Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,388
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,661 - 13,680 of 39,119 CVEs
CVE-2026-41051 MEDIUM - 5.0

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories.

Vendor: SUSE
Product: openSUSE Tumbleweed
Published: May 13, 2026
Source: NVD
CVE-2026-2515 MEDIUM - 5.3

The Hostinger Reach โ€“ AI-Powered Email Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_ajax_action' function in all versions up to, and including, 1.3.8. This makes it possible for authenticate...

Published: May 13, 2026
Source: NVD

The new upstream added a privileged D-Bus helper called plasmaloginauthhelper, which suffers from multiple issues, e.g.aA compromised plasmalogin service account can chown()ย arbitrary files in the system.

Vendor: KDE
Product: plasma-login-manager
Published: May 13, 2026
Source: NVD

Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MySQL' or 'MariaDB' (or with write access to a binary referenced by such a ser...

Vendor: Checkmk GmbH
Product: Checkmk
Published: May 13, 2026
Source: NVD
CVE-2026-3004 MEDIUM - 6.4

The Snow Monkey Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โ€˜data-slick' attribute in all versions up to, and including, 24.1.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-...

Published: May 13, 2026
Source: NVD
CVE-2025-14767 MEDIUM - 5.5

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcbm_best_seller` shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it pos...

Vendor: wpclever
Product: WPC Badge Management for WooCommerce
Published: May 13, 2026
Source: NVD
CVE-2026-6965 MEDIUM - 5.3

The Tutor LMS โ€“ eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the `get_course_id_by()` function unconditionally trusting the user-supplied `course` GET parameter as the authoritative c...

Published: May 13, 2026
Source: NVD
CVE-2026-6929 HIGH - 7.5

The JoomSport โ€“ for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of suff...

Published: May 13, 2026
Source: NVD
CVE-2026-44612 HIGH - 7.8

Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer.

Vendor: Bytello
Product: Bytello Share (Windows Edition) installer executable
Published: May 13, 2026
Source: NVD
CVE-2026-32661 CRITICAL - 9.8

Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpassw...

Vendor: Canon Marketing Japan Inc.
Product: GUARDIANWALL MailSuite (On-premises version), GUARDIANWALL Mail Security Cloud (SaaS version)
Published: May 13, 2026
Source: NVD

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the &qu...

Published: May 13, 2026
Source: NVD

Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.

Vendor: Samsung Mobile
Product: Samsung System Support Service
Published: May 13, 2026
Source: NVD
CVE-2026-21022 MEDIUM - 5.5

Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.

Vendor: samsung
Product: android
Published: May 13, 2026
Source: NVD
CVE-2026-21021 MEDIUM - 6.8

Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.

Vendor: samsung
Product: android
Published: May 13, 2026
Source: NVD
CVE-2026-21020 HIGH - 7.8

Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions.

Vendor: samsung
Product: android
Published: May 13, 2026
Source: NVD

Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege.

Vendor: Samsung Mobile
Product: Samsung Mobile Devices
Published: May 13, 2026
Source: NVD
CVE-2026-21018 MEDIUM - 6.7

Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.

Vendor: samsung
Product: android
Published: May 13, 2026
Source: NVD
CVE-2026-21016 MEDIUM - 5.5

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.

Vendor: samsung
Product: android
Published: May 13, 2026
Source: NVD
CVE-2026-21015 MEDIUM - 5.5

Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.

Vendor: samsung
Product: android
Published: May 13, 2026
Source: NVD
CVE-2025-14033 MEDIUM - 5.3

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to ...

Vendor: ghera74
Product: ilGhera Support System for WooCommerce
Published: May 13, 2026
Source: NVD