# CVEs — April 2026

_2885 vulnerabilities_

| CVE ID | CVSS | Severity | CWE | KEV | EPSS | VAP | Published | Description |
|--------|------|----------|-----|-----|------|-----|-----------|-------------|
| [CVE-2026-6385](https://nvd.nist.gov/vuln/detail/CVE-2026-6385) | 6.5 | MEDIUM | CWE-190 | No | — | 4.55 | 2026-04-15 | A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/... |
| [CVE-2026-6384](https://nvd.nist.gov/vuln/detail/CVE-2026-6384) | 7.3 | HIGH | CWE-120 | No | — | 5.11 | 2026-04-15 | A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` funct... |
| [CVE-2026-6364](https://nvd.nist.gov/vuln/detail/CVE-2026-6364) | 0.0 | NONE | CWE-125 | No | — | 0.00 | 2026-04-15 | Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sens... |
| [CVE-2026-6363](https://nvd.nist.gov/vuln/detail/CVE-2026-6363) | 8.8 | HIGH | CWE-843 | No | — | 6.16 | 2026-04-15 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bo... |
| [CVE-2026-6362](https://nvd.nist.gov/vuln/detail/CVE-2026-6362) | 0.0 | NONE | CWE-416 | No | — | 0.00 | 2026-04-15 | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out o... |
| [CVE-2026-6361](https://nvd.nist.gov/vuln/detail/CVE-2026-6361) | 7.2 | HIGH | CWE-122 | No | — | 5.04 | 2026-04-15 | Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinc... |
| [CVE-2026-6360](https://nvd.nist.gov/vuln/detail/CVE-2026-6360) | 8.8 | HIGH | CWE-416 | No | — | 6.16 | 2026-04-15 | Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit o... |
| [CVE-2026-6359](https://nvd.nist.gov/vuln/detail/CVE-2026-6359) | 8.8 | HIGH | CWE-416 | No | — | 6.16 | 2026-04-15 | Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromise... |
| [CVE-2026-6358](https://nvd.nist.gov/vuln/detail/CVE-2026-6358) | 8.8 | HIGH | CWE-416 | No | — | 6.16 | 2026-04-15 | Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of... |
| [CVE-2026-6319](https://nvd.nist.gov/vuln/detail/CVE-2026-6319) | 0.0 | NONE | CWE-416 | No | — | 0.00 | 2026-04-15 | Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a... |
| [CVE-2026-6318](https://nvd.nist.gov/vuln/detail/CVE-2026-6318) | 0.0 | NONE | CWE-416 | No | — | 0.00 | 2026-04-15 | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code in... |
| [CVE-2026-6317](https://nvd.nist.gov/vuln/detail/CVE-2026-6317) | 8.8 | HIGH | CWE-416 | No | — | 6.16 | 2026-04-15 | Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via... |
| [CVE-2026-6316](https://nvd.nist.gov/vuln/detail/CVE-2026-6316) | 8.8 | HIGH | CWE-416 | No | — | 6.16 | 2026-04-15 | Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code ins... |
| [CVE-2026-6315](https://nvd.nist.gov/vuln/detail/CVE-2026-6315) | 8.8 | HIGH | CWE-416 | No | — | 6.16 | 2026-04-15 | Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convince... |
| [CVE-2026-6314](https://nvd.nist.gov/vuln/detail/CVE-2026-6314) | 8.3 | HIGH | CWE-787 | No | — | 5.81 | 2026-04-15 | Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GP... |
| [CVE-2026-6313](https://nvd.nist.gov/vuln/detail/CVE-2026-6313) | 3.1 | LOW | CWE-284 | No | — | 2.17 | 2026-04-15 | Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compr... |
| [CVE-2026-6312](https://nvd.nist.gov/vuln/detail/CVE-2026-6312) | 3.1 | LOW | N/A | No | — | 2.17 | 2026-04-15 | Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had... |
| [CVE-2026-6311](https://nvd.nist.gov/vuln/detail/CVE-2026-6311) | 8.3 | HIGH | CWE-457 | No | — | 5.81 | 2026-04-15 | Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had... |
| [CVE-2026-6310](https://nvd.nist.gov/vuln/detail/CVE-2026-6310) | 8.3 | HIGH | CWE-416 | No | — | 5.81 | 2026-04-15 | Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the render... |
| [CVE-2026-6309](https://nvd.nist.gov/vuln/detail/CVE-2026-6309) | 8.3 | HIGH | CWE-416 | No | — | 5.81 | 2026-04-15 | Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the rendere... |
| [CVE-2026-6308](https://nvd.nist.gov/vuln/detail/CVE-2026-6308) | 0.0 | NONE | CWE-125 | No | — | 0.00 | 2026-04-15 | Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to e... |
| [CVE-2026-6307](https://nvd.nist.gov/vuln/detail/CVE-2026-6307) | 8.8 | HIGH | CWE-843 | No | — | 6.16 | 2026-04-15 | Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code... |
| [CVE-2026-6306](https://nvd.nist.gov/vuln/detail/CVE-2026-6306) | 0.0 | NONE | CWE-122 | No | — | 0.00 | 2026-04-15 | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary c... |
| [CVE-2026-6305](https://nvd.nist.gov/vuln/detail/CVE-2026-6305) | 0.0 | NONE | CWE-122 | No | — | 0.00 | 2026-04-15 | Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary c... |
| [CVE-2026-6304](https://nvd.nist.gov/vuln/detail/CVE-2026-6304) | 8.3 | HIGH | CWE-416 | No | — | 5.81 | 2026-04-15 | Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the re... |
| [CVE-2026-6303](https://nvd.nist.gov/vuln/detail/CVE-2026-6303) | 0.0 | NONE | CWE-416 | No | — | 0.00 | 2026-04-15 | Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code in... |
| [CVE-2026-6302](https://nvd.nist.gov/vuln/detail/CVE-2026-6302) | 8.8 | HIGH | CWE-416 | No | — | 6.16 | 2026-04-15 | Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code ins... |
| [CVE-2026-6301](https://nvd.nist.gov/vuln/detail/CVE-2026-6301) | 8.8 | HIGH | CWE-843 | No | — | 6.16 | 2026-04-15 | Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code... |
| [CVE-2026-6300](https://nvd.nist.gov/vuln/detail/CVE-2026-6300) | 8.8 | HIGH | CWE-416 | No | — | 6.16 | 2026-04-15 | Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code insid... |
| [CVE-2026-6299](https://nvd.nist.gov/vuln/detail/CVE-2026-6299) | 8.8 | HIGH | CWE-416 | No | — | 6.16 | 2026-04-15 | Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code... |
| [CVE-2026-6298](https://nvd.nist.gov/vuln/detail/CVE-2026-6298) | 0.0 | NONE | CWE-122 | No | — | 0.00 | 2026-04-15 | Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially se... |
| [CVE-2026-6297](https://nvd.nist.gov/vuln/detail/CVE-2026-6297) | 8.3 | HIGH | CWE-416 | No | — | 5.81 | 2026-04-15 | Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to... |
| [CVE-2026-6296](https://nvd.nist.gov/vuln/detail/CVE-2026-6296) | 0.0 | NONE | CWE-122 | No | — | 0.00 | 2026-04-15 | Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform... |
| [CVE-2026-40919](https://nvd.nist.gov/vuln/detail/CVE-2026-40919) | 6.1 | MEDIUM | CWE-787 | No | — | 4.27 | 2026-04-15 | A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited... |
| [CVE-2026-40918](https://nvd.nist.gov/vuln/detail/CVE-2026-40918) | 5.5 | MEDIUM | CWE-131 | No | — | 3.85 | 2026-04-15 | A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of se... |
| [CVE-2026-40917](https://nvd.nist.gov/vuln/detail/CVE-2026-40917) | 5.0 | MEDIUM | CWE-125 | No | — | 3.50 | 2026-04-15 | A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when proces... |
| [CVE-2026-40916](https://nvd.nist.gov/vuln/detail/CVE-2026-40916) | 5.0 | MEDIUM | CWE-787 | No | — | 3.50 | 2026-04-15 | A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a lo... |
| [CVE-2026-40915](https://nvd.nist.gov/vuln/detail/CVE-2026-40915) | 5.5 | MEDIUM | CWE-190 | No | — | 3.85 | 2026-04-15 | A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by... |
| [CVE-2026-39857](https://nvd.nist.gov/vuln/detail/CVE-2026-39857) | 5.3 | MEDIUM | CWE-200 | No | — | 3.71 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization by... |
| [CVE-2026-35569](https://nvd.nist.gov/vuln/detail/CVE-2026-35569) | 8.7 | HIGH | CWE-79 | No | — | 6.09 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site... |
| [CVE-2026-33889](https://nvd.nist.gov/vuln/detail/CVE-2026-33889) | 5.4 | MEDIUM | CWE-79 | No | — | 3.78 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site... |
| [CVE-2026-33888](https://nvd.nist.gov/vuln/detail/CVE-2026-33888) | 5.3 | MEDIUM | CWE-200 | No | — | 3.71 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization by... |
| [CVE-2026-33877](https://nvd.nist.gov/vuln/detail/CVE-2026-33877) | 3.7 | LOW | CWE-208 | No | — | 2.59 | 2026-04-15 | ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-chann... |
| [CVE-2026-21727](https://nvd.nist.gov/vuln/detail/CVE-2026-21727) | 3.3 | LOW | N/A | No | — | 2.31 | 2026-04-15 | --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero:   image: /static/img/heros/hero-le... |
| [CVE-2026-21726](https://nvd.nist.gov/vuln/detail/CVE-2026-21726) | 5.3 | MEDIUM | N/A | No | — | 3.71 | 2026-04-15 | The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by doub... |
| [CVE-2025-41118](https://nvd.nist.gov/vuln/detail/CVE-2025-41118) | 9.1 | CRITICAL | N/A | No | — | 6.37 | 2026-04-15 | Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Ten... |
| [CVE-2026-6383](https://nvd.nist.gov/vuln/detail/CVE-2026-6383) | 5.4 | MEDIUM | CWE-863 | No | — | 3.78 | 2026-04-15 | A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly... |
| [CVE-2026-6245](https://nvd.nist.gov/vuln/detail/CVE-2026-6245) | 5.5 | MEDIUM | CWE-805 | No | — | 3.85 | 2026-04-15 | A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PA... |
