Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,602
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,521 - 14,540 of 37,942 CVEs
CVE-2026-29080 CRITICAL - 9.9

A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids/<scope>/dids/search`). On Oracle deployments attacker-controlled filter keys and values are ...

Vendor: rucio
Product: rucio
Published: May 06, 2026
Source: NVD
CVE-2026-23870 HIGH - 7.5

A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, react-server-dom-parcel, react...

Vendor: Meta
Product: react-server-dom-turbopack, react-server-dom-parcel, react-server-dom-webpack
Published: May 06, 2026
Source: NVD

Uncontrolled Search Path Element vulnerability in JohnsonControls AC2000 on Windows allows Leveraging/Manipulating Configuration File Search Paths. This issue affects AC2000: from 10.6 before release 10, from 11.0 before release 9, from 12 before release 3.

Vendor: JohnsonControls
Product: AC2000
Published: May 06, 2026
Source: NVD
CVE-2026-20219 MEDIUM - 5.4

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed ...

Vendor: Cisco
Product: Cisco Webex Meetings, Cisco Slido
Published: May 06, 2026
Source: NVD
CVE-2026-20195 MEDIUM - 5.3

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could exp...

Vendor: Cisco
Product: Cisco Identity Services Engine Software
Published: May 06, 2026
Source: NVD
CVE-2026-20193 MEDIUM - 4.3

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an&nbsp;authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access contro...

Vendor: Cisco
Product: Cisco Identity Services Engine Software
Published: May 06, 2026
Source: NVD
CVE-2026-20189 MEDIUM - 4.3

A vulnerability in the log file download functionality of Cisco Prime Infrastructure could allow an&nbsp;authenticated, remote attacker to download arbitrary log files from the server. This vulnerability is due to insufficient authorization checks on the download service API. An attacker coul...

Vendor: Cisco
Product: Cisco Prime Infrastructure
Published: May 06, 2026
Source: NVD
CVE-2026-20188 HIGH - 7.5

A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an inadeq...

Vendor: Cisco
Product: Cisco Crosswork Network Change Automation, Cisco Network Services Orchestrator
Published: May 06, 2026
Source: NVD
CVE-2026-20185 HIGH - 7.7

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of&nbsp;Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X)&nbsp;firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a...

Vendor: Cisco
Product: Cisco Small Business Smart and Managed Switches
Published: May 06, 2026
Source: NVD
CVE-2026-20172 MEDIUM - 4.3

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This vulne...

Vendor: Cisco
Product: Cisco Enterprise Chat and Email
Published: May 06, 2026
Source: NVD
CVE-2026-20169 MEDIUM - 6.4

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...

Vendor: Cisco
Product: Cisco IoT Field Network Director (IoT-FND)
Published: May 06, 2026
Source: NVD
CVE-2026-20168 MEDIUM - 6.5

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...

Vendor: Cisco
Product: Cisco IoT Field Network Director (IoT-FND)
Published: May 06, 2026
Source: NVD
CVE-2026-20167 HIGH - 7.7

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this v...

Vendor: Cisco
Product: Cisco IoT Field Network Director (IoT-FND)
Published: May 06, 2026
Source: NVD
CVE-2026-20035 HIGH - 7.2

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by ...

Vendor: Cisco
Product: Cisco Unity Connection
Published: May 06, 2026
Source: NVD
CVE-2026-20034 HIGH - 8.8

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...

Vendor: Cisco
Product: Cisco Unity Connection
Published: May 06, 2026
Source: NVD
CVE-2026-42283 HIGH - 7.7

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at th...

Vendor: go
Product: github.com/loft-sh/devspace
Published: May 06, 2026
Source: GitHub
CVE-2026-42280 HIGH - 7.1

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0.

Vendor: npm
Product: auth0-js
Published: May 06, 2026
Source: GitHub
CVE-2026-42184 MEDIUM - 8.8

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to ht...

Vendor: rust
Product: tauri
Published: May 06, 2026
Source: GitHub

Rejected reason: This CVE is a duplicate of another CVE: CVE-2026-33079.

Vendor: pip
Product: mistune
Published: May 06, 2026
Source: GitHub
CVE-2026-6863 MEDIUM - 6.8

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files ...

Published: May 06, 2026
Source: NVD