Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,296
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 17,121 - 17,140 of 42,117 CVEs
CVE-2026-40638 MEDIUM - 6.7

Dell PowerScale InsightIQ, versions 5.0.0 through 6.2.0, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.

Vendor: Dell
Product: PowerScale InsightIQ
Published: May 12, 2026
Source: NVD

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fi...

Vendor: Open-Xchange GmbH
Product: OX Dovecot Pro
Published: May 12, 2026
Source: NVD
CVE-2026-40016 MEDIUM - 5.3

Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed versio...

Vendor: Open-Xchange GmbH
Product: OX Dovecot Pro
Published: May 12, 2026
Source: NVD
CVE-2026-35071 HIGH - 8.2

Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execu...

Vendor: Dell
Product: PowerScale InsightIQ
Published: May 12, 2026
Source: NVD
CVE-2026-33603 MEDIUM - 6.8

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and client...

Vendor: Open-Xchange GmbH
Product: OX Dovecot Pro
Published: May 12, 2026
Source: NVD
CVE-2026-27851 HIGH - 7.4

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No pub...

Vendor: Open-Xchange GmbH
Product: OX Dovecot Pro
Published: May 12, 2026
Source: NVD

The affected applications contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-27349, ZDI-CAN-27389)

Vendor: Siemens
Product: Simcenter Femap
Published: May 12, 2026
Source: NVD

CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.

Published: May 12, 2026
Source: NVD
CVE-2026-45218 HIGH - 7.7

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a through <= 11.4.0.

Vendor: WP Travel
Product: WP Travel
Published: May 12, 2026
Source: NVD
CVE-2026-45215 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through <= 4.3.0.

Vendor: Saad Iqbal
Product: WP EasyPay
Published: May 12, 2026
Source: NVD
CVE-2026-45214 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through <= 1.5.1.

Vendor: Xpro
Product: Xpro Elementor Addons
Published: May 12, 2026
Source: NVD
CVE-2026-45213 HIGH - 7.6

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through <= 1.1.7.1.

Vendor: RealMag777
Product: BEAR
Published: May 12, 2026
Source: NVD
CVE-2026-45212 MEDIUM - 5.3

Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through <= 1.4.0.3.

Vendor: Gabe Livan
Product: Asset CleanUp: Page Speed Booster
Published: May 12, 2026
Source: NVD
CVE-2026-45211 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through <= 4.7.1.

Vendor: Saad Iqbal
Product: APIExperts Square for WooCommerce
Published: May 12, 2026
Source: NVD
CVE-2026-45210 MEDIUM - 5.4

Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through <= 1.52.2.

Vendor: Broadstreet
Product: Broadstreet Ads
Published: May 12, 2026
Source: NVD
CVE-2026-42742 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through <= 3.4.6.

Vendor: Aman
Product: Views for WPForms
Published: May 12, 2026
Source: NVD
CVE-2026-42741 HIGH - 8.5

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aman Ninja Forms Views &#8211; Display &amp; Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms View...

Vendor: Aman
Product: Ninja Forms Views &#8211; Display &amp; Edit Ninja Forms Submissions on your site frontend
Published: May 12, 2026
Source: NVD
CVE-2026-41713 HIGH - 8.2

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns.

Vendor: VMware
Product: Spring AI
Published: May 12, 2026
Source: NVD
CVE-2026-41712 HIGH - 7.5

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.

Vendor: VMware
Product: Spring AI
Published: May 12, 2026
Source: NVD

The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information.

Vendor: Hikvision
Product: Hik-Connect APP
Published: May 12, 2026
Source: NVD