Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,911
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 15,961 - 15,980 of 38,655 CVEs
CVE-2026-7745 MEDIUM - 6.3

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and...

Published: May 04, 2026
Source: NVD
CVE-2025-14320 CRITICAL - 9.8

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected XSS. This issue affects Online Support Application: from V3 through 31122025.

Vendor: Tegsoft Management and Information Services Trade Limited Company
Product: Online Support Application
Published: May 04, 2026
Source: NVD
CVE-2026-7744 MEDIUM - 6.3

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

Published: May 04, 2026
Source: NVD
CVE-2026-7743 MEDIUM - 6.3

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclos...

Published: May 04, 2026
Source: NVD
CVE-2026-7742 MEDIUM - 6.3

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

Published: May 04, 2026
Source: NVD
CVE-2026-7741 MEDIUM - 6.3

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published: May 04, 2026
Source: NVD
CVE-2026-7740 LOW - 3.3

A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id leads to denial of service. An attack has to be approached locally. The exploit has been disclosed p...

Published: May 04, 2026
Source: NVD
CVE-2026-7739 LOW - 3.3

A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation of the argument track_id causes denial of service. The attack requires local access. The exploit has ...

Published: May 04, 2026
Source: NVD
CVE-2026-7738 MEDIUM - 6.3

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The e...

Published: May 04, 2026
Source: NVD
CVE-2026-7737 MEDIUM - 5.3

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remo...

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-7736 HIGH - 7.3

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this is...

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-5335 MEDIUM - 5.3

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.

Published: May 04, 2026
Source: NVD

mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

In mutt before 2.3.2, the imap_auth_gss security level is mishandled.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 does not check for '\0' in url_pct_decode.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

Vendor: WebPros
Product: Comet Backup
Published: May 04, 2026
Source: NVD
CVE-2026-29199 HIGH - 8.1

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Host...

Vendor: phpBB
Product: phpBB
Published: May 04, 2026
Source: NVD