Total CVEs

142,265

Critical Severity

3,947

High Severity

14,217

Last 7 Days

1,801
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,061 - 14,080 of 38,670 CVEs
CVE-2026-31246 MEDIUM - 6.5

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

Published: May 11, 2026
Source: NVD
CVE-2025-65418 HIGH - 7.5

docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.

Published: May 11, 2026
Source: NVD
CVE-2025-65417 MEDIUM - 6.1

docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.

Published: May 11, 2026
Source: NVD
CVE-2025-65416 MEDIUM - 6.3

docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php.

Published: May 11, 2026
Source: NVD
CVE-2025-65415 MEDIUM - 5.4

docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application.

Published: May 11, 2026
Source: NVD

Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-2026-21709 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

Published: May 11, 2026
Source: NVD
CVE-2025-61314 HIGH - 7.3

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable val...

Published: May 11, 2026
Source: NVD
CVE-2025-61313 HIGH - 7.3

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable...

Published: May 11, 2026
Source: NVD
CVE-2025-61312 HIGH - 7.3

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable valu...

Published: May 11, 2026
Source: NVD
CVE-2025-61311 HIGH - 7.3

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

Published: May 11, 2026
Source: NVD
CVE-2025-61310 MEDIUM - 6.1

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable val...

Published: May 11, 2026
Source: NVD
CVE-2025-61309 MEDIUM - 6.1

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable ...

Published: May 11, 2026
Source: NVD
CVE-2025-61308 MEDIUM - 6.1

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable ...

Published: May 11, 2026
Source: NVD
CVE-2025-61307 MEDIUM - 6.1

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

Published: May 11, 2026
Source: NVD
CVE-2025-61306 MEDIUM - 6.1

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variab...

Published: May 11, 2026
Source: NVD
CVE-2025-61305 MEDIUM - 6.1

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable val...

Published: May 11, 2026
Source: NVD

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent perfo...

Vendor: npm
Product: @github/copilot
Published: May 11, 2026
Source: GitHub
CVE-2026-44543 HIGH - 8.7

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-pat...

Vendor: go
Product: github.com/rancher/local-path-provisioner
Published: May 11, 2026
Source: GitHub

Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-nextjs-data header on a normal request to a path handled by middleware that returns a redirect. When that happened, the middleware/proxy could treat the ...

Vendor: npm
Product: next
Published: May 11, 2026
Source: GitHub
CVE-2026-44521 HIGH - 8.8

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver (elFinderVolumeMySQL) allows any logged-in user, including users with read-only access to the affected volume, to ...

Vendor: composer
Product: studio-42/elfinder
Published: May 11, 2026
Source: GitHub