Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,590
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 14,181 - 14,200 of 37,942 CVEs
CVE-2026-5791 CRITICAL - 9.6

Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.

Published: May 07, 2026
Source: NVD
CVE-2026-5784 HIGH - 8.8

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.

Published: May 07, 2026
Source: NVD
CVE-2026-8080 MEDIUM - 5.4

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The app...

Vendor: misp
Product: misp
Published: May 07, 2026
Source: NVD
CVE-2026-6508 CRITICAL - 9.8

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2.

Published: May 07, 2026
Source: NVD
CVE-2026-42010 HIGH - 7.1

A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. Th...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images, Red Hat OpenShift Container Platform 4
Published: May 07, 2026
Source: NVD
CVE-2026-3953 HIGH - 8.8

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XSS), Reflected XSS. This issue affects Proticaret E-Commerce: from v5.0.0 before V 6.0.1767...

Published: May 07, 2026
Source: NVD
CVE-2026-33589 MEDIUM - 6.5

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal.

Vendor: Open Notebook
Product: Open Notebook
Published: May 07, 2026
Source: NVD
CVE-2026-33588 HIGH - 8.1

Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.

Vendor: Open Notebook
Product: Open Notebook
Published: May 07, 2026
Source: NVD
CVE-2026-33587 CRITICAL - 10.0

Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.

Vendor: Open Notebook
Product: Open Notebook
Published: May 07, 2026
Source: NVD
CVE-2026-28201 HIGH - 7.8

An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is a...

Vendor: Open Notebook
Product: Open Notebook
Published: May 07, 2026
Source: NVD
CVE-2026-27415 MEDIUM - 4.3

Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5.

Vendor: PluginUs.Net
Product: BEAR
Published: May 07, 2026
Source: NVD
CVE-2026-6805 HIGH - 7.5

Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.

Vendor: thalesgroup
Product: ercom_cryptobox
Published: May 07, 2026
Source: NVD
CVE-2026-44407 MEDIUM - 4.7

A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.

Vendor: ZTE
Product: ZXCLOUD iRAI
Published: May 07, 2026
Source: NVD
CVE-2026-27421 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.

Vendor: WProyal
Product: Royal Elementor Addons
Published: May 07, 2026
Source: NVD
CVE-2026-27416 MEDIUM - 5.3

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1.

Vendor: bPlugins
Product: PDF Poster
Published: May 07, 2026
Source: NVD
CVE-2026-27329 MEDIUM - 5.3

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.

Vendor: YITH
Product: YITH WooCommerce Wishlist
Published: May 07, 2026
Source: NVD
CVE-2026-25468 MEDIUM - 5.3

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8.

Vendor: weDevs
Product: Happy Addons for Elementor
Published: May 07, 2026
Source: NVD
CVE-2026-25436 MEDIUM - 5.3

Missing Authorization vulnerability in WProyal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal Elementor Addons: from n/a before 1.7.1053.

Vendor: WProyal
Product: Royal Elementor Addons
Published: May 07, 2026
Source: NVD
CVE-2025-68604 MEDIUM - 5.4

Cross-Site Request Forgery (CSRF) vulnerability in WPGraphQL allows Cross Site Request Forgery. This issue affects WPGraphQL: from n/a through 2.5.3.

Vendor: WPGraphQL
Product: WPGraphQL
Published: May 07, 2026
Source: NVD
CVE-2025-68060 HIGH - 7.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through 8.5.

Vendor: WPMart
Product: Team Member
Published: May 07, 2026
Source: NVD