| [CVE-2026-5189](https://nvd.nist.gov/vuln/detail/CVE-2026-5189) | 9.2 | CRITICAL | CWE-798 | No | — | 6.44 | 2026-04-15 | CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unau... |
| [CVE-2026-40256](https://nvd.nist.gov/vuln/detail/CVE-2026-40256) | 5.0 | MEDIUM | CWE-22 | No | — | 3.50 | 2026-04-15 | Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string pre... |
| [CVE-2026-39845](https://nvd.nist.gov/vuln/detail/CVE-2026-39845) | 4.1 | MEDIUM | CWE-918 | No | — | 2.87 | 2026-04-15 | Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF pr... |
| [CVE-2026-34632](https://nvd.nist.gov/vuln/detail/CVE-2026-34632) | 8.2 | HIGH | CWE-427 | No | — | 5.74 | 2026-04-15 | Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in... |
| [CVE-2026-34393](https://nvd.nist.gov/vuln/detail/CVE-2026-34393) | 8.8 | HIGH | CWE-269 | No | — | 6.16 | 2026-04-15 | Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limi... |
| [CVE-2026-34244](https://nvd.nist.gov/vuln/detail/CVE-2026-34244) | 5.0 | MEDIUM | CWE-200 | No | — | 3.50 | 2026-04-15 | Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission (granted by... |
| [CVE-2026-34242](https://nvd.nist.gov/vuln/detail/CVE-2026-34242) | 7.7 | HIGH | CWE-22 | No | — | 5.39 | 2026-04-15 | Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded f... |
| [CVE-2026-33667](https://nvd.nist.gov/vuln/detail/CVE-2026-33667) | 7.4 | HIGH | CWE-307 | No | — | 5.18 | 2026-04-15 | OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the c... |
| [CVE-2026-33440](https://nvd.nist.gov/vuln/detail/CVE-2026-33440) | 5.0 | MEDIUM | CWE-918 | No | — | 3.50 | 2026-04-15 | Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to t... |
| [CVE-2026-33435](https://nvd.nist.gov/vuln/detail/CVE-2026-33435) | 8.0 | HIGH | CWE-23 | No | — | 5.60 | 2026-04-15 | Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial... |
| [CVE-2026-33220](https://nvd.nist.gov/vuln/detail/CVE-2026-33220) | 6.8 | MEDIUM | CWE-22 | No | — | 4.76 | 2026-04-15 | Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpo... |
| [CVE-2026-5758](https://nvd.nist.gov/vuln/detail/CVE-2026-5758) | 6.5 | MEDIUM | N/A | No | — | 4.55 | 2026-04-15 | JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker... |
| [CVE-2026-33214](https://nvd.nist.gov/vuln/detail/CVE-2026-33214) | 4.3 | MEDIUM | CWE-862 | No | — | 3.01 | 2026-04-15 | Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpo... |
| [CVE-2026-33212](https://nvd.nist.gov/vuln/detail/CVE-2026-33212) | 3.1 | LOW | CWE-284 | No | — | 2.17 | 2026-04-15 | Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending... |
| [CVE-2026-32631](https://nvd.nist.gov/vuln/detail/CVE-2026-32631) | 7.4 | HIGH | CWE-200 | No | — | 5.18 | 2026-04-15 | Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent atta... |
| [CVE-2026-30993](https://nvd.nist.gov/vuln/detail/CVE-2026-30993) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-15 | Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() functio... |
| [CVE-2026-6372](https://nvd.nist.gov/vuln/detail/CVE-2026-6372) | 7.5 | HIGH | CWE-862 | No | — | 5.25 | 2026-04-15 | Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configur... |
| [CVE-2026-6370](https://nvd.nist.gov/vuln/detail/CVE-2026-6370) | 5.9 | MEDIUM | CWE-79 | No | — | 4.13 | 2026-04-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Aj... |
| [CVE-2026-30996](https://nvd.nist.gov/vuln/detail/CVE-2026-30996) | 7.5 | HIGH | CWE-22 | No | — | 5.25 | 2026-04-15 | An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a direc... |
| [CVE-2026-30995](https://nvd.nist.gov/vuln/detail/CVE-2026-30995) | 8.6 | HIGH | CWE-89 | No | — | 6.02 | 2026-04-15 | Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_v... |
| [CVE-2026-30994](https://nvd.nist.gov/vuln/detail/CVE-2026-30994) | 7.5 | HIGH | CWE-284 | No | — | 5.25 | 2026-04-15 | Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access... |
| [CVE-2025-63029](https://nvd.nist.gov/vuln/detail/CVE-2025-63029) | 7.6 | HIGH | CWE-89 | No | — | 5.32 | 2026-04-15 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Mar... |
| [CVE-2025-15636](https://nvd.nist.gov/vuln/detail/CVE-2025-15636) | 6.5 | MEDIUM | CWE-79 | No | — | 4.55 | 2026-04-15 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emarket-design You... |
| [CVE-2025-15635](https://nvd.nist.gov/vuln/detail/CVE-2025-15635) | 4.3 | MEDIUM | CWE-352 | No | — | 3.01 | 2026-04-15 | Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows Cross Site Request Forge... |
| [CVE-2025-15610](https://nvd.nist.gov/vuln/detail/CVE-2025-15610) | 9.3 | CRITICAL | CWE-502 | No | — | 6.51 | 2026-04-15 | Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injec... |
| [CVE-2026-5387](https://nvd.nist.gov/vuln/detail/CVE-2026-5387) | 9.3 | CRITICAL | CWE-862 | No | — | 6.51 | 2026-04-15 | The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simula... |
| [CVE-2026-30625](https://nvd.nist.gov/vuln/detail/CVE-2026-30625) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-15 | Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The applica... |
| [CVE-2026-30624](https://nvd.nist.gov/vuln/detail/CVE-2026-30624) | 8.6 | HIGH | CWE-77 | No | — | 6.02 | 2026-04-15 | Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The a... |
| [CVE-2026-30617](https://nvd.nist.gov/vuln/detail/CVE-2026-30617) | 8.6 | HIGH | CWE-77 | No | — | 6.02 | 2026-04-15 | LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execut... |
| [CVE-2026-30616](https://nvd.nist.gov/vuln/detail/CVE-2026-30616) | 7.3 | HIGH | CWE-77 | No | — | 5.11 | 2026-04-15 | Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacke... |
| [CVE-2026-30615](https://nvd.nist.gov/vuln/detail/CVE-2026-30615) | 8.0 | HIGH | CWE-77 | No | — | 5.60 | 2026-04-15 | A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim... |
| [CVE-2026-30461](https://nvd.nist.gov/vuln/detail/CVE-2026-30461) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-15 | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via... |
| [CVE-2026-20205](https://nvd.nist.gov/vuln/detail/CVE-2026-20205) | 7.2 | HIGH | CWE-532 | No | — | 5.04 | 2026-04-15 | In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or p... |
| [CVE-2026-20204](https://nvd.nist.gov/vuln/detail/CVE-2026-20204) | 7.1 | HIGH | CWE-377 | No | — | 4.97 | 2026-04-15 | In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26... |
| [CVE-2026-20203](https://nvd.nist.gov/vuln/detail/CVE-2026-20203) | 4.3 | MEDIUM | CWE-284 | No | — | 3.01 | 2026-04-15 | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26... |
| [CVE-2026-20202](https://nvd.nist.gov/vuln/detail/CVE-2026-20202) | 6.6 | MEDIUM | CWE-176 | No | — | 4.62 | 2026-04-15 | In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.26... |
| [CVE-2025-67841](https://nvd.nist.gov/vuln/detail/CVE-2025-67841) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-15 | Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue. |
| [CVE-2025-53444](https://nvd.nist.gov/vuln/detail/CVE-2025-53444) | 4.3 | MEDIUM | CWE-352 | No | — | 3.01 | 2026-04-15 | Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro allows Cross Site Request Forgery.This issue aff... |
| [CVE-2025-12141](https://nvd.nist.gov/vuln/detail/CVE-2025-12141) | 1.3 | LOW | CWE-200 | No | — | 0.91 | 2026-04-15 | In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notif... |
| [CVE-2026-4667](https://nvd.nist.gov/vuln/detail/CVE-2026-4667) | 7.3 | HIGH | CWE-250 | No | — | 5.11 | 2026-04-15 | HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate th... |
| [CVE-2026-30364](https://nvd.nist.gov/vuln/detail/CVE-2026-30364) | 7.5 | HIGH | CWE-121 | No | — | 5.25 | 2026-04-15 | CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function. |
| [CVE-2024-53412](https://nvd.nist.gov/vuln/detail/CVE-2024-53412) | 8.4 | HIGH | CWE-77 | No | — | 5.88 | 2026-04-15 | Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shel... |
| [CVE-2026-25219](https://nvd.nist.gov/vuln/detail/CVE-2026-25219) | 6.5 | MEDIUM | CWE-200 | No | — | 4.55 | 2026-04-15 | The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. Thi... |
| [CVE-2026-40784](https://nvd.nist.gov/vuln/detail/CVE-2026-40784) | 8.1 | HIGH | CWE-639 | No | 0.0% | 5.67 | 2026-04-15 | Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows... |
| [CVE-2026-40764](https://nvd.nist.gov/vuln/detail/CVE-2026-40764) | 8.1 | HIGH | CWE-352 | No | 0.0% | 5.67 | 2026-04-15 | Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Re... |
| [CVE-2026-40745](https://nvd.nist.gov/vuln/detail/CVE-2026-40745) | 7.6 | HIGH | CWE-89 | No | 0.0% | 5.32 | 2026-04-15 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element P... |
| [CVE-2026-40742](https://nvd.nist.gov/vuln/detail/CVE-2026-40742) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-15 | Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Co... |
