Total CVEs

143,377

Critical Severity

4,061

High Severity

14,648

Last 7 Days

1,380
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 19,781 - 19,800 of 39,782 CVEs
CVE-2026-32964 MEDIUM - 6.5

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32963 MEDIUM - 6.1

SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32962 MEDIUM - 5.3

SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32961 MEDIUM - 5.3

SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data processing of sx_smpd. Processing a crafted packet may cause a temporary denial-of-service (DoS) condition.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32960 MEDIUM - 6.5

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32959 MEDIUM - 5.9

SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32958 MEDIUM - 6.5

SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32957 MEDIUM - 5.3

SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32956 CRITICAL - 9.8

SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-32955 HIGH - 8.8

SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.

Vendor: silex technology, Inc.
Product: SD-330AC, AMC Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-6597 LOW - 2.7

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6596 HIGH - 7.3

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack re...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6595 HIGH - 7.3

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus_id leads to sql injecti...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6594 HIGH - 7.3

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The ve...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6593 LOW - 3.5

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6592 LOW - 3.5

A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed ...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6591 MEDIUM - 4.3

A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been p...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6590 MEDIUM - 4.3

A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The ...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6589 MEDIUM - 4.3

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The ...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6588 MEDIUM - 6.5

A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API Endpoint. Executing a manipulation can lead to missing authentication. The attack can be launched rem...

Published: Apr 20, 2026
Source: NVD