Total CVEs

142,250

Critical Severity

3,947

High Severity

14,209

Last 7 Days

1,911
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,001 - 16,020 of 38,655 CVEs
CVE-2026-7719 CRITICAL - 9.8

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotel...

Published: May 04, 2026
Source: NVD
CVE-2026-7718 MEDIUM - 6.3

A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The expl...

Published: May 04, 2026
Source: NVD
CVE-2026-7717 HIGH - 8.8

A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remo...

Published: May 04, 2026
Source: NVD
CVE-2026-7716 MEDIUM - 6.3

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit has been made public a...

Published: May 04, 2026
Source: NVD
CVE-2026-7715 MEDIUM - 6.3

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The exploit...

Published: May 04, 2026
Source: NVD
CVE-2026-7714 MEDIUM - 6.5

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The explo...

Published: May 04, 2026
Source: NVD
CVE-2026-7372 CRITICAL - 9.0

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via uncons...

Vendor: geovision
Product: gv-vms_firmware
Published: May 04, 2026
Source: NVD
CVE-2026-7371 HIGH - 7.4

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

Vendor: geovision
Product: gv-lpc2011_firmware
Published: May 04, 2026
Source: NVD
CVE-2026-7161 CRITICAL - 9.3

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with various...

Vendor: geovision
Product: gv-ip_device_utility
Published: May 04, 2026
Source: NVD
CVE-2026-42370 CRITICAL - 9.0

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-VMS V20.0.2
Published: May 04, 2026
Source: NVD
CVE-2026-42369 CRITICAL - 10.0

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to ...

Vendor: GeoVision Inc.
Product: GV-VMS V20.0.2
Published: May 04, 2026
Source: NVD
CVE-2026-42368 CRITICAL - 9.9

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42367 MEDIUM - 6.5

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42366 HIGH - 7.4

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42365 HIGH - 8.6

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42364 CRITICAL - 9.9

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-7713 MEDIUM - 6.3

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

Published: May 04, 2026
Source: NVD
CVE-2026-7712 MEDIUM - 6.3

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor ...

Published: May 04, 2026
Source: NVD
CVE-2026-7711 HIGH - 7.3

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...

Published: May 04, 2026
Source: NVD
CVE-2026-7710 HIGH - 7.3

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation...

Published: May 04, 2026
Source: NVD