Total CVEs

143,377

Critical Severity

4,061

High Severity

14,648

Last 7 Days

1,373
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 19,801 - 19,820 of 39,782 CVEs
CVE-2026-6587 MEDIUM - 6.3

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_modal_faithfulness/util.py of the component Collections Module. Performing a manipulation of the argum...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6586 MEDIUM - 6.3

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch the attack remotely. Th...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6585 MEDIUM - 5.4

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organisation Update Endpoint. This manipulation of the argument organisation_id causes authorization bypas...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6584 MEDIUM - 5.4

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument user_id results in authorization bypass. The attack may be perfo...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6583 MEDIUM - 5.4

A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key Management Endpoint. The manipulation leads to authorization bypass. The attack is possible to be car...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6582 HIGH - 7.3

A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector Database Management Endpoint. Executing a manipulation can lead to missing authentication. The attack...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6581 HIGH - 8.8

A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now pu...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6580 HIGH - 7.3

A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipulation of the argument key leads to use of hard-coded cryptographic key . The attack may be launched...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6579 MEDIUM - 6.5

A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the publi...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6578 MEDIUM - 5.6

A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of the argument SECRET_KEY results in hard-coded credentials. The attack can be launched remotely. The ...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6577 HIGH - 7.3

A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulation leads to missing authentication. The attack can be initiated remotely. The exploit is publicly ava...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6576 MEDIUM - 6.3

A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Interface. Executing a manipulation of the argument Source can lead to command injection. It is possible...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6574 HIGH - 7.3

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The ex...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6573 MEDIUM - 6.3

A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of the argument uploadfile results in server-side request forgery. The attack can be executed remotely. T...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6572 MEDIUM - 5.6

A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUpload Endpoint. The manipulation of the argument fileUpload leads to improper authorization. Remote e...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6571 MEDIUM - 6.3

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack may be launched remotel...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6570 LOW - 2.7

A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely. The exploit has been ...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6569 HIGH - 7.3

A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of the argument fileUrl leads to improper authentication. The attack can be launched remotely. The ven...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6568 HIGH - 7.3

A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Handler. This manipulation of the argument path causes path traversal. The attack can be initiated remo...

Published: Apr 19, 2026
Source: NVD
CVE-2026-6564 MEDIUM - 4.3

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendo...

Published: Apr 19, 2026
Source: NVD