Total CVEs

141,272

Critical Severity

3,795

High Severity

13,729

Last 7 Days

1,898
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 13,281 - 13,300 of 37,677 CVEs
CVE-2026-8193 MEDIUM - 6.3

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made availa...

Published: May 09, 2026
Source: NVD
CVE-2026-8192 MEDIUM - 6.3

A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the EncrypType/wl_Pass results in os com...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 09, 2026
Source: NVD
CVE-2026-8191 MEDIUM - 6.3

A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might b...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 09, 2026
Source: NVD
CVE-2026-8190 MEDIUM - 6.3

A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway is directly passed by the attacker/so we can control the ppp_username/ppp...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 09, 2026
Source: NVD
CVE-2026-8189 MEDIUM - 6.3

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Automode/sel_EncrypTyp results in os command injection. It is possible to launch the attack remotely. T...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 09, 2026
Source: NVD
CVE-2026-8188 MEDIUM - 6.3

A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has b...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 09, 2026
Source: NVD
CVE-2026-8198 MEDIUM - 5.3

The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin for WordPress is vulnerable to Authentication Bypass to Information Disclosure in versions up to, and including, 3.3.6. This is due to a logic flaw in the verifyAuthorization method where requests without an Auth...

Published: May 09, 2026
Source: NVD
CVE-2026-8186 MEDIUM - 5.3

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named d5bc4...

Vendor: open5gs
Product: open5gs
Published: May 09, 2026
Source: NVD
CVE-2026-8187 MEDIUM - 5.3

A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an i...

Vendor: open5gs
Product: open5gs
Published: May 09, 2026
Source: NVD
CVE-2026-8185 MEDIUM - 6.3

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected component....

Published: May 09, 2026
Source: NVD
CVE-2026-3828 HIGH - 7.2

Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadin...

Published: May 09, 2026
Source: NVD
CVE-2026-32683 MEDIUM - 5.3

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encrypti...

Vendor: EZVIZ
Product: EZVIZ APP
Published: May 09, 2026
Source: NVD
CVE-2026-1749 MEDIUM - 6.8

There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.

Published: May 09, 2026
Source: NVD
CVE-2025-15634 MEDIUM - 4.3

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

Vendor: HCLSoftware
Product: BigFix WebUI
Published: May 09, 2026
Source: NVD
CVE-2025-15633 MEDIUM - 6.5

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables) and bypass privilege requirements via unprotected endpoints lacking adequate security headers.

Vendor: HCLSoftware
Product: BigFix WebUI
Published: May 09, 2026
Source: NVD

Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of the file and a DOS condition. Successful exploitation requires Teacher or higher privileges. Exploitati...

Published: May 09, 2026
Source: NVD

Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PHP. Successful exploitation requires Teacher or higher privileges. Exploitation could result in compro...

Published: May 09, 2026
Source: NVD

bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the attacker to arbitrarily u...

Vendor: containers
Product: bubblewrap
Published: May 09, 2026
Source: NVD

Gibbon versions before v30.0.01 are affected by an authenticated SQL Injection vulnerability by abusing the Tracking/graphing https://github.com/GibbonEdu/core/blob/c431e25fdc874adece5d2dc7e408e9aa2d1abadb/modules/Tracking/graphing.php#L145 feature. Successful exploitation requires Teacher or high...

Published: May 09, 2026
Source: NVD
CVE-2026-7652 MEDIUM - 5.3

The LatePoint plugin for WordPress is vulnerable to Account Takeover via Weak Password Recovery Mechanism in the unauthenticated guest booking flow in versions up to, and including, 5.5.0 This is due to the save_connected_wordpress_user() function propagating a LatePoint customer's email addres...

Published: May 09, 2026
Source: NVD