| [CVE-2026-40737](https://nvd.nist.gov/vuln/detail/CVE-2026-40737) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-04-15 | Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exp... |
| [CVE-2026-40728](https://nvd.nist.gov/vuln/detail/CVE-2026-40728) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-15 | Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured... |
| [CVE-2026-39884](https://nvd.nist.gov/vuln/detail/CVE-2026-39884) | 8.3 | HIGH | CWE-88 | No | 0.0% | 5.81 | 2026-04-15 | mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior con... |
| [CVE-2026-40688](https://nvd.nist.gov/vuln/detail/CVE-2026-40688) | 7.2 | HIGH | CWE-787 | No | 0.4% | 5.05 | 2026-04-14 | A out-of-bounds write vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4... |
| [CVE-2026-39399](https://nvd.nist.gov/vuln/detail/CVE-2026-39399) | 9.6 | CRITICAL | CWE-20 | No | 0.3% | 6.73 | 2026-04-14 | NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend... |
| [CVE-2026-39387](https://nvd.nist.gov/vuln/detail/CVE-2026-39387) | 7.2 | HIGH | CWE-98 | No | 0.2% | 5.05 | 2026-04-14 | BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. V... |
| [CVE-2026-35589](https://nvd.nist.gov/vuln/detail/CVE-2026-35589) | 8.0 | HIGH | CWE-1385 | No | 0.0% | 5.60 | 2026-04-14 | nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerabili... |
| [CVE-2026-35034](https://nvd.nist.gov/vuln/detail/CVE-2026-35034) | 6.5 | MEDIUM | CWE-400 | No | 0.0% | 4.55 | 2026-04-14 | Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a denial of service vulnerability... |
| [CVE-2026-35033](https://nvd.nist.gov/vuln/detail/CVE-2026-35033) | 9.3 | CRITICAL | CWE-88 | No | 0.1% | 6.51 | 2026-04-14 | Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file... |
| [CVE-2026-35032](https://nvd.nist.gov/vuln/detail/CVE-2026-35032) | 8.6 | HIGH | CWE-73 | No | 0.0% | 6.02 | 2026-04-14 | Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the Live... |
| [CVE-2026-35031](https://nvd.nist.gov/vuln/detail/CVE-2026-35031) | 9.9 | CRITICAL | CWE-20 | No | 0.2% | 6.94 | 2026-04-14 | Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subt... |
| [CVE-2026-34457](https://nvd.nist.gov/vuln/detail/CVE-2026-34457) | 9.1 | CRITICAL | CWE-290 | No | 0.1% | 6.37 | 2026-04-14 | OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a... |
| [CVE-2026-34454](https://nvd.nist.gov/vuln/detail/CVE-2026-34454) | 3.5 | LOW | CWE-384 | No | 0.0% | 2.45 | 2026-04-14 | OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 p... |
| [CVE-2026-33414](https://nvd.nist.gov/vuln/detail/CVE-2026-33414) | 4.0 | MEDIUM | CWE-78 | No | 0.0% | 2.80 | 2026-04-14 | Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerab... |
| [CVE-2026-33023](https://nvd.nist.gov/vuln/detail/CVE-2026-33023) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built w... |
| [CVE-2026-33021](https://nvd.nist.gov/vuln/detail/CVE-2026-33021) | 7.3 | HIGH | CWE-416 | No | 0.0% | 5.11 | 2026-04-14 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-af... |
| [CVE-2026-27301](https://nvd.nist.gov/vuln/detail/CVE-2026-27301) | 5.5 | MEDIUM | CWE-122 | No | 0.0% | 3.85 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead... |
| [CVE-2026-27300](https://nvd.nist.gov/vuln/detail/CVE-2026-27300) | 5.5 | MEDIUM | CWE-824 | No | 0.0% | 3.85 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could... |
| [CVE-2026-27299](https://nvd.nist.gov/vuln/detail/CVE-2026-27299) | 6.3 | MEDIUM | CWE-20 | No | 0.0% | 4.41 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead... |
| [CVE-2026-27298](https://nvd.nist.gov/vuln/detail/CVE-2026-27298) | 7.8 | HIGH | CWE-843 | No | 0.0% | 5.46 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confus... |
| [CVE-2026-27297](https://nvd.nist.gov/vuln/detail/CVE-2026-27297) | 7.8 | HIGH | CWE-191 | No | 0.0% | 5.46 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability tha... |
| [CVE-2026-27296](https://nvd.nist.gov/vuln/detail/CVE-2026-27296) | 7.8 | HIGH | CWE-191 | No | 0.0% | 5.46 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability tha... |
| [CVE-2026-27295](https://nvd.nist.gov/vuln/detail/CVE-2026-27295) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in a... |
| [CVE-2026-27294](https://nvd.nist.gov/vuln/detail/CVE-2026-27294) | 7.8 | HIGH | CWE-125 | No | 0.0% | 5.46 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted... |
| [CVE-2026-27293](https://nvd.nist.gov/vuln/detail/CVE-2026-27293) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could resul... |
| [CVE-2026-27292](https://nvd.nist.gov/vuln/detail/CVE-2026-27292) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitra... |
| [CVE-2026-27290](https://nvd.nist.gov/vuln/detail/CVE-2026-27290) | 8.6 | HIGH | CWE-426 | No | 0.0% | 6.02 | 2026-04-14 | Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow att... |
| [CVE-2026-40291](https://nvd.nist.gov/vuln/detail/CVE-2026-40291) | 8.8 | HIGH | CWE-269 | No | 0.0% | 6.16 | 2026-04-14 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an insecure direct object mod... |
| [CVE-2026-39907](https://nvd.nist.gov/vuln/detail/CVE-2026-39907) | 7.0 | HIGH | CWE-73 | No | 0.3% | 4.91 | 2026-04-14 | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on... |
| [CVE-2026-39906](https://nvd.nist.gov/vuln/detail/CVE-2026-39906) | 7.0 | HIGH | CWE-441 | No | 0.2% | 4.91 | 2026-04-14 | Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel t... |
| [CVE-2026-35196](https://nvd.nist.gov/vuln/detail/CVE-2026-35196) | 8.8 | HIGH | CWE-78 | No | 0.1% | 6.16 | 2026-04-14 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, an OS Command Injection vulne... |
| [CVE-2026-34631](https://nvd.nist.gov/vuln/detail/CVE-2026-34631) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-04-14 | InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbit... |
| [CVE-2026-34619](https://nvd.nist.gov/vuln/detail/CVE-2026-34619) | 7.7 | HIGH | CWE-22 | No | 0.1% | 5.39 | 2026-04-14 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Dir... |
| [CVE-2026-34602](https://nvd.nist.gov/vuln/detail/CVE-2026-34602) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-04-14 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course_rel_users end... |
| [CVE-2026-34370](https://nvd.nist.gov/vuln/detail/CVE-2026-34370) | 6.5 | MEDIUM | CWE-285 | No | 0.0% | 4.55 | 2026-04-14 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains... |
| [CVE-2026-34213](https://nvd.nist.gov/vuln/detail/CVE-2026-34213) | 5.4 | MEDIUM | CWE-639 | No | 0.0% | 3.78 | 2026-04-14 | Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.7... |
| [CVE-2026-34212](https://nvd.nist.gov/vuln/detail/CVE-2026-34212) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-14 | Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralizati... |
| [CVE-2026-33193](https://nvd.nist.gov/vuln/detail/CVE-2026-33193) | 4.6 | MEDIUM | CWE-79 | No | 0.0% | 3.22 | 2026-04-14 | Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a store... |
| [CVE-2026-33146](https://nvd.nist.gov/vuln/detail/CVE-2026-33146) | 4.3 | MEDIUM | CWE-285 | No | 0.0% | 3.01 | 2026-04-14 | Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions... |
| [CVE-2026-33019](https://nvd.nist.gov/vuln/detail/CVE-2026-33019) | 7.1 | HIGH | CWE-125 | No | 0.0% | 4.97 | 2026-04-14 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integ... |
| [CVE-2026-33018](https://nvd.nist.gov/vuln/detail/CVE-2026-33018) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-14 | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-Af... |
| [CVE-2026-27308](https://nvd.nist.gov/vuln/detail/CVE-2026-27308) | 2.4 | LOW | CWE-400 | No | 0.0% | 1.68 | 2026-04-14 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that... |
| [CVE-2026-27307](https://nvd.nist.gov/vuln/detail/CVE-2026-27307) | 2.4 | LOW | CWE-400 | No | 0.0% | 1.68 | 2026-04-14 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that... |
| [CVE-2026-27306](https://nvd.nist.gov/vuln/detail/CVE-2026-27306) | 8.4 | HIGH | CWE-20 | No | 0.0% | 5.88 | 2026-04-14 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could re... |
| [CVE-2026-27305](https://nvd.nist.gov/vuln/detail/CVE-2026-27305) | 8.6 | HIGH | CWE-22 | No | 0.1% | 6.02 | 2026-04-14 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Dir... |
| [CVE-2026-27304](https://nvd.nist.gov/vuln/detail/CVE-2026-27304) | 9.3 | CRITICAL | CWE-20 | No | 0.0% | 6.51 | 2026-04-14 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could re... |
| [CVE-2026-27282](https://nvd.nist.gov/vuln/detail/CVE-2026-27282) | 7.5 | HIGH | CWE-20 | No | 0.2% | 5.26 | 2026-04-14 | ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could re... |
| [CVE-2025-15565](https://nvd.nist.gov/vuln/detail/CVE-2025-15565) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-14 | The Nexi XPay plugin for WordPress is vulnerable to unauthorized modification of data due to missing authorization check... |
