Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,898
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,261 - 13,280 of 37,677 CVEs
CVE-2026-8222 MEDIUM - 5.3

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such manipulation leads to denial of service. The attack may be performed from remote. The exploit has been di...

Vendor: open5gs
Product: open5gs
Published: May 10, 2026
Source: NVD
CVE-2026-8221 LOW - 2.4

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted e...

Published: May 10, 2026
Source: NVD
CVE-2026-8220 LOW - 2.4

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early ...

Published: May 10, 2026
Source: NVD
CVE-2026-8219 LOW - 2.4

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly a...

Published: May 10, 2026
Source: NVD
CVE-2026-8218 LOW - 2.4

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchase_return_save. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the pu...

Published: May 10, 2026
Source: NVD
CVE-2026-8217 MEDIUM - 6.3

A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The ...

Published: May 10, 2026
Source: NVD
CVE-2026-8216 HIGH - 7.3

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendor w...

Published: May 10, 2026
Source: NVD
CVE-2026-8215 MEDIUM - 5.3

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument m_strSourceFileName causes path traversal. The attack can be initiated remotely. The ex...

Published: May 10, 2026
Source: NVD
CVE-2026-8214 MEDIUM - 5.3

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been made ...

Published: May 10, 2026
Source: NVD
CVE-2026-8213 MEDIUM - 5.3

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has ...

Published: May 09, 2026
Source: NVD
CVE-2026-8212 MEDIUM - 5.3

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used....

Published: May 09, 2026
Source: NVD
CVE-2026-8211 MEDIUM - 4.7

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may be...

Published: May 09, 2026
Source: NVD
CVE-2026-45184 MEDIUM - 6.5

Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.

Vendor: KDE
Product: Kdenlive
Published: May 09, 2026
Source: NVD

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let system_server transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN...

Vendor: GrapheneOS
Product: GrapheneOS
Published: May 09, 2026
Source: NVD
CVE-2026-45181 MEDIUM - 6.5

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file.

Vendor: Hex-Rays
Product: IDA
Published: May 09, 2026
Source: NVD
CVE-2026-8210 MEDIUM - 5.3

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this attack...

Published: May 09, 2026
Source: NVD
CVE-2026-8196 LOW - 3.7

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack is...

Published: May 09, 2026
Source: NVD
CVE-2026-8195 MEDIUM - 4.3

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site script...

Published: May 09, 2026
Source: NVD
CVE-2026-8194 MEDIUM - 4.3

A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument _method leads to cross-site request forgery. Remote exploitation of the attack is possible. The ...

Published: May 09, 2026
Source: NVD
CVE-2026-42562 HIGH - 8.3

Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}. The endpoint directly persists the admin attribute from user input, and the escalated accoun...

Vendor: alextselegidis
Product: plainpad
Published: May 09, 2026
Source: NVD