Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,778
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,981 - 15,000 of 38,432 CVEs
CVE-2026-7903 HIGH - 8.8

Integer overflow in ANGLE in Google Chrome on Mac,Windows prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7902 HIGH - 8.8

Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7901 HIGH - 8.8

Use after free in ANGLE in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7900 HIGH - 8.3

Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7899 HIGH - 8.8

Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7898 HIGH - 8.8

Use after free in Chromoting in Google Chrome on Linux prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7897 HIGH - 7.5

Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-7896 HIGH - 8.8

Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 06, 2026
Source: NVD
CVE-2026-41938 HIGH - 8.8

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can upload a...

Vendor: givanz
Product: Vvveb
Published: May 06, 2026
Source: NVD
CVE-2026-41936 HIGH - 8.1

Vvveb before version 1.0.8.2 contains an XML external entity (XXE) injection vulnerability in the admin Tools/Import feature that allows authenticated site_admin users to read arbitrary files and modify database records. Attackers can exploit the XML parser configuration in system/import/xml.php to ...

Vendor: givanz
Product: Vvveb
Published: May 06, 2026
Source: NVD
CVE-2026-41934 HIGH - 8.8

Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code by exploiting insufficient file extension restrictions. Attackers with editor, author, contributor, or site_admi...

Vendor: givanz
Product: Vvveb
Published: May 06, 2026
Source: NVD
CVE-2026-41931 MEDIUM - 5.3

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal error ...

Vendor: givanz
Product: Vvveb
Published: May 06, 2026
Source: NVD
CVE-2026-41930 CRITICAL - 9.8

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to gain...

Vendor: givanz
Product: Vvveb
Published: May 06, 2026
Source: NVD
CVE-2026-34474 HIGH - 7.5

Sensitive data exposure leading to admin/WLAN credential leak in ZTE ZXHN H298A 1.1 and H108N 2.6. A crafted request to the router web interface can expose sensitive device and account information. In affected builds, the response may include the administrator password and WLAN PSK, enabling authent...

Published: May 06, 2026
Source: NVD
CVE-2026-34473 HIGH - 7.5

Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered against the router's web interface by sending an oversized application/x-www-form-urlencoded POST...

Published: May 06, 2026
Source: NVD
CVE-2026-0300 CRITICAL - 9.8

A buffer overflow vulnerability in the User-IDโ„ข Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. ...

Vendor: paloaltonetworks
Product: pan-os
Published: May 06, 2026
Source: NVD

HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow unintended modifications to critical system components, potentially increasing the risk of system compromise or unauthorized changes.

Vendor: HCL Software
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD
CVE-2025-31960 MEDIUM - 5.3

HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumer_company parameter during a report-viewing request causes the application to trigger an ...

Vendor: HCL
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD
CVE-2024-30151 HIGH - 8.3

HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or unauthorized system modi...

Vendor: HCL
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD
CVE-2026-44305 MEDIUM - 6.8

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled (LDAP_USE_TLS = True), Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and...

Vendor: pip
Product: lemur
Published: May 06, 2026
Source: GitHub