Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,377
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 17,761 - 17,780 of 39,155 CVEs
CVE-2026-7018 MEDIUM - 5.6

A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/core/utils/TokenManager.java of the component JWT Token Handler. Executing a manipulation of the argu...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7016 LOW - 2.4

A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could...

Published: Apr 26, 2026
Source: NVD
CVE-2026-42255 HIGH - 7.2

Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.

Vendor: Technitium
Product: DnsServer
Published: Apr 26, 2026
Source: NVD
CVE-2026-7015 LOW - 2.4

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_email leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed ...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7014 LOW - 2.4

A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component down_count Plugin. This manipulation of the argument f_file/f_prefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7013 LOW - 2.4

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail_send Plugin. The manipulation of the argument f_subject/f_files/f_from leads to cross site scripting. The attack can be initiated remotely. The exploit ha...

Published: Apr 26, 2026
Source: NVD
CVE-2026-42254 MEDIUM - 4.0

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response.

Vendor: Hickory Project
Product: Hickory DNS
Published: Apr 26, 2026
Source: NVD
CVE-2026-7012 LOW - 2.4

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument f_all/f_all404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versio...

Published: Apr 26, 2026
Source: NVD
CVE-2026-7011 LOW - 2.4

A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/plugin_antispam of the component Antispam Plugin. Executing a manipulation of the argument f_logging_file can lead to cross site scripting. It is possible to launc...

Published: Apr 26, 2026
Source: NVD
CVE-2026-41572 MEDIUM - 5.3

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/notes/{id}/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note ...

Vendor: go
Product: github.com/enchant97/note-mark/backend
Published: Apr 25, 2026
Source: GitHub
CVE-2026-41571 CRITICAL - 9.4

Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") placeholder whenever a user has no stored password. OIDC-registered users are created with an empty password, so anyone who submits pass...

Vendor: go
Product: github.com/enchant97/note-mark/backend
Published: Apr 25, 2026
Source: GitHub
CVE-2026-41520 HIGH - 7.9

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been pat...

Vendor: go
Product: github.com/cilium/cilium
Published: Apr 25, 2026
Source: GitHub
CVE-2026-7002 HIGH - 7.3

A vulnerability was determined in KLiK SocialMediaWebsite up to 1.0.1. This vulnerability affects unknown code of the file /includes/get_message_ajax.php of the component Private Message Handler. Executing a manipulation of the argument c_id can lead to sql injection. It is possible to launch the at...

Published: Apr 25, 2026
Source: NVD
CVE-2026-7001 LOW - 2.4

A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configuration Page. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public an...

Published: Apr 25, 2026
Source: NVD
CVE-2026-7000 LOW - 2.4

A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of the component VLAN Page. Such manipulation of the argument VLAN Name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to th...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6999 LOW - 2.4

A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component Wireless Setting. This manipulation of the argument Network Name SSID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been pub...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6998 LOW - 2.4

A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. T...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6997 LOW - 2.4

A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulation of the argument Owner leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been dis...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6996 LOW - 2.4

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available ...

Published: Apr 25, 2026
Source: NVD
CVE-2026-6995 LOW - 2.4

A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulation of the argument User name results in cross site scripting. The attack may be initiated remotely....

Published: Apr 25, 2026
Source: NVD