346 MEDIUM - 4.0

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies that...

Published: May 20, 2026
Source: NVD