Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 15,741 - 15,760 of 38,432 CVEs
CVE-2026-7743 MEDIUM - 6.3

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclos...

Published: May 04, 2026
Source: NVD
CVE-2026-7742 MEDIUM - 6.3

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

Published: May 04, 2026
Source: NVD
CVE-2026-7741 MEDIUM - 6.3

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published: May 04, 2026
Source: NVD
CVE-2026-7740 LOW - 3.3

A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id leads to denial of service. An attack has to be approached locally. The exploit has been disclosed p...

Published: May 04, 2026
Source: NVD
CVE-2026-7739 LOW - 3.3

A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation of the argument track_id causes denial of service. The attack requires local access. The exploit has ...

Published: May 04, 2026
Source: NVD
CVE-2026-7738 MEDIUM - 6.3

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The e...

Published: May 04, 2026
Source: NVD
CVE-2026-7737 MEDIUM - 5.3

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remo...

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-7736 HIGH - 7.3

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this is...

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-5335 MEDIUM - 5.3

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.

Published: May 04, 2026
Source: NVD

mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

In mutt before 2.3.2, the imap_auth_gss security level is mishandled.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 does not check for '\0' in url_pct_decode.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

Vendor: WebPros
Product: Comet Backup
Published: May 04, 2026
Source: NVD
CVE-2026-29199 HIGH - 8.1

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Host...

Vendor: phpBB
Product: phpBB
Published: May 04, 2026
Source: NVD
CVE-2026-20451 MEDIUM - 6.7

In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.

Vendor: MediaTek, Inc.
Product: MediaTek chipset
Published: May 04, 2026
Source: NVD
CVE-2026-20450 MEDIUM - 6.5

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...

Vendor: MediaTek, Inc.
Product: MediaTek chipset
Published: May 04, 2026
Source: NVD
CVE-2026-20449 MEDIUM - 6.5

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...

Vendor: MediaTek, Inc.
Product: MediaTek chipset
Published: May 04, 2026
Source: NVD