| [CVE-2026-34161](https://nvd.nist.gov/vuln/detail/CVE-2026-34161) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-14 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting... |
| [CVE-2026-34160](https://nvd.nist.gov/vuln/detail/CVE-2026-34160) | 8.6 | HIGH | CWE-306 | No | 0.1% | 6.02 | 2026-04-14 | Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange No... |
| [CVE-2026-33715](https://nvd.nist.gov/vuln/detail/CVE-2026-33715) | 7.2 | HIGH | CWE-306 | No | 0.1% | 5.04 | 2026-04-14 | Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.aja... |
| [CVE-2026-33714](https://nvd.nist.gov/vuln/detail/CVE-2026-33714) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-04-14 | Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in... |
| [CVE-2026-27287](https://nvd.nist.gov/vuln/detail/CVE-2026-27287) | 7.8 | HIGH | CWE-125 | No | 0.0% | 5.46 | 2026-04-14 | InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file... |
| [CVE-2026-25133](https://nvd.nist.gov/vuln/detail/CVE-2026-25133) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-14 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cros... |
| [CVE-2026-25125](https://nvd.nist.gov/vuln/detail/CVE-2026-25125) | 4.9 | MEDIUM | CWE-94 | No | 0.0% | 3.43 | 2026-04-14 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side... |
| [CVE-2026-24893](https://nvd.nist.gov/vuln/detail/CVE-2026-24893) | 8.8 | HIGH | CWE-20 | No | 0.3% | 6.17 | 2026-04-14 | openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition... |
| [CVE-2026-40683](https://nvd.nist.gov/vuln/detail/CVE-2026-40683) | 7.7 | HIGH | CWE-843 | No | 0.0% | 5.39 | 2026-04-14 | In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean... |
| [CVE-2026-34630](https://nvd.nist.gov/vuln/detail/CVE-2026-34630) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-14 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result... |
| [CVE-2026-34618](https://nvd.nist.gov/vuln/detail/CVE-2026-34618) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-04-14 | Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in... |
| [CVE-2026-27313](https://nvd.nist.gov/vuln/detail/CVE-2026-27313) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-14 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result... |
| [CVE-2026-27312](https://nvd.nist.gov/vuln/detail/CVE-2026-27312) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-14 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result... |
| [CVE-2026-27311](https://nvd.nist.gov/vuln/detail/CVE-2026-27311) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-14 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result... |
| [CVE-2026-27310](https://nvd.nist.gov/vuln/detail/CVE-2026-27310) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-14 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result... |
| [CVE-2026-27289](https://nvd.nist.gov/vuln/detail/CVE-2026-27289) | 7.8 | HIGH | CWE-125 | No | 0.0% | 5.46 | 2026-04-14 | Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted f... |
| [CVE-2026-27222](https://nvd.nist.gov/vuln/detail/CVE-2026-27222) | 5.5 | MEDIUM | CWE-369 | No | 0.0% | 3.85 | 2026-04-14 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application... |
| [CVE-2026-34625](https://nvd.nist.gov/vuln/detail/CVE-2026-34625) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-14 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vuln... |
| [CVE-2026-34624](https://nvd.nist.gov/vuln/detail/CVE-2026-34624) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-14 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vuln... |
| [CVE-2026-34623](https://nvd.nist.gov/vuln/detail/CVE-2026-34623) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-14 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vuln... |
| [CVE-2026-5756](https://nvd.nist.gov/vuln/detail/CVE-2026-5756) | 0.0 | NONE | N/A | No | 0.0% | 0.00 | 2026-04-14 | Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to... |
| [CVE-2026-5754](https://nvd.nist.gov/vuln/detail/CVE-2026-5754) | 0.0 | NONE | N/A | No | 0.0% | 0.00 | 2026-04-14 | Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to i... |
| [CVE-2026-5752](https://nvd.nist.gov/vuln/detail/CVE-2026-5752) | 9.3 | CRITICAL | N/A | No | 0.0% | 6.51 | 2026-04-14 | Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via Jav... |
| [CVE-2026-34629](https://nvd.nist.gov/vuln/detail/CVE-2026-34629) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-14 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could... |
| [CVE-2026-34628](https://nvd.nist.gov/vuln/detail/CVE-2026-34628) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-14 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could... |
| [CVE-2026-34627](https://nvd.nist.gov/vuln/detail/CVE-2026-34627) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-14 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could... |
| [CVE-2026-34617](https://nvd.nist.gov/vuln/detail/CVE-2026-34617) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-04-14 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could r... |
| [CVE-2026-34615](https://nvd.nist.gov/vuln/detail/CVE-2026-34615) | 9.3 | CRITICAL | CWE-502 | No | 1.4% | 6.55 | 2026-04-14 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that... |
| [CVE-2026-34614](https://nvd.nist.gov/vuln/detail/CVE-2026-34614) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-04-14 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. I... |
| [CVE-2026-33829](https://nvd.nist.gov/vuln/detail/CVE-2026-33829) | 4.3 | MEDIUM | CWE-200 | No | 0.1% | 3.01 | 2026-04-14 | Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to p... |
| [CVE-2026-33827](https://nvd.nist.gov/vuln/detail/CVE-2026-33827) | 8.1 | HIGH | CWE-362 | No | 0.1% | 5.67 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an... |
| [CVE-2026-33826](https://nvd.nist.gov/vuln/detail/CVE-2026-33826) | 8.0 | HIGH | CWE-20 | No | 0.4% | 5.61 | 2026-04-14 | Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent net... |
| [CVE-2026-33825](https://nvd.nist.gov/vuln/detail/CVE-2026-33825) | 7.8 | HIGH | CWE-1220 | No | 0.0% | 5.46 | 2026-04-14 | Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges loc... |
| [CVE-2026-33824](https://nvd.nist.gov/vuln/detail/CVE-2026-33824) | 9.8 | CRITICAL | CWE-415 | No | 0.1% | 6.86 | 2026-04-14 | Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. |
| [CVE-2026-33822](https://nvd.nist.gov/vuln/detail/CVE-2026-33822) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-04-14 | Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
| [CVE-2026-33120](https://nvd.nist.gov/vuln/detail/CVE-2026-33120) | 8.8 | HIGH | CWE-822 | No | 0.1% | 6.16 | 2026-04-14 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. |
| [CVE-2026-33116](https://nvd.nist.gov/vuln/detail/CVE-2026-33116) | 7.5 | HIGH | CWE-20 | No | 0.9% | 5.28 | 2026-04-14 | Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized att... |
| [CVE-2026-33115](https://nvd.nist.gov/vuln/detail/CVE-2026-33115) | 8.4 | HIGH | CWE-416 | No | 0.0% | 5.88 | 2026-04-14 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| [CVE-2026-33114](https://nvd.nist.gov/vuln/detail/CVE-2026-33114) | 8.4 | HIGH | CWE-822 | No | 0.0% | 5.88 | 2026-04-14 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| [CVE-2026-33104](https://nvd.nist.gov/vuln/detail/CVE-2026-33104) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX all... |
| [CVE-2026-33103](https://nvd.nist.gov/vuln/detail/CVE-2026-33103) | 5.5 | MEDIUM | CWE-284 | No | 0.0% | 3.85 | 2026-04-14 | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information lo... |
| [CVE-2026-33101](https://nvd.nist.gov/vuln/detail/CVE-2026-33101) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-33100](https://nvd.nist.gov/vuln/detail/CVE-2026-33100) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-14 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca... |
| [CVE-2026-33099](https://nvd.nist.gov/vuln/detail/CVE-2026-33099) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-14 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca... |
| [CVE-2026-33098](https://nvd.nist.gov/vuln/detail/CVE-2026-33098) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges local... |
| [CVE-2026-33096](https://nvd.nist.gov/vuln/detail/CVE-2026-33096) | 7.5 | HIGH | CWE-125 | No | 0.1% | 5.25 | 2026-04-14 | Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. |
| [CVE-2026-33095](https://nvd.nist.gov/vuln/detail/CVE-2026-33095) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-04-14 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| [CVE-2026-32226](https://nvd.nist.gov/vuln/detail/CVE-2026-32226) | 5.9 | MEDIUM | CWE-362 | No | 0.1% | 4.13 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an... |
| [CVE-2026-32225](https://nvd.nist.gov/vuln/detail/CVE-2026-32225) | 8.8 | HIGH | CWE-693 | No | 0.1% | 6.16 | 2026-04-14 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a networ... |
