Total CVEs

143,745

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,562
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,581 - 1,600 of 40,150 CVEs
CVE-2026-14629 MEDIUM - 4.3

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may ...

Product: RT-Thread
Published: Jul 04, 2026
Source: NVD
CVE-2026-14535 HIGH - 8.8

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in ...

Vendor: trailofbits
Product: fickling
Published: Jul 04, 2026
Source: NVD
CVE-2026-14534 HIGH - 8.8

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because these modules are absent from the denylist, fickling's check_safety() function returns LIKELY_SAFE...

Vendor: trailofbits
Product: fickling
Published: Jul 04, 2026
Source: NVD
CVE-2026-14628 MEDIUM - 5.3

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Performing a manipulation results in path traversal. The attack may be initiated remotely. The exploit is n...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 04, 2026
Source: NVD
CVE-2026-14627 MEDIUM - 5.6

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the component Discord Platform Integration. Such manipulation leads to improper authentication. The attack can b...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 04, 2026
Source: NVD

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants, lead...

Vendor: WSO2
Product: WSO2 Identity Server, WSO2 API Manager
Published: Jul 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as alloclen = fragheaderlen + t...

Vendor: Linux
Product: Linux
Published: Jul 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -...

Vendor: Linux
Product: Linux
Published: Jul 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State Change (PSC) reques...

Vendor: Linux
Product: Linux
Published: Jul 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs;...

Vendor: Linux
Product: Linux
Published: Jul 04, 2026
Source: NVD
CVE-2026-14626 MEDIUM - 4.3

A weakness has been identified in NousResearch hermes-agent up to 2026.4.30. The impacted element is the function AIAgent.run_conversation of the file run_agent.py of the component HTTP API. This manipulation of the argument todos causes denial of service. The attack can be initiated remotely. The e...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 04, 2026
Source: NVD
CVE-2026-14625 MEDIUM - 6.3

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tui_gateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to t...

Vendor: NousResearch
Product: hermes-agent
Published: Jul 04, 2026
Source: NVD

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlying ...

Vendor: hestiacp
Product: hestiacp
Published: Jul 04, 2026
Source: NVD

myVesta is affected by an authenticated remote code execution vulnerability. Low privileged users can insert arbitrary commands as a part of the v_ftp_user parameter when deleting FTP usernames. This could result in the execution of commands as the admin user or takevoer of the admin user in myVesta...

Vendor: myvesta
Product: vesta
Published: Jul 04, 2026
Source: NVD
CVE-2026-14624 MEDIUM - 4.3

A vulnerability was identified in omec-project amf up to 2.0.2/2.1.1. Impacted is an unknown function of the file /go/src/amf/ngap/handler.go of the component NGSetupRequest Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit is publicly ...

Vendor: omec-project
Product: amf
Published: Jul 04, 2026
Source: NVD
CVE-2026-14623 MEDIUM - 4.3

A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclosed ...

Vendor: omec-project
Product: amf
Published: Jul 04, 2026
Source: NVD
CVE-2026-14622 HIGH - 7.3

A vulnerability was found in jairiidriss restaurant-website-php-mysql up to 521428b5b612449df0cf4a5d15ee40cba67f3d35. This vulnerability affects unknown code of the file /admin/ajax_files of the component AJAX Endpoint. Performing a manipulation results in missing authentication. The attack is possi...

Vendor: jairiidriss
Product: restaurant-website-php-mysql
Published: Jul 04, 2026
Source: NVD

A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument roll...

Vendor: FederatedAI
Product: FATE
Published: Jul 04, 2026
Source: NVD
CVE-2026-14619 MEDIUM - 6.3

A flaw has been found in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /medicine.php. This manipulation of the argument editid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may b...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jul 04, 2026
Source: NVD

PHPIPAM is affected by an authenticated local file inclusion vulnerability that allows users with access to the API to execute/include arbitrary PHP files on the web server's file system. The API is not enabled by default on installations.

Vendor: phpipam
Product: phpipam
Published: Jul 04, 2026
Source: NVD