Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,541
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 18,421 - 18,440 of 40,154 CVEs
CVE-2026-3323 HIGH - 7.5

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes.

Published: Apr 28, 2026
Source: NVD
CVE-2026-7280 MEDIUM - 6.7

AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrary code execution with system privileges when the AVACAST service starts.

Published: Apr 28, 2026
Source: NVD
CVE-2026-7279 HIGH - 7.8

AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution with system privileges when the system loads the DLL.

Published: Apr 28, 2026
Source: NVD
CVE-2026-7264 MEDIUM - 6.3

A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the file /admin/ajax.php?action=get_cart_items. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been m...

Published: Apr 28, 2026
Source: NVD
CVE-2026-41636 HIGH - 7.5

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Thrift
Published: Apr 28, 2026
Source: NVD
CVE-2026-41607 MEDIUM - 6.5

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Thrift
Published: Apr 28, 2026
Source: NVD
CVE-2026-41606 MEDIUM - 5.3

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Thrift
Published: Apr 28, 2026
Source: NVD
CVE-2026-41605 HIGH - 7.3

Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Thrift
Published: Apr 28, 2026
Source: NVD
CVE-2026-41604 HIGH - 8.2

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Thrift
Published: Apr 28, 2026
Source: NVD
CVE-2026-41603 HIGH - 7.4

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Thrift
Published: Apr 28, 2026
Source: NVD
CVE-2026-41602 HIGH - 7.5

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Thrift
Published: Apr 28, 2026
Source: NVD
CVE-2025-48431 HIGH - 7.5

Mismatched Memory Management Routines vulnerability in Apache Thrift c_glib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an c_glib-based Thrift serve...

Vendor: Apache Software Foundation
Product: Apache Thrift
Published: Apr 28, 2026
Source: NVD
CVE-2026-7248 CRITICAL - 9.8

A vulnerability was found in D-Link DI-8100 16.07.26A1. This affects the function tgfile_htm of the file tgfile.htm of the component CGI Endpoint. The manipulation of the argument fn results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.

Vendor: dlink
Product: di-8100_firmware
Published: Apr 28, 2026
Source: NVD
CVE-2026-7247 HIGH - 7.2

A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the attack is possible. The ex...

Vendor: dlink
Product: di-8100_firmware
Published: Apr 28, 2026
Source: NVD
CVE-2026-7244 CRITICAL - 9.8

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the at...

Published: Apr 28, 2026
Source: NVD
CVE-2026-7243 CRITICAL - 9.8

A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the att...

Published: Apr 28, 2026
Source: NVD
CVE-2026-7242 CRITICAL - 9.8

A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from remo...

Published: Apr 28, 2026
Source: NVD
CVE-2026-7241 CRITICAL - 9.8

A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument wifiOff results in os command injection. The attack is possible to be carried ou...

Published: Apr 28, 2026
Source: NVD
CVE-2026-40980 MEDIUM - 6.5

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

Vendor: Spring
Product: Spring AI
Published: Apr 28, 2026
Source: NVD
CVE-2026-40979 MEDIUM - 6.1

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

Vendor: Spring
Product: Spring AI
Published: Apr 28, 2026
Source: NVD