Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,512
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 17,581 - 17,600 of 40,198 CVEs
CVE-2026-7692 MEDIUM - 6.3

A vulnerability was detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. The affected element is the function ping_ddns of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument DDNS results in command injection. The attack can be initiated remotely. The exploit is now public and may b...

Vendor: wavlink
Product: wl-wn570ha1_firmware
Published: May 03, 2026
Source: NVD
CVE-2026-7691 MEDIUM - 6.3

A security vulnerability has been detected in Wavlink WL-WN570HA1 R70HA1 V1410_221110. Impacted is the function set_sys_cmd of the file /cgi-bin/adm.cgi. Such manipulation of the argument command leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed...

Vendor: wavlink
Product: wl-wn570ha1_firmware
Published: May 03, 2026
Source: NVD
CVE-2026-7690 MEDIUM - 6.3

A weakness has been identified in Wavlink WL-WN570HA1 R70HA1 V1410_221110. This issue affects the function set_sys_adm of the file /cgi-bin/adm.cgi. This manipulation of the argument Username causes command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

Vendor: wavlink
Product: wl-wn570ha1_firmware
Published: May 03, 2026
Source: NVD
CVE-2026-7689 LOW - 3.7

A security flaw has been discovered in Dolibarr ERP CRM up to 23.0.2. This vulnerability affects the function dol_verifyHash in the library htdocs/core/lib/security.lib.php of the component Online Signature Module. The manipulation results in improper verification of cryptographic signature. The att...

Published: May 03, 2026
Source: NVD
CVE-2026-7688 MEDIUM - 5.0

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function _checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be ca...

Published: May 03, 2026
Source: NVD
CVE-2026-7687 MEDIUM - 6.3

A vulnerability was determined in langflow-ai langflow up to 1.8.4. Affected by this issue is the function CodeParser.parse_callable_details of the file src/lfx/src/lfx/custom/code_parser/code_parser.py of the component Full Builtins Module Handler. Executing a manipulation can lead to command injec...

Published: May 03, 2026
Source: NVD
CVE-2026-7686 MEDIUM - 5.3

A vulnerability was found in eyeo Adblock Plus up to 4.36.2 on Chrome. Affected by this vulnerability is the function postMessage of the file premium.preload.js of the component Legacy Premium Activation. Performing a manipulation results in improper access controls. Remote exploitation of the attac...

Published: May 03, 2026
Source: NVD
CVE-2026-7685 HIGH - 8.8

A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway  results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor wa...

Published: May 03, 2026
Source: NVD
CVE-2026-7684 HIGH - 8.8

A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be u...

Published: May 03, 2026
Source: NVD
CVE-2026-7683 MEDIUM - 6.3

A weakness has been identified in Edimax BR-6428nC up to 1.16. This affects an unknown function of the file /goform/setWAN of the component Web Interface. This manipulation of the argument pppUserName/pptpUserName causes command injection. The attack can be initiated remotely. The exploit has been m...

Published: May 03, 2026
Source: NVD
CVE-2026-7682 MEDIUM - 6.3

A security flaw has been discovered in Edimax BR-6208AC 1.02. The impacted element is the function setWAN of the file /goform/setWAN of the component L2TP Mode. The manipulation of the argument L2TPUserName results in command injection. It is possible to launch the attack remotely. The exploit has b...

Published: May 03, 2026
Source: NVD
CVE-2026-5337 MEDIUM - 6.5

During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly validat...

Published: May 03, 2026
Source: NVD
CVE-2026-7681 MEDIUM - 6.5

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The atta...

Published: May 03, 2026
Source: NVD
CVE-2026-7680 MEDIUM - 4.3

A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be launched remotely. The ex...

Published: May 03, 2026
Source: NVD
CVE-2026-5063 HIGH - 7.2

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submit_nex_form() function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it poss...

Published: May 03, 2026
Source: NVD
CVE-2026-7679 HIGH - 7.3

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication. Th...

Published: May 03, 2026
Source: NVD
CVE-2026-7678 MEDIUM - 6.3

A vulnerability was identified in YunaiV yudao-cloud up to 2026.01. This affects the function getDataBySQL of the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. Such manipulation leads to sql injection. It is possible to launch the attack r...

Published: May 03, 2026
Source: NVD
CVE-2026-7677 LOW - 3.5

A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNoticeController.java of the component System Notice Handler. This manipulation of the argument noticeCont...

Published: May 03, 2026
Source: NVD
CVE-2026-7676 MEDIUM - 4.3

A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument fil...

Published: May 03, 2026
Source: NVD
CVE-2026-7675 HIGH - 8.8

A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disc...

Published: May 03, 2026
Source: NVD