Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,806
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 14,361 - 14,380 of 38,803 CVEs
CVE-2026-8242 LOW - 3.7

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. The impacted element is the function doAction of the component Login RMI Interface. Performing a manipulation results in observable response discrepancy. The attack is possible to be carried out remotely. A high degree...

Published: May 10, 2026
Source: NVD
CVE-2026-8241 MEDIUM - 5.3

A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to ...

Published: May 10, 2026
Source: NVD
CVE-2026-8235 MEDIUM - 5.5

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is identified...

Published: May 10, 2026
Source: NVD
CVE-2026-8234 HIGH - 8.8

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

Published: May 10, 2026
Source: NVD

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

Vendor: libexpat project
Product: libexpat
Published: May 10, 2026
Source: NVD
CVE-2026-8233 MEDIUM - 4.6

A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was contacte...

Published: May 10, 2026
Source: NVD
CVE-2026-8232 LOW - 3.5

A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlib_worker_loop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure.

Published: May 10, 2026
Source: NVD
CVE-2026-8231 MEDIUM - 6.3

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public ...

Published: May 10, 2026
Source: NVD
CVE-2026-7263 HIGH - 7.5

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial...

Vendor: php
Product: php
Published: May 10, 2026
Source: NVD
CVE-2026-6104 CRITICAL - 9.1

In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that when strncasecmp() returns 0 it means the strings have the same length. This can lead ...

Vendor: php
Product: php
Published: May 10, 2026
Source: NVD
CVE-2026-8230 MEDIUM - 6.3

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The ...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 10, 2026
Source: NVD
CVE-2026-8229 MEDIUM - 6.3

A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is now...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 10, 2026
Source: NVD
CVE-2026-8228 MEDIUM - 6.3

A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. The attack may be launched remotely. The exploit has been ...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 10, 2026
Source: NVD
CVE-2026-8227 MEDIUM - 6.3

A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The ...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 10, 2026
Source: NVD
CVE-2026-8226 MEDIUM - 5.3

A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be launched remotely. The exploit has been released to the public ...

Vendor: open5gs
Product: open5gs
Published: May 10, 2026
Source: NVD
CVE-2026-8225 MEDIUM - 5.3

A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available a...

Vendor: open5gs
Product: open5gs
Published: May 10, 2026
Source: NVD
CVE-2026-7568 HIGH - 7.5

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signe...

Vendor: php
Product: php
Published: May 10, 2026
Source: NVD
CVE-2026-7262 HIGH - 7.5

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element.  This leads to dereferences a NULL pointer, ca...

Vendor: php
Product: php
Published: May 10, 2026
Source: NVD
CVE-2026-7261 CRITICAL - 9.8

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persist...

Vendor: php
Product: php
Published: May 10, 2026
Source: NVD
CVE-2026-7259 MEDIUM - 6.5

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to  a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when user-con...

Vendor: php
Product: php
Published: May 10, 2026
Source: NVD