Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,910
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 15,241 - 15,260 of 38,655 CVEs
CVE-2026-20188 HIGH - 7.5

A vulnerability in the connection-handling mechanism of Cisco Crosswork Network Controller (CNC) and Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to an inadeq...

Vendor: Cisco
Product: Cisco Crosswork Network Change Automation, Cisco Network Services Orchestrator
Published: May 06, 2026
Source: NVD
CVE-2026-20185 HIGH - 7.7

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a...

Vendor: Cisco
Product: Cisco Small Business Smart and Managed Switches
Published: May 06, 2026
Source: NVD
CVE-2026-20172 MEDIUM - 4.3

A vulnerability in the Lite Agent feature of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct browser-based attacks. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Agent. This vulne...

Vendor: Cisco
Product: Cisco Enterprise Chat and Email
Published: May 06, 2026
Source: NVD
CVE-2026-20169 MEDIUM - 6.4

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...

Vendor: Cisco
Product: Cisco IoT Field Network Director (IoT-FND)
Published: May 06, 2026
Source: NVD
CVE-2026-20168 MEDIUM - 6.5

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to retrieve files that they do not have permission to access. This vulnerability is due to insufficient file access checks. An attacker could...

Vendor: Cisco
Product: Cisco IoT Field Network Director (IoT-FND)
Published: May 06, 2026
Source: NVD
CVE-2026-20167 HIGH - 7.7

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to cause a DoS condition on a remotely managed router. This vulnerability is due to improper error handling. An attacker could exploit this v...

Vendor: Cisco
Product: Cisco IoT Field Network Director (IoT-FND)
Published: May 06, 2026
Source: NVD
CVE-2026-20035 HIGH - 7.2

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by ...

Vendor: Cisco
Product: Cisco Unity Connection
Published: May 06, 2026
Source: NVD
CVE-2026-20034 HIGH - 8.8

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...

Vendor: Cisco
Product: Cisco Unity Connection
Published: May 06, 2026
Source: NVD
CVE-2026-42283 HIGH - 7.7

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at th...

Vendor: go
Product: github.com/loft-sh/devspace
Published: May 06, 2026
Source: GitHub
CVE-2026-42280 HIGH - 7.1

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0.

Vendor: npm
Product: auth0-js
Published: May 06, 2026
Source: GitHub
CVE-2026-42184 MEDIUM - 8.8

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to ht...

Vendor: rust
Product: tauri
Published: May 06, 2026
Source: GitHub

Rejected reason: This CVE is a duplicate of another CVE: CVE-2026-33079.

Vendor: pip
Product: mistune
Published: May 06, 2026
Source: GitHub
CVE-2026-6863 MEDIUM - 6.8

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, holding only READ_RESULTS permission ) can issue a single authenticated HTTP GET that can read any files ...

Published: May 06, 2026
Source: NVD
CVE-2026-6788 HIGH - 7.8

Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.

Vendor: watchguard
Product: agent
Published: May 06, 2026
Source: NVD
CVE-2026-6787 HIGH - 7.8

Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.

Vendor: watchguard
Product: agent
Published: May 06, 2026
Source: NVD
CVE-2026-6691 HIGH - 7.8

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAP...

Published: May 06, 2026
Source: NVD
CVE-2026-41288 HIGH - 7.8

Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM.

Vendor: WatchGuard
Product: WatchGuard Agent
Published: May 06, 2026
Source: NVD
CVE-2026-41286 MEDIUM - 6.5

Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.

Vendor: WatchGuard Technologies
Product: WatchGuard Agent
Published: May 06, 2026
Source: NVD
CVE-2026-8028 LOW - 3.7

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possibl...

Vendor: flowiseai
Product: flowise
Published: May 06, 2026
Source: NVD
CVE-2026-8027 MEDIUM - 4.3

A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated re...

Vendor: flowiseai
Product: flowise
Published: May 06, 2026
Source: NVD