Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,806
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 14,381 - 14,400 of 38,803 CVEs
CVE-2026-7258 HIGH - 7.5

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - t...

Vendor: php
Product: php
Published: May 10, 2026
Source: NVD
CVE-2026-6735 MEDIUM - 6.1

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when the target is ...

Vendor: php
Product: php
Published: May 10, 2026
Source: NVD
CVE-2026-6722 CRITICAL - 9.8

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

Vendor: php
Product: php
Published: May 10, 2026
Source: NVD
CVE-2025-14179 CRITICAL - 9.8

In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops ...

Vendor: PHP Group
Product: PHP
Published: May 10, 2026
Source: NVD
CVE-2026-8224 MEDIUM - 5.3

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to l...

Vendor: open5gs
Product: open5gs
Published: May 10, 2026
Source: NVD
CVE-2026-8223 MEDIUM - 5.3

A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made pub...

Vendor: open5gs
Product: open5gs
Published: May 10, 2026
Source: NVD
CVE-2026-8222 MEDIUM - 5.3

A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such manipulation leads to denial of service. The attack may be performed from remote. The exploit has been di...

Vendor: open5gs
Product: open5gs
Published: May 10, 2026
Source: NVD
CVE-2026-8221 LOW - 2.4

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted e...

Published: May 10, 2026
Source: NVD
CVE-2026-8220 LOW - 2.4

A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early ...

Published: May 10, 2026
Source: NVD
CVE-2026-8219 LOW - 2.4

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed publicly a...

Published: May 10, 2026
Source: NVD
CVE-2026-8218 LOW - 2.4

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchase_return_save. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the pu...

Published: May 10, 2026
Source: NVD
CVE-2026-8217 MEDIUM - 6.3

A security flaw has been discovered in Industrial Application Software IAS Canias ERP 8.03. Impacted is the function Runtime.getRuntime.exec of the component RMI Interface. Performing a manipulation of the argument troiaCode results in os command injection. The attack may be initiated remotely. The ...

Published: May 10, 2026
Source: NVD
CVE-2026-8216 HIGH - 7.3

A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function iasServerRemoteInterface.doAction of the component Java RMI Session Management. Such manipulation leads to improper authentication. The attack can be launched remotely. The vendor w...

Published: May 10, 2026
Source: NVD
CVE-2026-8215 MEDIUM - 5.3

A vulnerability was determined in Industrial Application Software IAS Canias ERP 8.03. This vulnerability affects the function iasRequestFileEvent of the component RMI Interface. This manipulation of the argument m_strSourceFileName causes path traversal. The attack can be initiated remotely. The ex...

Published: May 10, 2026
Source: NVD
CVE-2026-8214 MEDIUM - 5.3

A vulnerability was found in Industrial Application Software IAS Canias ERP 8.03. This affects the function doAction of the component RMI Interface. The manipulation of the argument sessionId results in improper authentication. It is possible to launch the attack remotely. The exploit has been made ...

Published: May 10, 2026
Source: NVD
CVE-2026-8213 MEDIUM - 5.3

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has ...

Published: May 09, 2026
Source: NVD
CVE-2026-8212 MEDIUM - 5.3

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used....

Published: May 09, 2026
Source: NVD
CVE-2026-8211 MEDIUM - 4.7

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may be...

Published: May 09, 2026
Source: NVD
CVE-2026-45184 MEDIUM - 6.5

Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.

Vendor: KDE
Product: Kdenlive
Published: May 09, 2026
Source: NVD

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let system_server transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN...

Vendor: GrapheneOS
Product: GrapheneOS
Published: May 09, 2026
Source: NVD