Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,893
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,221 - 16,240 of 38,923 CVEs
CVE-2026-24072 HIGH - 8.8

An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Vendor: Apache Software Foundation
Product: Apache HTTP Server
Published: May 04, 2026
Source: NVD
CVE-2026-3120 HIGH - 7.2

Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3.

Published: May 04, 2026
Source: NVD
CVE-2026-7750 HIGH - 8.8

A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remot...

Published: May 04, 2026
Source: NVD
CVE-2026-7749 HIGH - 8.8

A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The ex...

Published: May 04, 2026
Source: NVD
CVE-2026-7748 HIGH - 8.8

A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched rem...

Published: May 04, 2026
Source: NVD
CVE-2026-33846 HIGH - 7.5

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consi...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Hardened Images, Red Hat OpenShift Container Platform 4
Published: May 04, 2026
Source: NVD
CVE-2026-7747 CRITICAL - 9.8

A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initi...

Published: May 04, 2026
Source: NVD
CVE-2026-7746 MEDIUM - 6.3

A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is pub...

Published: May 04, 2026
Source: NVD
CVE-2026-7745 MEDIUM - 6.3

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and...

Published: May 04, 2026
Source: NVD
CVE-2025-14320 CRITICAL - 9.8

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allows Reflected XSS. This issue affects Online Support Application: from V3 through 31122025.

Vendor: Tegsoft Management and Information Services Trade Limited Company
Product: Online Support Application
Published: May 04, 2026
Source: NVD
CVE-2026-7744 MEDIUM - 6.3

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

Published: May 04, 2026
Source: NVD
CVE-2026-7743 MEDIUM - 6.3

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclos...

Published: May 04, 2026
Source: NVD
CVE-2026-7742 MEDIUM - 6.3

A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

Published: May 04, 2026
Source: NVD
CVE-2026-7741 MEDIUM - 6.3

A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published: May 04, 2026
Source: NVD
CVE-2026-7740 LOW - 3.3

A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track_id leads to denial of service. An attack has to be approached locally. The exploit has been disclosed p...

Published: May 04, 2026
Source: NVD
CVE-2026-7739 LOW - 3.3

A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer_prev/tsMuxer/hevc.cpp. This manipulation of the argument track_id causes denial of service. The attack requires local access. The exploit has ...

Published: May 04, 2026
Source: NVD
CVE-2026-7738 MEDIUM - 6.3

A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The e...

Published: May 04, 2026
Source: NVD
CVE-2026-7737 MEDIUM - 5.3

A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remo...

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-7736 HIGH - 7.3

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this is...

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-5335 MEDIUM - 5.3

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information.

Published: May 04, 2026
Source: NVD