Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,693
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 12,901 - 12,920 of 38,432 CVEs
CVE-2026-32673 HIGH - 8.7

A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges. In appliance mode deployments, a successful exploit can allow the attacker to cross a securit...

Vendor: F5
Product: BIG-IP
Published: May 13, 2026
Source: NVD
CVE-2026-32643 HIGH - 8.7

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not...

Vendor: F5
Product: BIG-IP, BIG-IQ
Published: May 13, 2026
Source: NVD
CVE-2026-31156 MEDIUM - 6.5

A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via the command line. The user-controlled input parameters are directly passed to t...

Published: May 13, 2026
Source: NVD
CVE-2026-28758 MEDIUM - 4.4

When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to ...

Vendor: F5
Product: BIG-IP
Published: May 13, 2026
Source: NVD
CVE-2026-24464 MEDIUM - 6.8

When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files.  Note: Software versions which have reached End of Technical ...

Vendor: F5
Product: BIG-IP
Published: May 13, 2026
Source: NVD
CVE-2026-20916 HIGH - 8.1

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vendor: F5
Product: BIG-IQ
Published: May 13, 2026
Source: NVD

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and...

Vendor: Significant-Gravitas
Product: AutoGPT
Published: May 13, 2026
Source: NVD
CVE-2025-29338 MEDIUM - 5.6

NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function.

Published: May 13, 2026
Source: NVD
CVE-2025-28344 HIGH - 7.5

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.

Published: May 13, 2026
Source: NVD
CVE-2025-28343 HIGH - 7.5

striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons.

Published: May 13, 2026
Source: NVD
CVE-2024-55045 HIGH - 7.3

Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c.

Published: May 13, 2026
Source: NVD
CVE-2024-51395 MEDIUM - 6.2

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio, AP_SmartAudio.cpp components.

Published: May 13, 2026
Source: NVD
CVE-2024-51394 MEDIUM - 5.5

Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp components.

Published: May 13, 2026
Source: NVD
CVE-2020-37226 HIGH - 7.1

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' ...

Vendor: Joomsky
Product: J2 JOBS
Published: May 13, 2026
Source: NVD
CVE-2020-37225 MEDIUM - 6.4

Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in...

Vendor: Powie
Product: WHOIS Domain Check
Published: May 13, 2026
Source: NVD
CVE-2020-37224 HIGH - 7.1

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Attackers can send POST requests to the administrator index with malicious 'sortby' ...

Vendor: Joomsky
Product: J2 JOBS
Published: May 13, 2026
Source: NVD
CVE-2020-37223 HIGH - 7.8

IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to...

Vendor: Iobit
Product: IObit Uninstaller
Published: May 13, 2026
Source: NVD
CVE-2020-37222 HIGH - 7.2

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in ...

Vendor: Kuicms
Product: Kuicms Php EE
Published: May 13, 2026
Source: NVD
CVE-2020-37221 HIGH - 8.4

Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and encode...

Vendor: Drive-software
Product: Atomic Alarm Clock
Published: May 13, 2026
Source: NVD
CVE-2020-37220 HIGH - 7.5

Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative access by retrieving the device serial number. Attackers can query the /api/system/deviceinfo endpoint without authentication to extract the SerialNumber field, then ...

Vendor: www.huawei.com
Product: Huawei HG630 Router
Published: May 13, 2026
Source: NVD