Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,293
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 121 - 140 of 1,570 CVEs
CVE-2025-0824 LOW - 3.7

Lack of validation for firmware update in Hitachi Hitachi Virtual Storage Platform One Block 23, 24, 26, 28. This issue affects Hitachi Virtual Storage Platform One Block 23, 24, 26, 28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.

Published: Jun 29, 2026
Source: NVD

A weakness has been identified in GPAC up to 26.02.0. This affects an unknown part of the file src/utils/base_encoding.c of the component ISOBMFF Parser. Executing a manipulation can lead to highly compressed data. The attack needs to be launched locally. The exploit has been made available to the p...

Product: GPAC
Published: Jun 29, 2026
Source: NVD

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform the...

Vendor: Chess
Product: Play and Learn App
Published: Jun 29, 2026
Source: NVD

A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper...

Product: VoltAgent
Published: Jun 28, 2026
Source: NVD

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to...

Vendor: SimStudioAI
Product: sim
Published: Jun 28, 2026
Source: NVD

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to...

Vendor: code-projects
Product: Project Management System
Published: Jun 28, 2026
Source: NVD

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The attack...

Vendor: AIDC-AI
Product: ComfyUI-Copilot
Published: Jun 28, 2026
Source: NVD

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqtt_protocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument session_id results in denial of service. The att...

Vendor: 78
Product: xiaozhi-esp32
Published: Jun 28, 2026
Source: NVD

A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument docid leads to authorization bypass. The attack can be execut...

Vendor: glpi-project
Product: glpi
Published: Jun 28, 2026
Source: NVD

A weakness has been identified in 78 xiaozhi-esp32 up to 2.2.6. Affected by this issue is the function ParseMessage of the file main/mcp_server.cc of the component MCP Response Handler. This manipulation causes improper synchronization. Remote exploitation of the attack is possible. The attack'...

Vendor: 78
Product: xiaozhi-esp32
Published: Jun 28, 2026
Source: NVD

A flaw has been found in arc53 DocsGPT up to 0.18.0. The affected element is the function encrypt_credentials of the file application/security/encryption.py of the component Credential Storage. This manipulation causes insufficient verification of data authenticity. It is possible to initiate the at...

Vendor: arc53
Product: DocsGPT
Published: Jun 28, 2026
Source: NVD

A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results in use of weak hash. The attack may be performed from remote. This attack is characterized by high c...

Vendor: skypilot-org
Product: skypilot
Published: Jun 28, 2026
Source: NVD

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA...

Vendor: 7-Zip
Product: 7-Zip
Published: Jun 28, 2026
Source: NVD

Statamic CMS's incorrect authorization lets view-only users submit Live Preview content reserved for editors

Vendor: composer
Product: statamic/cms
Published: Jun 26, 2026
Source: GitHub

Aimeos Pagible CMS vulnerable to Server Side Request Forgery (SSRF) via DNS rebinding in admin proxy

Vendor: composer
Product: aimeos/pagible
Published: Jun 26, 2026
Source: GitHub

Flawfinder output manipulation via untrusted filenames and source text

Vendor: pip
Product: flawfinder
Published: Jun 26, 2026
Source: GitHub

Incus: CreateCustomVolumeFromBackup nil-pointer dereference on volume_snapshots[*].expires_at (sibling-field variant of GHSA-r7w7)

Vendor: go
Product: github.com/lxc/incus/v7/cmd/incusd
Published: Jun 26, 2026
Source: GitHub

Incus: Nil-pointer dereference in createDependentVolumesFromBackup on disk.{Volume,VolumeSnapshots,Pool}

Vendor: go
Product: github.com/lxc/incus/v7/cmd/incusd
Published: Jun 26, 2026
Source: GitHub

fluent-plugin-s3 Vulnerable to Denial of Service (DoS) via Decompression Bomb in `in_s3`

Vendor: rubygems
Product: fluent-plugin-s3
Published: Jun 26, 2026
Source: GitHub
CVE-2026-3472 LOW - 3.5

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image synta...

Vendor: mattermost
Product: mattermost_server
Published: Jun 26, 2026
Source: NVD