Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,355
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 19,181 - 19,200 of 39,155 CVEs
CVE-2026-6580 HIGH - 7.3

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The attack may be launched...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6579 MEDIUM - 6.5

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the publi...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6578 MEDIUM - 5.6

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET_KEY results in hard-coded credentials. The attack can be launched remotely. The ...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6577 HIGH - 7.3

A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly ava...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6576 MEDIUM - 6.3

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is possible...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6574 HIGH - 7.3

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The ex...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6573 MEDIUM - 6.3

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. T...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6572 MEDIUM - 5.6

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote e...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6571 MEDIUM - 6.3

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotel...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6570 LOW - 2.7

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been ...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6569 HIGH - 7.3

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The ven...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6568 HIGH - 7.3

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remo...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6564 MEDIUM - 4.3

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendo...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6563 HIGH - 8.8

A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to th...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6562 HIGH - 7.3

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. ...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6561 MEDIUM - 4.7

A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filename results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6560 HIGH - 8.8

A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6559 MEDIUM - 4.3

A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended. Th...

Published: Apr 19, 2026
Source: NVD
CVE-2026-0868 MEDIUM - 6.4

The EMC โ€“ Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

Published: Apr 19, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Apr 18, 2026
Source: NVD