Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 15,721 - 15,740 of 38,432 CVEs

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: May 04, 2026
Source: NVD
CVE-2026-34032 MEDIUM - 5.3

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-33857 MEDIUM - 5.3

Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-31205 MEDIUM - 5.7

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function

Published: May 04, 2026
Source: NVD
CVE-2025-70069 HIGH - 7.5

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method

Published: May 04, 2026
Source: NVD
CVE-2025-70067 CRITICAL - 9.8

Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation

Published: May 04, 2026
Source: NVD
CVE-2025-58074 HIGH - 8.8

A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.

Vendor: Gen Digital
Product: Norton Secure VPN
Published: May 04, 2026
Source: NVD
CVE-2026-7482 CRITICAL - 9.1

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantiz...

Vendor: ollama
Product: ollama
Published: May 04, 2026
Source: NVD
CVE-2026-34059 HIGH - 7.5

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-24072 HIGH - 8.8

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-3120 HIGH - 7.2

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3.

Published: May 04, 2026
Source: NVD
CVE-2026-7750 HIGH - 8.8

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remot...

Published: May 04, 2026
Source: NVD
CVE-2026-7749 HIGH - 8.8

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The ex...

Published: May 04, 2026
Source: NVD
CVE-2026-7748 HIGH - 8.8

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched rem...

Published: May 04, 2026
Source: NVD
CVE-2026-33846 HIGH - 7.5

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consi...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images, Red Hat OpenShift Container Platform 4
Published: May 04, 2026
Source: NVD
CVE-2026-7747 CRITICAL - 9.8

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initi...

Published: May 04, 2026
Source: NVD
CVE-2026-7746 MEDIUM - 6.3

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is pub...

Published: May 04, 2026
Source: NVD
CVE-2026-7745 MEDIUM - 6.3

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and...

Published: May 04, 2026
Source: NVD
CVE-2025-14320 CRITICAL - 9.8

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected XSS. This issue affects Online Support Application: from V3 through 31122025.

Vendor: Tegsoft Management and Information Services Trade Limited Company
Product: Online Support Application
Published: May 04, 2026
Source: NVD
CVE-2026-7744 MEDIUM - 6.3

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

Published: May 04, 2026
Source: NVD