Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,745
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 12,181 - 12,200 of 38,670 CVEs
CVE-2026-47308 MEDIUM - 5.5

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

Vendor: Samsung Open Source
Product: Walrus
Published: May 19, 2026
Source: NVD
CVE-2026-32994 MEDIUM - 5.3

The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content of any message from any room (private groups, direct messages, channels) by simply ...

Vendor: Rocket.Chat
Product: Rocket.Chat
Published: May 19, 2026
Source: NVD
CVE-2026-47307 MEDIUM - 5.5

NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

Vendor: Samsung Open Source
Product: Walrus
Published: May 19, 2026
Source: NVD

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

Vendor: OpenHarmony
Product: OpenHarmony
Published: May 19, 2026
Source: NVD

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

Vendor: OpenHarmony
Product: OpenHarmony
Published: May 19, 2026
Source: NVD
CVE-2026-28733 MEDIUM - 6.5

in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.

Vendor: OpenHarmony
Product: OpenHarmony
Published: May 19, 2026
Source: NVD

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

Vendor: OpenHarmony
Product: OpenHarmony
Published: May 19, 2026
Source: NVD
CVE-2026-27766 MEDIUM - 5.5

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.

Vendor: OpenHarmony
Product: OpenHarmony
Published: May 19, 2026
Source: NVD
CVE-2026-27648 HIGH - 8.8

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

Vendor: OpenHarmony
Product: OpenHarmony
Published: May 19, 2026
Source: NVD
CVE-2026-25850 MEDIUM - 5.5

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak

Vendor: OpenHarmony
Product: OpenHarmony
Published: May 19, 2026
Source: NVD
CVE-2026-25781 HIGH - 8.4

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.

Vendor: OpenHarmony
Product: OpenHarmony
Published: May 19, 2026
Source: NVD

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

Vendor: OpenHarmony
Product: OpenHarmony
Published: May 19, 2026
Source: NVD
CVE-2026-24792 HIGH - 8.1

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

Vendor: OpenHarmony
Product: OpenHarmony
Published: May 19, 2026
Source: NVD
CVE-2026-22069 HIGH - 7.3

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.

Vendor: OPPO
Product: O+ Connect
Published: May 19, 2026
Source: NVD

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature enabled can read the name and structured content of form templates that are intended exclusively for...

Vendor: discourse
Product: discourse
Published: May 19, 2026
Source: NVD
CVE-2026-33234 MEDIUM - 5.0

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backend/backend/blocks/email_block.py accepts a user-supplied smtp_server (string) and smtp_port (integer) ...

Vendor: Significant-Gravitas
Product: AutoGPT
Published: May 19, 2026
Source: NVD
CVE-2026-33233 HIGH - 7.6

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes using pickle.loads without integrity/authenticity checks. The write path serializes values with pic...

Vendor: Significant-Gravitas
Product: AutoGPT
Published: May 19, 2026
Source: NVD
CVE-2026-33232 HIGH - 7.5

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.4.2 through 0.6.51 are vulnerable to an unauthenticated Denial of Service (DoS) through the server due to uncontrolled disk space consumption. The download_agent_file...

Vendor: Significant-Gravitas
Product: AutoGPT
Published: May 19, 2026
Source: NVD
CVE-2026-32323 HIGH - 7.3

Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is atta...

Vendor: mullvad
Product: mullvadvpn-app
Published: May 19, 2026
Source: NVD
CVE-2026-32312 MEDIUM - 4.3

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, an authenticated user with forms READ permission can export the structure of unauthorized forms. This issue has been fixed in version 11.0.7.

Vendor: glpi-project
Product: glpi
Published: May 19, 2026
Source: NVD