Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,590
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 11,161 - 11,180 of 37,942 CVEs
CVE-2026-47784 HIGH - 8.1

In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

Vendor: memcached
Product: memcached
Published: May 20, 2026
Source: NVD
CVE-2026-47783 HIGH - 8.1

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

Vendor: memcached
Product: memcached
Published: May 20, 2026
Source: NVD
CVE-2026-44392 MEDIUM - 4.3

Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed.

Vendor: Six Apart Ltd.
Product: Movable Type, Movable Type Advanced, Movable Type Premium, Movable Type Premium (Advanced Edition)
Published: May 20, 2026
Source: NVD
CVE-2026-2955 MEDIUM - 6.4

The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'X-Forwarded-For' header in versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

Published: May 20, 2026
Source: NVD
CVE-2026-9057 HIGH - 8.2

A broken access control issue has been identified in the Talend Administration Center, that allows a user with โ€œViewโ€ permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available.

Published: May 20, 2026
Source: NVD
CVE-2026-9056 MEDIUM - 5.4

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user.

Published: May 20, 2026
Source: NVD
CVE-2026-7522 HIGH - 8.8

The Advanced Database Cleaner โ€“ Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitr...

Published: May 20, 2026
Source: NVD
CVE-2026-5075 MEDIUM - 4.3

The All in One SEO plugin for WordPress is vulnerable to Sensitive Information Exposure via 'internalOptions' localized script data in versions up to, and including, 4.9.7 due to sensitive internal option data being passed to wp_localize_script() in post editor contexts without effective m...

Published: May 20, 2026
Source: NVD
CVE-2026-9010 HIGH - 7.5

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL qu...

Published: May 20, 2026
Source: NVD
CVE-2026-9003 HIGH - 7.5

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Published: May 20, 2026
Source: NVD
CVE-2026-7637 CRITICAL - 9.8

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST_USER_LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...

Published: May 20, 2026
Source: NVD

mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML without...

Published: May 20, 2026
Source: NVD
CVE-2026-24215 MEDIUM - 5.7

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.

Vendor: NVIDIA
Product: Triton Inference Server
Published: May 20, 2026
Source: NVD
CVE-2026-24214 HIGH - 8.0

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service.

Vendor: NVIDIA
Product: Triton Inference Server
Published: May 20, 2026
Source: NVD
CVE-2026-24213 HIGH - 8.0

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure.

Vendor: NVIDIA
Product: Triton Inference Server
Published: May 20, 2026
Source: NVD
CVE-2026-24210 HIGH - 7.5

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service.

Vendor: NVIDIA
Product: Triton Inference Server
Published: May 20, 2026
Source: NVD
CVE-2026-24209 HIGH - 7.5

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.

Vendor: NVIDIA
Product: Triton Inference Server
Published: May 20, 2026
Source: NVD
CVE-2026-24208 MEDIUM - 5.3

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.

Vendor: NVIDIA
Product: Triton Inference Server
Published: May 20, 2026
Source: NVD
CVE-2026-24207 CRITICAL - 9.8

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Vendor: NVIDIA
Product: Triton Inference Server
Published: May 20, 2026
Source: NVD
CVE-2026-24206 HIGH - 7.3

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure.

Vendor: NVIDIA
Product: Triton Inference Server
Published: May 20, 2026
Source: NVD