Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,922
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,521 - 14,540 of 38,923 CVEs
CVE-2026-45181 MEDIUM - 6.5

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation (via argument injection), which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file.

Vendor: Hex-Rays
Product: IDA
Published: May 09, 2026
Source: NVD
CVE-2026-8210 MEDIUM - 5.3

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this attack...

Published: May 09, 2026
Source: NVD
CVE-2026-8196 LOW - 3.7

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack is...

Published: May 09, 2026
Source: NVD
CVE-2026-8195 MEDIUM - 4.3

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site script...

Published: May 09, 2026
Source: NVD
CVE-2026-8194 MEDIUM - 4.3

A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument _method leads to cross-site request forgery. Remote exploitation of the attack is possible. The ...

Published: May 09, 2026
Source: NVD
CVE-2026-42562 HIGH - 8.3

Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}. The endpoint directly persists the admin attribute from user input, and the escalated accoun...

Vendor: alextselegidis
Product: plainpad
Published: May 09, 2026
Source: NVD
CVE-2026-8193 MEDIUM - 6.3

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made availa...

Published: May 09, 2026
Source: NVD
CVE-2026-8192 MEDIUM - 6.3

A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the EncrypType/wl_Pass results in os com...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 09, 2026
Source: NVD
CVE-2026-8191 MEDIUM - 6.3

A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might b...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 09, 2026
Source: NVD
CVE-2026-8190 MEDIUM - 6.3

A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway is directly passed by the attacker/so we can control the ppp_username/ppp...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 09, 2026
Source: NVD
CVE-2026-8189 MEDIUM - 6.3

A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Automode/sel_EncrypTyp results in os command injection. It is possible to launch the attack remotely. T...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 09, 2026
Source: NVD
CVE-2026-8188 MEDIUM - 6.3

A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has b...

Vendor: wavlink
Product: wl-nu516u1_firmware
Published: May 09, 2026
Source: NVD
CVE-2026-8198 MEDIUM - 5.3

The Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity plugin for WordPress is vulnerable to Authentication Bypass to Information Disclosure in versions up to, and including, 3.3.6. This is due to a logic flaw in the verifyAuthorization method where requests without an Auth...

Published: May 09, 2026
Source: NVD
CVE-2026-8186 MEDIUM - 5.3

A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named d5bc4...

Vendor: open5gs
Product: open5gs
Published: May 09, 2026
Source: NVD
CVE-2026-8187 MEDIUM - 5.3

A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an i...

Vendor: open5gs
Product: open5gs
Published: May 09, 2026
Source: NVD
CVE-2026-8185 MEDIUM - 6.3

A security vulnerability has been detected in UGREEN CM933 1.1.59.4319. The impacted element is an unknown function of the component Administrative Interface. Such manipulation leads to missing authentication. The attack requires being on the local network. You should upgrade the affected component....

Published: May 09, 2026
Source: NVD
CVE-2026-3828 HIGH - 7.2

Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadin...

Published: May 09, 2026
Source: NVD
CVE-2026-32683 MEDIUM - 5.3

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encrypti...

Vendor: EZVIZ
Product: EZVIZ APP
Published: May 09, 2026
Source: NVD
CVE-2026-1749 MEDIUM - 6.8

There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.

Published: May 09, 2026
Source: NVD
CVE-2025-15634 MEDIUM - 4.3

A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page.

Vendor: HCLSoftware
Product: BigFix WebUI
Published: May 09, 2026
Source: NVD