| [CVE-2026-32224](https://nvd.nist.gov/vuln/detail/CVE-2026-32224) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-14 | Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32223](https://nvd.nist.gov/vuln/detail/CVE-2026-32223) | 6.8 | MEDIUM | CWE-122 | No | 0.1% | 4.76 | 2026-04-14 | Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a phys... |
| [CVE-2026-32222](https://nvd.nist.gov/vuln/detail/CVE-2026-32222) | 7.8 | HIGH | CWE-822 | No | 0.0% | 5.46 | 2026-04-14 | Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32221](https://nvd.nist.gov/vuln/detail/CVE-2026-32221) | 8.4 | HIGH | CWE-122 | No | 0.0% | 5.88 | 2026-04-14 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. |
| [CVE-2026-32220](https://nvd.nist.gov/vuln/detail/CVE-2026-32220) | 4.4 | MEDIUM | CWE-284 | No | 0.0% | 3.08 | 2026-04-14 | Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a... |
| [CVE-2026-32219](https://nvd.nist.gov/vuln/detail/CVE-2026-32219) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32218](https://nvd.nist.gov/vuln/detail/CVE-2026-32218) | 5.5 | MEDIUM | CWE-532 | No | 0.1% | 3.85 | 2026-04-14 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information... |
| [CVE-2026-32217](https://nvd.nist.gov/vuln/detail/CVE-2026-32217) | 5.5 | MEDIUM | CWE-532 | No | 0.1% | 3.85 | 2026-04-14 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information... |
| [CVE-2026-32216](https://nvd.nist.gov/vuln/detail/CVE-2026-32216) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-04-14 | Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally. |
| [CVE-2026-32215](https://nvd.nist.gov/vuln/detail/CVE-2026-32215) | 5.5 | MEDIUM | CWE-532 | No | 0.1% | 3.85 | 2026-04-14 | Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information... |
| [CVE-2026-32214](https://nvd.nist.gov/vuln/detail/CVE-2026-32214) | 5.5 | MEDIUM | CWE-284 | No | 0.0% | 3.85 | 2026-04-14 | Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information loca... |
| [CVE-2026-32212](https://nvd.nist.gov/vuln/detail/CVE-2026-32212) | 5.5 | MEDIUM | CWE-59 | No | 0.0% | 3.85 | 2026-04-14 | Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorize... |
| [CVE-2026-32203](https://nvd.nist.gov/vuln/detail/CVE-2026-32203) | 7.5 | HIGH | CWE-20 | No | 0.1% | 5.25 | 2026-04-14 | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. |
| [CVE-2026-32202](https://nvd.nist.gov/vuln/detail/CVE-2026-32202) | 4.3 | MEDIUM | CWE-693 | No | 0.1% | 3.01 | 2026-04-14 | Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network. |
| [CVE-2026-32201](https://nvd.nist.gov/vuln/detail/CVE-2026-32201) | 6.5 | MEDIUM | CWE-20 | Yes | 1.2% | 4.59 | 2026-04-14 | Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a netw... |
| [CVE-2026-32200](https://nvd.nist.gov/vuln/detail/CVE-2026-32200) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-04-14 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. |
| [CVE-2026-32199](https://nvd.nist.gov/vuln/detail/CVE-2026-32199) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-04-14 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| [CVE-2026-32198](https://nvd.nist.gov/vuln/detail/CVE-2026-32198) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-04-14 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| [CVE-2026-32197](https://nvd.nist.gov/vuln/detail/CVE-2026-32197) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-04-14 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| [CVE-2026-32196](https://nvd.nist.gov/vuln/detail/CVE-2026-32196) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-14 | Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an u... |
| [CVE-2026-32195](https://nvd.nist.gov/vuln/detail/CVE-2026-32195) | 7.0 | HIGH | CWE-121 | No | 0.0% | 4.90 | 2026-04-14 | Stack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32192](https://nvd.nist.gov/vuln/detail/CVE-2026-32192) | 7.8 | HIGH | CWE-502 | No | 0.4% | 5.47 | 2026-04-14 | Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32190](https://nvd.nist.gov/vuln/detail/CVE-2026-32190) | 8.4 | HIGH | CWE-416 | No | 0.0% | 5.88 | 2026-04-14 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
| [CVE-2026-32189](https://nvd.nist.gov/vuln/detail/CVE-2026-32189) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-04-14 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| [CVE-2026-32188](https://nvd.nist.gov/vuln/detail/CVE-2026-32188) | 7.1 | HIGH | CWE-125 | No | 0.1% | 4.97 | 2026-04-14 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| [CVE-2026-32184](https://nvd.nist.gov/vuln/detail/CVE-2026-32184) | 7.8 | HIGH | CWE-502 | No | 0.4% | 5.47 | 2026-04-14 | Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elev... |
| [CVE-2026-32183](https://nvd.nist.gov/vuln/detail/CVE-2026-32183) | 7.8 | HIGH | CWE-77 | No | 0.1% | 5.46 | 2026-04-14 | Improper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an u... |
| [CVE-2026-32181](https://nvd.nist.gov/vuln/detail/CVE-2026-32181) | 5.5 | MEDIUM | CWE-269 | No | 0.0% | 3.85 | 2026-04-14 | Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. |
| [CVE-2026-32178](https://nvd.nist.gov/vuln/detail/CVE-2026-32178) | 7.5 | HIGH | CWE-138 | No | 0.1% | 5.25 | 2026-04-14 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. |
| [CVE-2026-32176](https://nvd.nist.gov/vuln/detail/CVE-2026-32176) | 6.7 | MEDIUM | CWE-89 | No | 0.1% | 4.69 | 2026-04-14 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized... |
| [CVE-2026-32171](https://nvd.nist.gov/vuln/detail/CVE-2026-32171) | 8.8 | HIGH | CWE-522 | No | 0.1% | 6.16 | 2026-04-14 | Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a netw... |
| [CVE-2026-32168](https://nvd.nist.gov/vuln/detail/CVE-2026-32168) | 7.8 | HIGH | CWE-20 | No | 0.1% | 5.46 | 2026-04-14 | Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32167](https://nvd.nist.gov/vuln/detail/CVE-2026-32167) | 6.7 | MEDIUM | CWE-89 | No | 0.1% | 4.69 | 2026-04-14 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized... |
| [CVE-2026-32165](https://nvd.nist.gov/vuln/detail/CVE-2026-32165) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32164](https://nvd.nist.gov/vuln/detail/CVE-2026-32164) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Co... |
| [CVE-2026-32163](https://nvd.nist.gov/vuln/detail/CVE-2026-32163) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Co... |
| [CVE-2026-32162](https://nvd.nist.gov/vuln/detail/CVE-2026-32162) | 8.4 | HIGH | CWE-349 | No | 0.0% | 5.88 | 2026-04-14 | Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate priv... |
| [CVE-2026-32160](https://nvd.nist.gov/vuln/detail/CVE-2026-32160) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notification... |
| [CVE-2026-32159](https://nvd.nist.gov/vuln/detail/CVE-2026-32159) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notification... |
| [CVE-2026-32158](https://nvd.nist.gov/vuln/detail/CVE-2026-32158) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notification... |
| [CVE-2026-32157](https://nvd.nist.gov/vuln/detail/CVE-2026-32157) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-14 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| [CVE-2026-32156](https://nvd.nist.gov/vuln/detail/CVE-2026-32156) | 7.4 | HIGH | CWE-416 | No | 0.0% | 5.18 | 2026-04-14 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code loc... |
| [CVE-2026-32155](https://nvd.nist.gov/vuln/detail/CVE-2026-32155) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32154](https://nvd.nist.gov/vuln/detail/CVE-2026-32154) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32153](https://nvd.nist.gov/vuln/detail/CVE-2026-32153) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32152](https://nvd.nist.gov/vuln/detail/CVE-2026-32152) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32151](https://nvd.nist.gov/vuln/detail/CVE-2026-32151) | 6.5 | MEDIUM | CWE-200 | No | 0.1% | 4.55 | 2026-04-14 | Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose in... |
| [CVE-2026-32150](https://nvd.nist.gov/vuln/detail/CVE-2026-32150) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Servic... |
| [CVE-2026-32149](https://nvd.nist.gov/vuln/detail/CVE-2026-32149) | 7.3 | HIGH | CWE-20 | No | 0.1% | 5.11 | 2026-04-14 | Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally. |
| [CVE-2026-32093](https://nvd.nist.gov/vuln/detail/CVE-2026-32093) | 7.0 | HIGH | CWE-122 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Servic... |
| [CVE-2026-32091](https://nvd.nist.gov/vuln/detail/CVE-2026-32091) | 8.4 | HIGH | CWE-362 | No | 0.0% | 5.88 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File... |
| [CVE-2026-32090](https://nvd.nist.gov/vuln/detail/CVE-2026-32090) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered A... |
| [CVE-2026-32089](https://nvd.nist.gov/vuln/detail/CVE-2026-32089) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32088](https://nvd.nist.gov/vuln/detail/CVE-2026-32088) | 6.1 | MEDIUM | CWE-362 | No | 0.0% | 4.27 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service... |
