Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,728
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 14,001 - 14,020 of 37,897 CVEs
CVE-2026-8127 MEDIUM - 6.3

A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the public a...

Published: May 08, 2026
Source: NVD
CVE-2026-8126 HIGH - 7.3

A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Published: May 08, 2026
Source: NVD

An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision Touch...

Published: May 08, 2026
Source: NVD

An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash (BSOD) via a read size that exceeds the buffer size.Refer to the ' Security Update for MyASUS ' section on the ASUS Security Advisory for more information.

Published: May 08, 2026
Source: NVD
CVE-2026-8125 MEDIUM - 6.3

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now public...

Published: May 08, 2026
Source: NVD
CVE-2026-8124 LOW - 3.3

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The ...

Vendor: gpac
Product: gpac
Published: May 08, 2026
Source: NVD
CVE-2026-8123 MEDIUM - 4.3

A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly dis...

Vendor: open5gs
Product: open5gs
Published: May 08, 2026
Source: NVD
CVE-2026-8122 MEDIUM - 4.3

A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation results in denial of service. The attack may be performed from remote. The exploit has been made public and...

Vendor: open5gs
Product: open5gs
Published: May 08, 2026
Source: NVD
CVE-2026-8121 MEDIUM - 4.3

A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to ...

Vendor: open5gs
Product: open5gs
Published: May 08, 2026
Source: NVD
CVE-2026-8120 MEDIUM - 4.3

A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit ...

Vendor: open5gs
Product: open5gs
Published: May 08, 2026
Source: NVD
CVE-2026-8119 LOW - 3.3

A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be use...

Vendor: open5gs
Product: open5gs
Published: May 08, 2026
Source: NVD
CVE-2026-8117 MEDIUM - 4.3

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been disclose...

Published: May 08, 2026
Source: NVD
CVE-2026-8116 MEDIUM - 6.3

A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been made a...

Published: May 08, 2026
Source: NVD
CVE-2026-8115 MEDIUM - 5.3

A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The expl...

Published: May 07, 2026
Source: NVD
CVE-2026-6411 HIGH - 7.3

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted, ena...

Published: May 07, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: May 07, 2026
Source: NVD

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wr...

Vendor: rust
Product: openssl
Published: May 07, 2026
Source: GitHub
CVE-2026-44661 MEDIUM - 4.7

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. register_manual() validates the discovery URL against an HTTPS / l...

Vendor: pip
Product: utcp-http
Published: May 07, 2026
Source: GitHub
CVE-2026-8114 MEDIUM - 6.3

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit ...

Published: May 07, 2026
Source: NVD
CVE-2026-8113 MEDIUM - 4.3

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch ...

Vendor: 8421bit
Product: miniclaw
Published: May 07, 2026
Source: NVD