Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,755
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,541 - 14,560 of 38,432 CVEs
CVE-2026-8124 LOW - 3.3

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidx_box_read of the file src/isomedia/box_code_base.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The ...

Vendor: gpac
Product: gpac
Published: May 08, 2026
Source: NVD
CVE-2026-8123 MEDIUM - 4.3

A vulnerability was determined in Open5GS up to 2.7.7. This impacts the function ogs_sbi_discovery_option_add_snssais in the library /lib/sbi/message.c of the component NSSF. This manipulation causes denial of service. It is possible to initiate the attack remotely. The exploit has been publicly dis...

Vendor: open5gs
Product: open5gs
Published: May 08, 2026
Source: NVD
CVE-2026-8122 MEDIUM - 4.3

A vulnerability was found in Open5GS up to 2.7.7. This affects the function ogs_sbi_discovery_option_add_service_names in the library /lib/sbi/message.c of the component NSSF. The manipulation results in denial of service. The attack may be performed from remote. The exploit has been made public and...

Vendor: open5gs
Product: open5gs
Published: May 08, 2026
Source: NVD
CVE-2026-8121 MEDIUM - 4.3

A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to denial of service. The attack is possible to be carried out remotely. The exploit has been disclosed to ...

Vendor: open5gs
Product: open5gs
Published: May 08, 2026
Source: NVD
CVE-2026-8120 MEDIUM - 4.3

A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Executing a manipulation can lead to denial of service. The attack can be executed remotely. The exploit ...

Vendor: open5gs
Product: open5gs
Published: May 08, 2026
Source: NVD
CVE-2026-8119 LOW - 3.3

A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation results in denial of service. Attacking locally is a requirement. The exploit is now public and may be use...

Vendor: open5gs
Product: open5gs
Published: May 08, 2026
Source: NVD
CVE-2026-8117 MEDIUM - 4.3

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects some unknown processing of the file /admin/index.php. Such manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The exploit has been disclose...

Published: May 08, 2026
Source: NVD
CVE-2026-8116 MEDIUM - 6.3

A weakness has been identified in huangjunsen0406 xiaozhi-mcphub up to 1.0.3. This vulnerability affects unknown code of the file src/controllers/dxtController.ts. This manipulation of the argument manifest.name causes path traversal. The attack may be initiated remotely. The exploit has been made a...

Published: May 08, 2026
Source: NVD
CVE-2026-8115 MEDIUM - 5.3

A security flaw has been discovered in gyoridavid short-video-maker up to 1.3.4. This affects an unknown part of the file src/server/routers/rest.ts of the component REST API. The manipulation of the argument req.params.tmpFile results in path traversal. The attack can be launched remotely. The expl...

Published: May 07, 2026
Source: NVD
CVE-2026-6411 HIGH - 7.3

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted, ena...

Published: May 07, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: May 07, 2026
Source: NVD

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wr...

Vendor: rust
Product: openssl
Published: May 07, 2026
Source: GitHub
CVE-2026-44661 MEDIUM - 4.7

python-utcp is the python implementation of UTCP. Prior to 1.1.3, the utcp-http plugin is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency between manual discovery and tool invocation. register_manual() validates the discovery URL against an HTTPS / l...

Vendor: pip
Product: utcp-http
Published: May 07, 2026
Source: GitHub
CVE-2026-8114 MEDIUM - 6.3

A vulnerability was identified in JeecgBoot up to 3.9.1. Affected by this issue is some unknown functionality of the file /sys/dict/loadTreeData of the component JSON Object Handler. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit ...

Published: May 07, 2026
Source: NVD
CVE-2026-8113 MEDIUM - 4.3

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to launch ...

Vendor: 8421bit
Product: miniclaw
Published: May 07, 2026
Source: NVD
CVE-2026-8112 MEDIUM - 6.3

A vulnerability was found in 8421bit MiniClaw up to 223c16a1088e138838dcbd18cd65a37c35ac5a84. Affected is the function executeCognitivePulse of the file src/kernel.ts. Performing a manipulation results in os command injection. It is possible to initiate the attack remotely. The exploit has been made...

Published: May 07, 2026
Source: NVD
CVE-2026-8106 MEDIUM - 6.1

A reflected HTML injection vulnerability was identified in the GitHub Enterprise Server Management Console login page that could allow credential theft. The redirect_to query parameter on the /setup/unlock endpoint was reflected into an HTML attribute without proper sanitization, enabling an attacke...

Vendor: github
Product: enterprise_server
Published: May 07, 2026
Source: NVD
CVE-2026-8034 CRITICAL - 9.8

A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differen...

Vendor: github
Product: enterprise_server
Published: May 07, 2026
Source: NVD

The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are ...

Published: May 07, 2026
Source: NVD
CVE-2026-7541 HIGH - 7.5

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodies w...

Vendor: github
Product: enterprise_server
Published: May 07, 2026
Source: NVD