Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,355
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 19,161 - 19,180 of 39,155 CVEs
CVE-2026-32957 MEDIUM - 5.3

SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32956 CRITICAL - 9.8

SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32955 HIGH - 8.8

SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-6597 LOW - 2.7

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6596 HIGH - 7.3

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack re...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6595 HIGH - 7.3

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus_id leads to sql injecti...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6594 HIGH - 7.3

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The ve...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6593 LOW - 3.5

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6592 LOW - 3.5

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed ...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6591 MEDIUM - 4.3

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been p...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6590 MEDIUM - 4.3

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The ...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6589 MEDIUM - 4.3

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The ...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6588 MEDIUM - 6.5

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched rem...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6587 MEDIUM - 6.3

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the component Collections Module. Performing a manipulation of the argum...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6586 MEDIUM - 6.3

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. Th...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6585 MEDIUM - 5.4

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypas...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6584 MEDIUM - 5.4

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be perfo...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6583 MEDIUM - 5.4

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be car...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6582 HIGH - 7.3

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6581 HIGH - 8.8

A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now pu...

Published: Apr 19, 2026
Source: NVD