| [CVE-2026-32087](https://nvd.nist.gov/vuln/detail/CVE-2026-32087) | 7.0 | HIGH | CWE-122 | No | 0.0% | 4.90 | 2026-04-14 | Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges... |
| [CVE-2026-32086](https://nvd.nist.gov/vuln/detail/CVE-2026-32086) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Servic... |
| [CVE-2026-32085](https://nvd.nist.gov/vuln/detail/CVE-2026-32085) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-14 | Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacke... |
| [CVE-2026-32084](https://nvd.nist.gov/vuln/detail/CVE-2026-32084) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-14 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis... |
| [CVE-2026-32083](https://nvd.nist.gov/vuln/detail/CVE-2026-32083) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allo... |
| [CVE-2026-32082](https://nvd.nist.gov/vuln/detail/CVE-2026-32082) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allo... |
| [CVE-2026-32081](https://nvd.nist.gov/vuln/detail/CVE-2026-32081) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-14 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis... |
| [CVE-2026-32080](https://nvd.nist.gov/vuln/detail/CVE-2026-32080) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-14 | Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32079](https://nvd.nist.gov/vuln/detail/CVE-2026-32079) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-14 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to dis... |
| [CVE-2026-32078](https://nvd.nist.gov/vuln/detail/CVE-2026-32078) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32077](https://nvd.nist.gov/vuln/detail/CVE-2026-32077) | 7.8 | HIGH | CWE-822 | No | 0.0% | 5.46 | 2026-04-14 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to ele... |
| [CVE-2026-32076](https://nvd.nist.gov/vuln/detail/CVE-2026-32076) | 7.8 | HIGH | CWE-125 | No | 0.0% | 5.46 | 2026-04-14 | Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32075](https://nvd.nist.gov/vuln/detail/CVE-2026-32075) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-14 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges... |
| [CVE-2026-32074](https://nvd.nist.gov/vuln/detail/CVE-2026-32074) | 7.8 | HIGH | CWE-415 | No | 0.0% | 5.46 | 2026-04-14 | Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32073](https://nvd.nist.gov/vuln/detail/CVE-2026-32073) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-14 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca... |
| [CVE-2026-32072](https://nvd.nist.gov/vuln/detail/CVE-2026-32072) | 6.2 | MEDIUM | CWE-287 | No | 0.0% | 4.34 | 2026-04-14 | Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally. |
| [CVE-2026-32071](https://nvd.nist.gov/vuln/detail/CVE-2026-32071) | 7.5 | HIGH | CWE-476 | No | 0.1% | 5.25 | 2026-04-14 | Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker t... |
| [CVE-2026-32070](https://nvd.nist.gov/vuln/detail/CVE-2026-32070) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-14 | Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32069](https://nvd.nist.gov/vuln/detail/CVE-2026-32069) | 7.8 | HIGH | CWE-415 | No | 0.0% | 5.46 | 2026-04-14 | Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-32068](https://nvd.nist.gov/vuln/detail/CVE-2026-32068) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allo... |
| [CVE-2026-27931](https://nvd.nist.gov/vuln/detail/CVE-2026-27931) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-04-14 | Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. |
| [CVE-2026-27930](https://nvd.nist.gov/vuln/detail/CVE-2026-27930) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-04-14 | Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. |
| [CVE-2026-27929](https://nvd.nist.gov/vuln/detail/CVE-2026-27929) | 7.0 | HIGH | CWE-367 | No | 0.0% | 4.90 | 2026-04-14 | Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges l... |
| [CVE-2026-27928](https://nvd.nist.gov/vuln/detail/CVE-2026-27928) | 8.7 | HIGH | CWE-20 | No | 0.1% | 6.09 | 2026-04-14 | Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network. |
| [CVE-2026-27927](https://nvd.nist.gov/vuln/detail/CVE-2026-27927) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File Sy... |
| [CVE-2026-27926](https://nvd.nist.gov/vuln/detail/CVE-2026-27926) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini... |
| [CVE-2026-27925](https://nvd.nist.gov/vuln/detail/CVE-2026-27925) | 6.5 | MEDIUM | CWE-416 | No | 0.1% | 4.55 | 2026-04-14 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose informa... |
| [CVE-2026-27924](https://nvd.nist.gov/vuln/detail/CVE-2026-27924) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-27923](https://nvd.nist.gov/vuln/detail/CVE-2026-27923) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-27922](https://nvd.nist.gov/vuln/detail/CVE-2026-27922) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-14 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca... |
| [CVE-2026-27921](https://nvd.nist.gov/vuln/detail/CVE-2026-27921) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an... |
| [CVE-2026-27920](https://nvd.nist.gov/vuln/detail/CVE-2026-27920) | 7.8 | HIGH | CWE-822 | No | 0.0% | 5.46 | 2026-04-14 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to ele... |
| [CVE-2026-27919](https://nvd.nist.gov/vuln/detail/CVE-2026-27919) | 7.8 | HIGH | CWE-822 | No | 0.0% | 5.46 | 2026-04-14 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to ele... |
| [CVE-2026-27918](https://nvd.nist.gov/vuln/detail/CVE-2026-27918) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an a... |
| [CVE-2026-27917](https://nvd.nist.gov/vuln/detail/CVE-2026-27917) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-14 | Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate priv... |
| [CVE-2026-27916](https://nvd.nist.gov/vuln/detail/CVE-2026-27916) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges... |
| [CVE-2026-27915](https://nvd.nist.gov/vuln/detail/CVE-2026-27915) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges... |
| [CVE-2026-27914](https://nvd.nist.gov/vuln/detail/CVE-2026-27914) | 7.8 | HIGH | CWE-284 | No | 0.1% | 5.46 | 2026-04-14 | Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-27913](https://nvd.nist.gov/vuln/detail/CVE-2026-27913) | 7.7 | HIGH | CWE-20 | No | 0.1% | 5.39 | 2026-04-14 | Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. |
| [CVE-2026-27912](https://nvd.nist.gov/vuln/detail/CVE-2026-27912) | 8.0 | HIGH | CWE-285 | No | 0.2% | 5.61 | 2026-04-14 | Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. |
| [CVE-2026-27911](https://nvd.nist.gov/vuln/detail/CVE-2026-27911) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Co... |
| [CVE-2026-27910](https://nvd.nist.gov/vuln/detail/CVE-2026-27910) | 7.8 | HIGH | CWE-280 | No | 0.0% | 5.46 | 2026-04-14 | Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevat... |
| [CVE-2026-27909](https://nvd.nist.gov/vuln/detail/CVE-2026-27909) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-04-14 | Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-27908](https://nvd.nist.gov/vuln/detail/CVE-2026-27908) | 7.0 | HIGH | CWE-416 | No | 0.1% | 4.90 | 2026-04-14 | Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-27907](https://nvd.nist.gov/vuln/detail/CVE-2026-27907) | 7.8 | HIGH | CWE-191 | No | 0.1% | 5.46 | 2026-04-14 | Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate pri... |
| [CVE-2026-27906](https://nvd.nist.gov/vuln/detail/CVE-2026-27906) | 4.4 | MEDIUM | CWE-20 | No | 0.1% | 3.08 | 2026-04-14 | Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally. |
| [CVE-2026-27303](https://nvd.nist.gov/vuln/detail/CVE-2026-27303) | 9.6 | CRITICAL | CWE-502 | No | 1.5% | 6.77 | 2026-04-14 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that... |
| [CVE-2026-27288](https://nvd.nist.gov/vuln/detail/CVE-2026-27288) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-14 | Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vuln... |
| [CVE-2026-27258](https://nvd.nist.gov/vuln/detail/CVE-2026-27258) | 5.5 | MEDIUM | CWE-787 | No | 0.0% | 3.85 | 2026-04-14 | DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to applicat... |
| [CVE-2026-27246](https://nvd.nist.gov/vuln/detail/CVE-2026-27246) | 9.3 | CRITICAL | CWE-79 | No | 0.1% | 6.51 | 2026-04-14 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. A... |
| [CVE-2026-27245](https://nvd.nist.gov/vuln/detail/CVE-2026-27245) | 9.3 | CRITICAL | CWE-79 | No | 0.1% | 6.51 | 2026-04-14 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. I... |
| [CVE-2026-27243](https://nvd.nist.gov/vuln/detail/CVE-2026-27243) | 9.3 | CRITICAL | CWE-79 | No | 0.1% | 6.51 | 2026-04-14 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. I... |
