Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,522
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 1,941 - 1,960 of 40,154 CVEs
CVE-2026-50748 CRITICAL - 9.9

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device.

Vendor: Ubiquiti Inc
Product: UniFi Access Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-50747 CRITICAL - 9.9

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device.

Vendor: Ubiquiti Inc
Product: UniFi Talk Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-50746 CRITICAL - 10.0

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.

Vendor: Ubiquiti Inc
Product: UniFi Connect Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-12168 HIGH - 7.8

An improper validation vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port.

Vendor: Little Orbit
Product: GameFirst Anti-Cheat
Published: Jul 02, 2026
Source: NVD
CVE-2026-12167 HIGH - 7.8

The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions.

Vendor: Little Orbit
Product: GameFirst Anti-Cheat
Published: Jul 02, 2026
Source: NVD
CVE-2026-12166 MEDIUM - 5.5

A NULL pointer dereference vulnerability for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash.

Vendor: Little Orbit
Product: GameFirst Anti-Cheat
Published: Jul 02, 2026
Source: NVD
CVE-2026-4767 CRITICAL - 9.8

Missing authentication for critical function vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Authentication Abuse. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

Published: Jul 02, 2026
Source: NVD
CVE-2026-45045 MEDIUM - 5.3

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0 and 2.52.14, the BalancerForward proxy helper in middleware/proxy/proxy.go uses Header.Add() instead of Header.Set() when injecting X-Real-IP, allowing an attacker-supplied first X-Real-IP value to be forwarded to upstream serv...

Vendor: go
Product: github.com/gofiber/fiber/v3
Published: Jul 02, 2026
Source: GitHub
CVE-2026-44332 MEDIUM - 5.3

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username enum...

Vendor: go
Product: github.com/gofiber/fiber/v3
Published: Jul 02, 2026
Source: GitHub
CVE-2026-5524 CRITICAL - 9.8

The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload leading to Remote Code Execution in all versions up to and including 5.1.8. This is due to insufficient file extension validation in the do_image_upload() function where user-supplied input from the acceptFileTypes POS...

Published: Jul 02, 2026
Source: NVD
CVE-2026-58653 MEDIUM - 4.3

PraisonAI before 0.1.7 fails to validate that project_id in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace constrain...

Vendor: PraisonAI
Product: PraisonAI
Published: Jul 02, 2026
Source: NVD
CVE-2026-58652 HIGH - 7.5

luci-app-travelmate (and the travelmate package) contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to /etc/travelmate/*.l...

Vendor: openwrt
Product: luci-app-travelmate, travelmate
Published: Jul 02, 2026
Source: NVD
CVE-2026-4772 MEDIUM - 5.4

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117.

Published: Jul 02, 2026
Source: NVD
CVE-2026-4770 MEDIUM - 4.6

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117.

Published: Jul 02, 2026
Source: NVD
CVE-2026-57766 HIGH - 8.8

Unauthenticated Cross Site Request Forgery (CSRF) in WPIDE – File Manager & Code Editor <= 3.5.6 versions.

Vendor: XplodedThemes
Product: WPIDE – File Manager & Code Editor
Published: Jul 02, 2026
Source: NVD
CVE-2026-57765 HIGH - 8.5

Contributor SQL Injection in WP EasyCart <= 5.9.0 versions.

Vendor: Levelfourdevelopment
Product: WP EasyCart
Published: Jul 02, 2026
Source: NVD
CVE-2026-57764 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in Surbma | Yoast SEO Breadcrumb Shortcode <= 1.2 versions.

Vendor: Surbma
Product: Surbma | Yoast SEO Breadcrumb Shortcode
Published: Jul 02, 2026
Source: NVD
CVE-2026-57763 MEDIUM - 6.5

Contributor Cross Site Scripting (XSS) in Structured Content <= 1.7.0 versions.

Vendor: Gordon Böhme
Product: Structured Content
Published: Jul 02, 2026
Source: NVD
CVE-2026-57762 MEDIUM - 5.9

Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions.

Vendor: Andrew Fiebert
Product: Simple URLs
Published: Jul 02, 2026
Source: NVD
CVE-2026-57761 HIGH - 7.1

Unauthenticated Cross Site Request Forgery (CSRF) in SEOWP <= 3.12.2 versions.

Vendor: BlueAstralThemes
Product: SEOWP
Published: Jul 02, 2026
Source: NVD