Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,906
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,141 - 16,160 of 38,923 CVEs
CVE-2026-42091 MEDIUM - 6.5

goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler (httpserver/updown.go) lacks the CSRF token validation that was added to the POST upload handler during the CVE-2026-40883 fix. Combined with the unconditional Access-Control-Allow-Origin: * on the OPTIONS pref...

Vendor: patrickhener
Product: goshs
Published: May 04, 2026
Source: NVD
CVE-2026-42088 CRITICAL - 9.6

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the do...

Vendor: OpenC3
Product: cosmos
Published: May 04, 2026
Source: NVD
CVE-2026-42087 CRITICAL - 9.6

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database (TSDB) component of COSMOS. The tsdb_lookup function in the cvt_mod...

Vendor: OpenC3
Product: cosmos
Published: May 04, 2026
Source: NVD
CVE-2026-42086 MEDIUM - 4.6

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on array-like command parameters, which allows a user-supplied payload to execute in the browser when s...

Vendor: OpenC3
Product: cosmos
Published: May 04, 2026
Source: NVD
CVE-2026-42085 MEDIUM - 4.3

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations i...

Vendor: OpenC3
Product: cosmos
Published: May 04, 2026
Source: NVD
CVE-2026-42084 HIGH - 8.1

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid ses...

Vendor: OpenC3
Product: cosmos
Published: May 04, 2026
Source: NVD
CVE-2026-41471 HIGH - 7.5

Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress ...

Vendor: Scott Paterson
Product: easy-paypal-events-tickets
Published: May 04, 2026
Source: NVD
CVE-2026-37459 HIGH - 7.5

An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

Published: May 04, 2026
Source: NVD
CVE-2026-32834 HIGH - 7.5

Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. At...

Vendor: Scott Paterson
Product: easy-paypal-events-tickets
Published: May 04, 2026
Source: NVD

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: May 04, 2026
Source: NVD
CVE-2026-29004 HIGH - 8.1

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SE...

Vendor: vda-linux
Product: busybox_mirror
Published: May 04, 2026
Source: NVD
CVE-2026-0073 HIGH - 8.8

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for ex...

Vendor: google
Product: android
Published: May 04, 2026
Source: NVD
CVE-2026-40197 MEDIUM - 6.5

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The custom volume backup import subsystem contains...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub
CVE-2026-40195 MEDIUM - 6.5

Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage bucket import logic allows an authenticated user with access to the storage bucket feature to cause the Incus daemon to crash. The vulnerability is present in the backup metadat...

Vendor: go
Product: github.com/lxc/incus/v6/cmd/incusd
Published: May 04, 2026
Source: GitHub
CVE-2026-40076 HIGH - 8.7

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/module` is vulnerable to a Zip Slip path traversal attack. During automatic extraction of uploaded .omod a...

Vendor: maven
Product: org.openmrs.web:openmrs-web
Published: May 04, 2026
Source: GitHub
CVE-2026-39852 HIGH - 8.2

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP pat...

Vendor: maven
Product: io.quarkus:quarkus-vertx-http
Published: May 04, 2026
Source: GitHub
CVE-2026-40075 HIGH - 7.5

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from user-con...

Vendor: maven
Product: org.openmrs.web:openmrs-web
Published: May 04, 2026
Source: GitHub
CVE-2026-42812 CRITICAL - 9.9

In Apache Iceberg, the table's metadata files are control files: they tell readers which data files belong to the table and which table version to read. `write.metadata.path` is an optional table property that tells Polaris where to write those metadata files. For a table already registered...

Vendor: Apache Software Foundation
Product: Apache Polaris
Published: May 04, 2026
Source: NVD
CVE-2026-42811 CRITICAL - 9.9

In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across the configured bucket instead. Apache Polaris builds Google Cloud Storage downscoped credentia...

Vendor: Apache Software Foundation
Product: Apache Polaris
Published: May 04, 2026
Source: NVD
CVE-2026-42810 CRITICAL - 9.9

Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused unescaped in S3 IAM resource patterns and `s3:prefix` conditions. In S3 IAM policy matching, `*` is t...

Vendor: Apache Software Foundation
Product: Apache Polaris
Published: May 04, 2026
Source: NVD