| [CVE-2026-26184](https://nvd.nist.gov/vuln/detail/CVE-2026-26184) | 7.8 | HIGH | CWE-126 | No | 0.1% | 5.46 | 2026-04-14 | Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26183](https://nvd.nist.gov/vuln/detail/CVE-2026-26183) | 7.8 | HIGH | CWE-284 | No | 0.1% | 5.46 | 2026-04-14 | Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26182](https://nvd.nist.gov/vuln/detail/CVE-2026-26182) | 7.0 | HIGH | CWE-416 | No | 0.1% | 4.90 | 2026-04-14 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca... |
| [CVE-2026-26181](https://nvd.nist.gov/vuln/detail/CVE-2026-26181) | 7.8 | HIGH | CWE-362 | No | 0.1% | 5.46 | 2026-04-14 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26180](https://nvd.nist.gov/vuln/detail/CVE-2026-26180) | 7.8 | HIGH | CWE-122 | No | 0.1% | 5.46 | 2026-04-14 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26179](https://nvd.nist.gov/vuln/detail/CVE-2026-26179) | 7.8 | HIGH | CWE-415 | No | 0.1% | 5.46 | 2026-04-14 | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26178](https://nvd.nist.gov/vuln/detail/CVE-2026-26178) | 8.8 | HIGH | CWE-190 | No | 0.2% | 6.17 | 2026-04-14 | Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate pri... |
| [CVE-2026-26177](https://nvd.nist.gov/vuln/detail/CVE-2026-26177) | 7.0 | HIGH | CWE-416 | No | 0.1% | 4.90 | 2026-04-14 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges loca... |
| [CVE-2026-26176](https://nvd.nist.gov/vuln/detail/CVE-2026-26176) | 7.8 | HIGH | CWE-122 | No | 0.1% | 5.46 | 2026-04-14 | Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate priv... |
| [CVE-2026-26175](https://nvd.nist.gov/vuln/detail/CVE-2026-26175) | 4.6 | MEDIUM | CWE-908 | No | 0.2% | 3.22 | 2026-04-14 | Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with... |
| [CVE-2026-26174](https://nvd.nist.gov/vuln/detail/CVE-2026-26174) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Ser... |
| [CVE-2026-26173](https://nvd.nist.gov/vuln/detail/CVE-2026-26173) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Functio... |
| [CVE-2026-26172](https://nvd.nist.gov/vuln/detail/CVE-2026-26172) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notification... |
| [CVE-2026-26171](https://nvd.nist.gov/vuln/detail/CVE-2026-26171) | 7.5 | HIGH | CWE-400 | No | 0.6% | 5.27 | 2026-04-14 | Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. |
| [CVE-2026-26170](https://nvd.nist.gov/vuln/detail/CVE-2026-26170) | 7.8 | HIGH | CWE-20 | No | 0.1% | 5.46 | 2026-04-14 | Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26169](https://nvd.nist.gov/vuln/detail/CVE-2026-26169) | 6.1 | MEDIUM | CWE-126 | No | 0.1% | 4.27 | 2026-04-14 | Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. |
| [CVE-2026-26168](https://nvd.nist.gov/vuln/detail/CVE-2026-26168) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Functio... |
| [CVE-2026-26167](https://nvd.nist.gov/vuln/detail/CVE-2026-26167) | 8.8 | HIGH | CWE-362 | No | 0.1% | 6.16 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notification... |
| [CVE-2026-26166](https://nvd.nist.gov/vuln/detail/CVE-2026-26166) | 7.0 | HIGH | CWE-415 | No | 0.1% | 4.90 | 2026-04-14 | Double free in Windows Shell allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26165](https://nvd.nist.gov/vuln/detail/CVE-2026-26165) | 7.0 | HIGH | CWE-416 | No | 0.1% | 4.90 | 2026-04-14 | Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26163](https://nvd.nist.gov/vuln/detail/CVE-2026-26163) | 7.8 | HIGH | CWE-415 | No | 0.1% | 5.46 | 2026-04-14 | Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26162](https://nvd.nist.gov/vuln/detail/CVE-2026-26162) | 7.8 | HIGH | CWE-843 | No | 0.1% | 5.46 | 2026-04-14 | Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate pr... |
| [CVE-2026-26161](https://nvd.nist.gov/vuln/detail/CVE-2026-26161) | 7.8 | HIGH | CWE-20 | No | 0.1% | 5.46 | 2026-04-14 | Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally... |
| [CVE-2026-26160](https://nvd.nist.gov/vuln/detail/CVE-2026-26160) | 7.8 | HIGH | CWE-306 | No | 0.1% | 5.46 | 2026-04-14 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker t... |
| [CVE-2026-26159](https://nvd.nist.gov/vuln/detail/CVE-2026-26159) | 7.8 | HIGH | CWE-306 | No | 0.1% | 5.46 | 2026-04-14 | Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker t... |
| [CVE-2026-26156](https://nvd.nist.gov/vuln/detail/CVE-2026-26156) | 7.8 | HIGH | CWE-20 | No | 0.1% | 5.46 | 2026-04-14 | Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. |
| [CVE-2026-26155](https://nvd.nist.gov/vuln/detail/CVE-2026-26155) | 6.5 | MEDIUM | CWE-126 | No | 0.1% | 4.55 | 2026-04-14 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
| [CVE-2026-26154](https://nvd.nist.gov/vuln/detail/CVE-2026-26154) | 7.5 | HIGH | CWE-20 | No | 0.2% | 5.25 | 2026-04-14 | Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a n... |
| [CVE-2026-26153](https://nvd.nist.gov/vuln/detail/CVE-2026-26153) | 7.8 | HIGH | CWE-125 | No | 0.1% | 5.46 | 2026-04-14 | Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. |
| [CVE-2026-26152](https://nvd.nist.gov/vuln/detail/CVE-2026-26152) | 7.0 | HIGH | CWE-922 | No | 0.1% | 4.90 | 2026-04-14 | Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate pri... |
| [CVE-2026-26151](https://nvd.nist.gov/vuln/detail/CVE-2026-26151) | 7.1 | HIGH | CWE-357 | No | 0.1% | 4.97 | 2026-04-14 | Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spo... |
| [CVE-2026-26149](https://nvd.nist.gov/vuln/detail/CVE-2026-26149) | 9.0 | CRITICAL | CWE-150 | No | 0.1% | 6.30 | 2026-04-14 | Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to b... |
| [CVE-2026-26143](https://nvd.nist.gov/vuln/detail/CVE-2026-26143) | 7.8 | HIGH | CWE-20 | No | 0.1% | 5.46 | 2026-04-14 | Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. |
| [CVE-2026-25184](https://nvd.nist.gov/vuln/detail/CVE-2026-25184) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (... |
| [CVE-2026-24907](https://nvd.nist.gov/vuln/detail/CVE-2026-24907) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-04-14 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cros... |
| [CVE-2026-24906](https://nvd.nist.gov/vuln/detail/CVE-2026-24906) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-04-14 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cros... |
| [CVE-2026-23670](https://nvd.nist.gov/vuln/detail/CVE-2026-23670) | 5.7 | MEDIUM | CWE-822 | No | 0.1% | 3.99 | 2026-04-14 | Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to by... |
| [CVE-2026-23666](https://nvd.nist.gov/vuln/detail/CVE-2026-23666) | 7.5 | HIGH | CWE-755 | No | 0.1% | 5.25 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an... |
| [CVE-2026-23657](https://nvd.nist.gov/vuln/detail/CVE-2026-23657) | 7.8 | HIGH | CWE-416 | No | 0.1% | 5.46 | 2026-04-14 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| [CVE-2026-23653](https://nvd.nist.gov/vuln/detail/CVE-2026-23653) | 5.7 | MEDIUM | CWE-77 | No | 0.1% | 3.99 | 2026-04-14 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio... |
| [CVE-2026-21331](https://nvd.nist.gov/vuln/detail/CVE-2026-21331) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-04-14 | Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. I... |
| [CVE-2026-20945](https://nvd.nist.gov/vuln/detail/CVE-2026-20945) | 4.6 | MEDIUM | CWE-79 | No | 0.1% | 3.22 | 2026-04-14 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allo... |
| [CVE-2026-20930](https://nvd.nist.gov/vuln/detail/CVE-2026-20930) | 7.8 | HIGH | CWE-362 | No | 0.0% | 5.46 | 2026-04-14 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Servic... |
| [CVE-2026-20928](https://nvd.nist.gov/vuln/detail/CVE-2026-20928) | 4.6 | MEDIUM | CWE-212 | No | 0.2% | 3.22 | 2026-04-14 | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an una... |
| [CVE-2026-20806](https://nvd.nist.gov/vuln/detail/CVE-2026-20806) | 5.5 | MEDIUM | CWE-843 | No | 0.1% | 3.85 | 2026-04-14 | Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose i... |
| [CVE-2026-0390](https://nvd.nist.gov/vuln/detail/CVE-2026-0390) | 6.7 | MEDIUM | CWE-807 | No | 0.1% | 4.69 | 2026-04-14 | Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a sec... |
| [CVE-2026-0209](https://nvd.nist.gov/vuln/detail/CVE-2026-0209) | 6.9 | MEDIUM | CWE-783 | No | 0.0% | 4.83 | 2026-04-14 | Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than c... |
| [CVE-2026-0207](https://nvd.nist.gov/vuln/detail/CVE-2026-0207) | 8.5 | HIGH | CWE-532 | No | 0.0% | 5.95 | 2026-04-14 | A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions. |
| [CVE-2025-70023](https://nvd.nist.gov/vuln/detail/CVE-2025-70023) | 0.0 | NONE | N/A | No | 0.0% | 0.00 | 2026-04-14 | An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6. |
| [CVE-2026-34626](https://nvd.nist.gov/vuln/detail/CVE-2026-34626) | 6.3 | MEDIUM | CWE-1321 | No | 0.0% | 4.41 | 2026-04-14 | Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Mo... |
| [CVE-2026-34622](https://nvd.nist.gov/vuln/detail/CVE-2026-34622) | 8.6 | HIGH | CWE-1321 | No | 0.1% | 6.02 | 2026-04-14 | Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Mo... |
| [CVE-2026-27291](https://nvd.nist.gov/vuln/detail/CVE-2026-27291) | 7.8 | HIGH | CWE-787 | No | 0.0% | 5.46 | 2026-04-14 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could resul... |
