Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,840
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 17,201 - 17,220 of 38,837 CVEs
CVE-2026-7179 MEDIUM - 5.3

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read_null_terminated_string of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.file_name leads to path travers...

Published: Apr 27, 2026
Source: NVD
CVE-2026-40971 MEDIUM - 5.0

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0โ€“4.0.5 (fix 4.0.6), 3.5.0โ€“3.5.13 (fix 3.5.14) per vendor advisory.

Vendor: Spring
Product: Spring Boot
Published: Apr 27, 2026
Source: NVD
CVE-2026-28747 HIGH - 7.1

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed.

Published: Apr 27, 2026
Source: NVD
CVE-2026-7178 HIGH - 7.3

A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulation of the argument ID causes server-side request forgery. It is possible to initiate the attack remote...

Vendor: nextchat
Product: nextchat
Published: Apr 27, 2026
Source: NVD
CVE-2026-7177 HIGH - 7.3

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been r...

Vendor: nextchat
Product: nextchat
Published: Apr 27, 2026
Source: NVD
CVE-2026-7160 HIGH - 8.8

A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and...

Vendor: tenda
Product: hg3_firmware
Published: Apr 27, 2026
Source: NVD
CVE-2026-7159 HIGH - 7.3

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read_document/list_documents of the file server.py. Performing a manipulation of the argument docs_dir/file_path results in path traversal. The attack is possible to be carried out remotely. The exploit has ...

Published: Apr 27, 2026
Source: NVD
CVE-2026-7191 HIGH - 7.2

Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content D...

Published: Apr 27, 2026
Source: NVD
CVE-2026-7158 HIGH - 7.3

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The atta...

Published: Apr 27, 2026
Source: NVD
CVE-2026-7157 HIGH - 7.3

A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py of the component aider_ai_code. This manipulation of the argument relative_editable_files causes comm...

Published: Apr 27, 2026
Source: NVD
CVE-2026-7156 CRITICAL - 9.8

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument HTTP results in os command injection. The attack may be launched remotely. The exploit is now publ...

Published: Apr 27, 2026
Source: NVD
CVE-2026-7155 CRITICAL - 9.8

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setLoginPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument admpass leads to os command injection. The attack may be initiated remotel...

Published: Apr 27, 2026
Source: NVD
CVE-2026-7154 CRITICAL - 9.8

A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setAdvancedInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument tty_server can lead to os command injection. The attack can be launched remote...

Published: Apr 27, 2026
Source: NVD

An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3.

Published: Apr 27, 2026
Source: NVD

If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability.

Published: Apr 27, 2026
Source: NVD
CVE-2026-29971 MEDIUM - 6.1

A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftp...

Published: Apr 27, 2026
Source: NVD
CVE-2024-46636 CRITICAL - 9.4

NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter

Published: Apr 27, 2026
Source: NVD
CVE-2026-7153 CRITICAL - 9.8

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sys_info results in os command injection. The attack can be...

Published: Apr 27, 2026
Source: NVD
CVE-2026-7152 CRITICAL - 9.8

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet_enabled leads to os command injection. It is possible to launch the attack...

Published: Apr 27, 2026
Source: NVD
CVE-2026-7151 HIGH - 8.8

A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and m...

Vendor: tenda
Product: hg3_firmware
Published: Apr 27, 2026
Source: NVD