Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,442
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,421 - 13,440 of 37,942 CVEs
CVE-2026-8264 MEDIUM - 6.3

A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possi...

Vendor: tenda
Product: ac6_firmware
Published: May 11, 2026
Source: NVD
CVE-2026-8263 MEDIUM - 4.7

A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack ...

Vendor: tenda
Product: ac10u_firmware
Published: May 11, 2026
Source: NVD
CVE-2026-8262 LOW - 2.4

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was conta...

Published: May 11, 2026
Source: NVD
CVE-2026-8261 MEDIUM - 5.9

A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The ...

Published: May 11, 2026
Source: NVD
CVE-2026-8260 HIGH - 8.8

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely....

Vendor: dlink
Product: dcs-935l_firmware
Published: May 11, 2026
Source: NVD
CVE-2026-8259 MEDIUM - 4.7

A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been discl...

Vendor: tenda
Product: ac6_firmware
Published: May 11, 2026
Source: NVD
CVE-2026-8258 MEDIUM - 5.3

A flaw has been found in Squirrel up to 3.2. Impacted is the function validate_format in the library sqstdlib/sqstdstring.cpp. Executing a manipulation can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used. The project was in...

Published: May 11, 2026
Source: NVD
CVE-2026-8257 LOW - 3.3

A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a manipulation results in reachable assertion. The attack needs to be approached locally. The exploit ...

Published: May 11, 2026
Source: NVD
CVE-2026-8256 LOW - 2.4

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The ...

Published: May 11, 2026
Source: NVD
CVE-2026-8255 LOW - 2.4

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. This affects an unknown part of the file /inventory/add_new_customer. This manipulation causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be used for att...

Published: May 11, 2026
Source: NVD
CVE-2026-8254 LOW - 2.4

A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the publ...

Published: May 11, 2026
Source: NVD
CVE-2026-8253 LOW - 2.4

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchase_save. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and...

Published: May 11, 2026
Source: NVD
CVE-2026-8252 MEDIUM - 4.3

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smf_nsmf_handle_create_data_in_hsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilize...

Vendor: open5gs
Product: open5gs
Published: May 11, 2026
Source: NVD
CVE-2026-8251 MEDIUM - 4.3

A vulnerability was found in Open5GS up to 2.7.7. This impacts the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. Performing a manipulation results in denial of service. The attack is possible to be carried out remotely. The exploit has been mad...

Vendor: open5gs
Product: open5gs
Published: May 10, 2026
Source: NVD
CVE-2026-8250 MEDIUM - 4.3

A vulnerability has been found in Open5GS up to 2.7.7. This affects the function smf_n4_build_qos_flow_to_modify_list of the file /src/smf/n4-build.c of the component SMF. Such manipulation leads to denial of service. The attack can be executed remotely. The exploit has been disclosed to the public ...

Vendor: open5gs
Product: open5gs
Published: May 10, 2026
Source: NVD
CVE-2026-8249 MEDIUM - 4.3

A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation causes denial of service. Remote exploitation of the attack is possible. The exploit has been published an...

Vendor: open5gs
Product: open5gs
Published: May 10, 2026
Source: NVD
CVE-2026-8248 MEDIUM - 4.3

A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may...

Vendor: open5gs
Product: open5gs
Published: May 10, 2026
Source: NVD
CVE-2026-8177 HIGH - 7.5

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. A...

Published: May 10, 2026
Source: NVD
CVE-2026-45191 MEDIUM - 6.5

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190.

Vendor: STIGTSP
Product: Net::CIDR::Lite
Published: May 10, 2026
Source: NVD
CVE-2026-45190 MEDIUM - 6.5

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit characters pass the validators but are then re-encoded by the parser to a different address than the input...

Vendor: STIGTSP
Product: Net::CIDR::Lite
Published: May 10, 2026
Source: NVD