Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 15,761 - 15,780 of 38,432 CVEs
CVE-2026-20448 MEDIUM - 6.7

In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.

Vendor: MediaTek, Inc.
Product: MediaTek chipset
Published: May 04, 2026
Source: NVD
CVE-2026-20447 MEDIUM - 6.7

In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296.

Vendor: MediaTek, Inc.
Product: MediaTek chipset
Published: May 04, 2026
Source: NVD
CVE-2026-7735 HIGH - 7.3

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to...

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-7734 MEDIUM - 5.3

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from re...

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-7733 HIGH - 7.3

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be ...

Published: May 04, 2026
Source: NVD
CVE-2026-7732 MEDIUM - 6.3

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used.

Published: May 04, 2026
Source: NVD
CVE-2026-7731 MEDIUM - 6.3

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_STATE_ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been di...

Published: May 04, 2026
Source: NVD
CVE-2026-7730 MEDIUM - 6.3

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit h...

Published: May 04, 2026
Source: NVD
CVE-2026-7729 MEDIUM - 6.3

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The ex...

Published: May 04, 2026
Source: NVD
CVE-2026-7728 MEDIUM - 6.3

A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argument docFile leads to path traversal. The attack can be launched remotely. The exploit is publicly av...

Published: May 04, 2026
Source: NVD
CVE-2026-7727 HIGH - 7.3

A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/DataService. This manipulation of the argument SortOrder causes sql injection. The attack can be init...

Published: May 04, 2026
Source: NVD
CVE-2026-7725 MEDIUM - 6.3

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commit_sha/directories results in argument injection. It is p...

Published: May 04, 2026
Source: NVD
CVE-2026-7724 MEDIUM - 5.0

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validate_restricted_url of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is cons...

Published: May 04, 2026
Source: NVD
CVE-2026-7723 HIGH - 7.3

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be use...

Published: May 04, 2026
Source: NVD
CVE-2026-7722 MEDIUM - 5.3

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public and...

Published: May 04, 2026
Source: NVD
CVE-2026-7721 MEDIUM - 6.3

A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed pu...

Published: May 04, 2026
Source: NVD
CVE-2026-7720 MEDIUM - 6.3

A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack is...

Published: May 04, 2026
Source: NVD
CVE-2026-7719 CRITICAL - 9.8

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotel...

Published: May 04, 2026
Source: NVD
CVE-2026-7718 MEDIUM - 6.3

A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The expl...

Published: May 04, 2026
Source: NVD
CVE-2026-7717 HIGH - 8.8

A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remo...

Published: May 04, 2026
Source: NVD