Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,755
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 15,021 - 15,040 of 38,432 CVEs
CVE-2026-20169 MEDIUM - 6.4

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...

Vendor: Cisco
Product: Cisco IoT Field Network Director (IoT-FND)
Published: May 06, 2026
Source: NVD
CVE-2026-20168 MEDIUM - 6.5

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...

Vendor: Cisco
Product: Cisco IoT Field Network Director (IoT-FND)
Published: May 06, 2026
Source: NVD
CVE-2026-20167 HIGH - 7.7

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this v...

Vendor: Cisco
Product: Cisco IoT Field Network Director (IoT-FND)
Published: May 06, 2026
Source: NVD
CVE-2026-20035 HIGH - 7.2

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by ...

Vendor: Cisco
Product: Cisco Unity Connection
Published: May 06, 2026
Source: NVD
CVE-2026-20034 HIGH - 8.8

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...

Vendor: Cisco
Product: Cisco Unity Connection
Published: May 06, 2026
Source: NVD
CVE-2026-42283 HIGH - 7.7

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at th...

Vendor: go
Product: github.com/loft-sh/devspace
Published: May 06, 2026
Source: GitHub
CVE-2026-42280 HIGH - 7.1

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0.

Vendor: npm
Product: auth0-js
Published: May 06, 2026
Source: GitHub
CVE-2026-42184 MEDIUM - 8.8

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to ht...

Vendor: rust
Product: tauri
Published: May 06, 2026
Source: GitHub

Rejected reason: This CVE is a duplicate of another CVE: CVE-2026-33079.

Vendor: pip
Product: mistune
Published: May 06, 2026
Source: GitHub
CVE-2026-6863 MEDIUM - 6.8

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files ...

Published: May 06, 2026
Source: NVD
CVE-2026-6788 HIGH - 7.8

Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.

Vendor: watchguard
Product: agent
Published: May 06, 2026
Source: NVD
CVE-2026-6787 HIGH - 7.8

Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.

Vendor: watchguard
Product: agent
Published: May 06, 2026
Source: NVD
CVE-2026-6691 HIGH - 7.8

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAP...

Published: May 06, 2026
Source: NVD
CVE-2026-41288 HIGH - 7.8

Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM.

Vendor: WatchGuard
Product: WatchGuard Agent
Published: May 06, 2026
Source: NVD
CVE-2026-41286 MEDIUM - 6.5

Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.

Vendor: WatchGuard Technologies
Product: WatchGuard Agent
Published: May 06, 2026
Source: NVD
CVE-2026-8028 LOW - 3.7

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possibl...

Vendor: flowiseai
Product: flowise
Published: May 06, 2026
Source: NVD
CVE-2026-8027 MEDIUM - 4.3

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated re...

Vendor: flowiseai
Product: flowise
Published: May 06, 2026
Source: NVD
CVE-2026-41287 MEDIUM - 6.5

Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.

Vendor: WatchGuard
Product: WatchGuard Agent
Published: May 06, 2026
Source: NVD
CVE-2025-52613 MEDIUM - 4.6

HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access.

Vendor: HCL
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD

HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.

Vendor: HCL
Product: BigFix Service Management (SM)
Published: May 06, 2026
Source: NVD