Total CVEs

142,518

Critical Severity

3,992

High Severity

14,327

Last 7 Days

1,871
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,281 - 16,300 of 38,923 CVEs
CVE-2026-42367 MEDIUM - 6.5

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42366 HIGH - 7.4

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42365 HIGH - 8.6

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42364 CRITICAL - 9.9

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-7713 MEDIUM - 6.3

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

Published: May 04, 2026
Source: NVD
CVE-2026-7712 MEDIUM - 6.3

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor ...

Published: May 04, 2026
Source: NVD
CVE-2026-7711 HIGH - 7.3

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...

Published: May 04, 2026
Source: NVD
CVE-2026-7710 HIGH - 7.3

A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performing a manipulation of the argument mock-token results in improper authentication. Remote exploitation...

Published: May 04, 2026
Source: NVD
CVE-2026-6948 MEDIUM - 4.9

Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory (OOM) by sending crafted messages through the normal client communication chan...

Published: May 04, 2026
Source: NVD
CVE-2026-7709 MEDIUM - 6.3

A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. The attack may be launched remotely. The ex...

Published: May 03, 2026
Source: NVD
CVE-2026-7708 MEDIUM - 4.3

A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of the argument supi_id causes denial of service. The attack may be initiated remotely. The exploit has...

Published: May 03, 2026
Source: NVD
CVE-2026-7707 MEDIUM - 4.3

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. The attack can be launched remotely. The exploit has been ma...

Published: May 03, 2026
Source: NVD
CVE-2026-7706 MEDIUM - 4.3

A vulnerability has been found in Open5GS up to 2.7.7. This issue affects the function gmm_handle_service_request of the file /src/amf/gmm-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public a...

Published: May 03, 2026
Source: NVD
CVE-2026-7705 MEDIUM - 6.3

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has ...

Published: May 03, 2026
Source: NVD
CVE-2026-7704 MEDIUM - 4.3

A vulnerability has been found in AV Stumpfl Pixera Two Media Server up to 25.1 R2. The affected element is an unknown function of the component Service Port 1338. Such manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Upgrading to version 25.2 R3 is...

Published: May 03, 2026
Source: NVD
CVE-2026-7703 HIGH - 7.3

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is re...

Published: May 03, 2026
Source: NVD
CVE-2026-7702 MEDIUM - 5.3

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack remote...

Published: May 03, 2026
Source: NVD
CVE-2026-7701 MEDIUM - 4.3

A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference. It is poss...

Published: May 03, 2026
Source: NVD
CVE-2026-7700 MEDIUM - 6.3

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llm_operations/lambda_filter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from remot...

Published: May 03, 2026
Source: NVD
CVE-2026-7699 MEDIUM - 6.3

A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The ex...

Published: May 03, 2026
Source: NVD