Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,523
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 17,541 - 17,560 of 40,198 CVEs
CVE-2026-7722 MEDIUM - 5.3

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public and...

Published: May 04, 2026
Source: NVD
CVE-2026-7721 MEDIUM - 6.3

A security vulnerability has been detected in Totolink WA300 5.2cu.7112_B20190227. This affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument hostTime leads to command injection. The attack can be executed remotely. The exploit has been disclosed pu...

Published: May 04, 2026
Source: NVD
CVE-2026-7720 MEDIUM - 6.3

A weakness has been identified in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack is...

Published: May 04, 2026
Source: NVD
CVE-2026-7719 CRITICAL - 9.8

A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotel...

Published: May 04, 2026
Source: NVD
CVE-2026-7718 MEDIUM - 6.3

A vulnerability was identified in Totolink WA300 5.2cu.7112_B20190227. Impacted is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument webWlanIdx leads to command injection. The attack may be initiated remotely. The expl...

Published: May 04, 2026
Source: NVD
CVE-2026-7717 HIGH - 8.8

A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remo...

Published: May 04, 2026
Source: NVD
CVE-2026-7716 MEDIUM - 6.3

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit has been made public a...

Published: May 04, 2026
Source: NVD
CVE-2026-7715 MEDIUM - 6.3

A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The exploit...

Published: May 04, 2026
Source: NVD
CVE-2026-7714 MEDIUM - 6.5

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The explo...

Published: May 04, 2026
Source: NVD
CVE-2026-7372 CRITICAL - 9.0

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via uncons...

Vendor: geovision
Product: gv-vms_firmware
Published: May 04, 2026
Source: NVD
CVE-2026-7371 HIGH - 7.4

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

Vendor: geovision
Product: gv-lpc2011_firmware
Published: May 04, 2026
Source: NVD
CVE-2026-7161 CRITICAL - 9.3

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with various...

Vendor: geovision
Product: gv-ip_device_utility
Published: May 04, 2026
Source: NVD
CVE-2026-42370 CRITICAL - 9.0

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-VMS V20.0.2
Published: May 04, 2026
Source: NVD
CVE-2026-42369 CRITICAL - 10.0

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to ...

Vendor: GeoVision Inc.
Product: GV-VMS V20.0.2
Published: May 04, 2026
Source: NVD
CVE-2026-42368 CRITICAL - 9.9

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42367 MEDIUM - 6.5

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42366 HIGH - 7.4

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42365 HIGH - 8.6

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-42364 CRITICAL - 9.9

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.

Vendor: GeoVision Inc.
Product: GV-LPC2011/LPC2211
Published: May 04, 2026
Source: NVD
CVE-2026-7713 MEDIUM - 6.3

A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo auth-token Route. The manipulation results in improper authorization. The attack may be performed fr...

Published: May 04, 2026
Source: NVD