Total CVEs

141,492

Critical Severity

3,867

High Severity

13,899

Last 7 Days

1,646
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 14,141 - 14,160 of 37,897 CVEs
CVE-2026-3953 HIGH - 8.8

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XSS), Reflected XSS. This issue affects Proticaret E-Commerce: from v5.0.0 before V 6.0.1767...

Published: May 07, 2026
Source: NVD
CVE-2026-33589 MEDIUM - 6.5

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.

Vendor: Open Notebook
Product: Open Notebook
Published: May 07, 2026
Source: NVD
CVE-2026-33588 HIGH - 8.1

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.

Vendor: Open Notebook
Product: Open Notebook
Published: May 07, 2026
Source: NVD
CVE-2026-33587 CRITICAL - 10.0

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

Vendor: Open Notebook
Product: Open Notebook
Published: May 07, 2026
Source: NVD
CVE-2026-28201 HIGH - 7.8

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is a...

Vendor: Open Notebook
Product: Open Notebook
Published: May 07, 2026
Source: NVD
CVE-2026-27415 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5.

Vendor: PluginUs.Net
Product: BEAR
Published: May 07, 2026
Source: NVD
CVE-2026-6805 HIGH - 7.5

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.

Vendor: thalesgroup
Product: ercom_cryptobox
Published: May 07, 2026
Source: NVD
CVE-2026-44407 MEDIUM - 4.7

A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.

Vendor: ZTE
Product: ZXCLOUD iRAI
Published: May 07, 2026
Source: NVD
CVE-2026-27421 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.

Vendor: WProyal
Product: Royal Elementor Addons
Published: May 07, 2026
Source: NVD
CVE-2026-27416 MEDIUM - 5.3

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1.

Vendor: bPlugins
Product: PDF Poster
Published: May 07, 2026
Source: NVD
CVE-2026-27329 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.

Vendor: YITH
Product: YITH WooCommerce Wishlist
Published: May 07, 2026
Source: NVD
CVE-2026-25468 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8.

Vendor: weDevs
Product: Happy Addons for Elementor
Published: May 07, 2026
Source: NVD
CVE-2026-25436 MEDIUM - 5.3

Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.

Vendor: WProyal
Product: Royal Elementor Addons
Published: May 07, 2026
Source: NVD
CVE-2025-68604 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3.

Vendor: WPGraphQL
Product: WPGraphQL
Published: May 07, 2026
Source: NVD
CVE-2025-68060 HIGH - 7.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through 8.5.

Vendor: WPMart
Product: Team Member
Published: May 07, 2026
Source: NVD
CVE-2025-66105 MEDIUM - 5.3

Missing Authorization vulnerability in Magepeople inc. Bus Ticket Booking with Seat Reservation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Bus Ticket Booking with Seat Reservation: from n/a before 5.6.8.

Vendor: Magepeople inc.
Product: Bus Ticket Booking with Seat Reservation
Published: May 07, 2026
Source: NVD
CVE-2025-62127 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0.

Vendor: WEN Themes
Product: WEN Logo Slider
Published: May 07, 2026
Source: NVD
CVE-2025-2514 MEDIUM - 5.3

Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Bl...

Vendor: hitachi
Product: virtual_storage_one_block
Published: May 07, 2026
Source: NVD
CVE-2025-1978 HIGH - 8.3

Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual St...

Vendor: hitachi
Product: virtual_storage_one_block
Published: May 07, 2026
Source: NVD
CVE-2024-43384 HIGH - 8.0

A low privileged remote attacker can gainΒ the root password due to improper removal of sensitive information before storage or transfer.

Vendor: phoenixcontact
Product: fl_mguard_2102_firmware
Published: May 07, 2026
Source: NVD