Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,883
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,241 - 16,260 of 38,923 CVEs

mutt before 2.3.2 has a show_sig_summary NULL pointer dereference.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

In mutt before 2.3.2, the imap_auth_gss security level is mishandled.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 does not check for '\0' in url_pct_decode.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest.

Vendor: mutt
Product: mutt
Published: May 04, 2026
Source: NVD

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.

Vendor: WebPros
Product: Comet Backup
Published: May 04, 2026
Source: NVD
CVE-2026-29199 HIGH - 8.1

phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host header which is used to generate the password reset link URL. An attacker who can manipulate the Host...

Vendor: phpBB
Product: phpBB
Published: May 04, 2026
Source: NVD
CVE-2026-20451 MEDIUM - 6.7

In slbc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10828685; Issue ID: MSV-6504.

Vendor: MediaTek, Inc.
Product: MediaTek chipset
Published: May 04, 2026
Source: NVD
CVE-2026-20450 MEDIUM - 6.5

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID...

Vendor: MediaTek, Inc.
Product: MediaTek chipset
Published: May 04, 2026
Source: NVD
CVE-2026-20449 MEDIUM - 6.5

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...

Vendor: MediaTek, Inc.
Product: MediaTek chipset
Published: May 04, 2026
Source: NVD
CVE-2026-20448 MEDIUM - 6.7

In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.

Vendor: MediaTek, Inc.
Product: MediaTek chipset
Published: May 04, 2026
Source: NVD
CVE-2026-20447 MEDIUM - 6.7

In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10724073; Issue ID: MSV-6296.

Vendor: MediaTek, Inc.
Product: MediaTek chipset
Published: May 04, 2026
Source: NVD
CVE-2026-7735 HIGH - 7.3

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading to...

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-7734 MEDIUM - 5.3

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from re...

Vendor: osrg
Product: gobgp
Published: May 04, 2026
Source: NVD
CVE-2026-7733 HIGH - 7.3

A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. The attack is possible to be ...

Published: May 04, 2026
Source: NVD
CVE-2026-7732 MEDIUM - 6.3

A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used.

Published: May 04, 2026
Source: NVD
CVE-2026-7731 MEDIUM - 6.3

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_STATE_ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been di...

Published: May 04, 2026
Source: NVD
CVE-2026-7730 MEDIUM - 6.3

A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit h...

Published: May 04, 2026
Source: NVD
CVE-2026-7729 MEDIUM - 6.3

A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The ex...

Published: May 04, 2026
Source: NVD