| [CVE-2026-27286](https://nvd.nist.gov/vuln/detail/CVE-2026-27286) | 5.5 | MEDIUM | CWE-122 | No | 0.0% | 3.85 | 2026-04-14 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could... |
| [CVE-2026-27285](https://nvd.nist.gov/vuln/detail/CVE-2026-27285) | 5.5 | MEDIUM | CWE-122 | No | 0.0% | 3.85 | 2026-04-14 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could... |
| [CVE-2026-27284](https://nvd.nist.gov/vuln/detail/CVE-2026-27284) | 7.8 | HIGH | CWE-125 | No | 0.0% | 5.46 | 2026-04-14 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a cr... |
| [CVE-2026-27283](https://nvd.nist.gov/vuln/detail/CVE-2026-27283) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-14 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in a... |
| [CVE-2026-27238](https://nvd.nist.gov/vuln/detail/CVE-2026-27238) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-14 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could... |
| [CVE-2026-22692](https://nvd.nist.gov/vuln/detail/CVE-2026-22692) | 4.9 | MEDIUM | CWE-284 | No | 0.0% | 3.43 | 2026-04-14 | October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4... |
| [CVE-2026-5713](https://nvd.nist.gov/vuln/detail/CVE-2026-5713) | 5.3 | MEDIUM | CWE-121 | No | 0.0% | 3.71 | 2026-04-14 | The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" a... |
| [CVE-2026-4832](https://nvd.nist.gov/vuln/detail/CVE-2026-4832) | 6.9 | MEDIUM | CWE-798 | No | 0.1% | 4.83 | 2026-04-14 | CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device info... |
| [CVE-2026-39815](https://nvd.nist.gov/vuln/detail/CVE-2026-39815) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-14 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDD... |
| [CVE-2026-39814](https://nvd.nist.gov/vuln/detail/CVE-2026-39814) | 6.7 | MEDIUM | CWE-23 | No | 0.0% | 4.69 | 2026-04-14 | A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb... |
| [CVE-2026-39813](https://nvd.nist.gov/vuln/detail/CVE-2026-39813) | 9.8 | CRITICAL | CWE-24 | No | 0.1% | 6.86 | 2026-04-14 | A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.... |
| [CVE-2026-39812](https://nvd.nist.gov/vuln/detail/CVE-2026-39812) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-14 | A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSa... |
| [CVE-2026-39811](https://nvd.nist.gov/vuln/detail/CVE-2026-39811) | 4.9 | MEDIUM | CWE-190 | No | 0.1% | 3.43 | 2026-04-14 | A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, F... |
| [CVE-2026-39810](https://nvd.nist.gov/vuln/detail/CVE-2026-39810) | 6.0 | MEDIUM | CWE-321 | No | 0.0% | 4.20 | 2026-04-14 | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to... |
| [CVE-2026-39809](https://nvd.nist.gov/vuln/detail/CVE-2026-39809) | 6.7 | MEDIUM | CWE-89 | No | 0.0% | 4.69 | 2026-04-14 | A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiCl... |
| [CVE-2026-39808](https://nvd.nist.gov/vuln/detail/CVE-2026-39808) | 9.8 | CRITICAL | CWE-78 | No | 0.3% | 6.87 | 2026-04-14 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet F... |
| [CVE-2026-38533](https://nvd.nist.gov/vuln/detail/CVE-2026-38533) | 0.0 | NONE | N/A | No | 0.0% | 0.00 | 2026-04-14 | An improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attac... |
| [CVE-2026-38532](https://nvd.nist.gov/vuln/detail/CVE-2026-38532) | 8.1 | HIGH | CWE-639 | No | 0.0% | 5.67 | 2026-04-14 | A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2... |
| [CVE-2026-38530](https://nvd.nist.gov/vuln/detail/CVE-2026-38530) | 8.1 | HIGH | CWE-639 | No | 0.0% | 5.67 | 2026-04-14 | A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.... |
| [CVE-2026-38529](https://nvd.nist.gov/vuln/detail/CVE-2026-38529) | 8.8 | HIGH | CWE-269 | No | 0.0% | 6.16 | 2026-04-14 | A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allo... |
| [CVE-2026-38528](https://nvd.nist.gov/vuln/detail/CVE-2026-38528) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-04-14 | Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDat... |
| [CVE-2026-38527](https://nvd.nist.gov/vuln/detail/CVE-2026-38527) | 8.5 | HIGH | CWE-918 | No | 0.0% | 5.95 | 2026-04-14 | A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attac... |
| [CVE-2026-38526](https://nvd.nist.gov/vuln/detail/CVE-2026-38526) | 9.9 | CRITICAL | CWE-434 | No | 0.1% | 6.93 | 2026-04-14 | An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a... |
| [CVE-2026-2405](https://nvd.nist.gov/vuln/detail/CVE-2026-2405) | 5.3 | MEDIUM | CWE-400 | No | 0.0% | 3.71 | 2026-04-14 | CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creat... |
| [CVE-2026-2404](https://nvd.nist.gov/vuln/detail/CVE-2026-2404) | 6.9 | MEDIUM | CWE-116 | No | 0.0% | 4.83 | 2026-04-14 | CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when... |
| [CVE-2026-2403](https://nvd.nist.gov/vuln/detail/CVE-2026-2403) | 5.3 | MEDIUM | CWE-1284 | No | 0.1% | 3.71 | 2026-04-14 | CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log tru... |
| [CVE-2026-2402](https://nvd.nist.gov/vuln/detail/CVE-2026-2402) | 6.9 | MEDIUM | CWE-307 | No | 0.1% | 4.83 | 2026-04-14 | CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to g... |
| [CVE-2026-2401](https://nvd.nist.gov/vuln/detail/CVE-2026-2401) | 2.4 | LOW | CWE-532 | No | 0.0% | 1.68 | 2026-04-14 | CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause  confidential information... |
| [CVE-2026-2400](https://nvd.nist.gov/vuln/detail/CVE-2026-2400) | 5.3 | MEDIUM | CWE-93 | No | 0.0% | 3.71 | 2026-04-14 | CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application us... |
| [CVE-2026-2399](https://nvd.nist.gov/vuln/detail/CVE-2026-2399) | 6.9 | MEDIUM | CWE-22 | No | 0.0% | 4.83 | 2026-04-14 | CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could ca... |
| [CVE-2026-27316](https://nvd.nist.gov/vuln/detail/CVE-2026-27316) | 2.7 | LOW | CWE-522 | No | 0.0% | 1.89 | 2026-04-14 | A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all... |
| [CVE-2026-25691](https://nvd.nist.gov/vuln/detail/CVE-2026-25691) | 6.7 | MEDIUM | CWE-22 | No | 0.0% | 4.69 | 2026-04-14 | A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox... |
| [CVE-2026-23708](https://nvd.nist.gov/vuln/detail/CVE-2026-23708) | 7.5 | HIGH | CWE-287 | No | 0.1% | 5.25 | 2026-04-14 | A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5... |
| [CVE-2026-22828](https://nvd.nist.gov/vuln/detail/CVE-2026-22828) | 8.1 | HIGH | CWE-122 | No | 0.1% | 5.67 | 2026-04-14 | A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2... |
| [CVE-2026-22576](https://nvd.nist.gov/vuln/detail/CVE-2026-22576) | 4.3 | MEDIUM | CWE-257 | No | 0.0% | 3.01 | 2026-04-14 | A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS... |
| [CVE-2026-22574](https://nvd.nist.gov/vuln/detail/CVE-2026-22574) | 4.1 | MEDIUM | CWE-257 | No | 0.0% | 2.87 | 2026-04-14 | A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS... |
| [CVE-2026-22573](https://nvd.nist.gov/vuln/detail/CVE-2026-22573) | 6.5 | MEDIUM | CWE-22 | No | 0.1% | 4.55 | 2026-04-14 | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR Pa... |
| [CVE-2026-22155](https://nvd.nist.gov/vuln/detail/CVE-2026-22155) | 6.5 | MEDIUM | CWE-319 | No | 0.0% | 4.55 | 2026-04-14 | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOA... |
| [CVE-2026-22154](https://nvd.nist.gov/vuln/detail/CVE-2026-22154) | 4.6 | MEDIUM | CWE-79 | No | 0.0% | 3.22 | 2026-04-14 | An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiS... |
| [CVE-2026-21742](https://nvd.nist.gov/vuln/detail/CVE-2026-21742) | 5.7 | MEDIUM | CWE-319 | No | 0.0% | 3.99 | 2026-04-14 | A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOA... |
| [CVE-2026-21741](https://nvd.nist.gov/vuln/detail/CVE-2026-21741) | 2.4 | LOW | CWE-601 | No | 0.0% | 1.68 | 2026-04-14 | An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.... |
| [CVE-2025-68649](https://nvd.nist.gov/vuln/detail/CVE-2025-68649) | 6.0 | MEDIUM | CWE-22 | No | 0.0% | 4.20 | 2026-04-14 | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyze... |
| [CVE-2025-65136](https://nvd.nist.gov/vuln/detail/CVE-2025-65136) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-14 | In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php v... |
| [CVE-2025-65135](https://nvd.nist.gov/vuln/detail/CVE-2025-65135) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-04-14 | In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin... |
| [CVE-2025-65134](https://nvd.nist.gov/vuln/detail/CVE-2025-65134) | 0.0 | NONE | N/A | No | 0.0% | 0.00 | 2026-04-14 | In manikandan580 School-management-system 1.0, a reflected cross-site scripting (XSS) vulnerability exists in /studentms... |
| [CVE-2025-65133](https://nvd.nist.gov/vuln/detail/CVE-2025-65133) | 0.0 | NONE | N/A | No | 0.0% | 0.00 | 2026-04-14 | A SQL injection vulnerability exists in the School Management System (version 1.0) by manikandan580. An unauthenticated... |
| [CVE-2025-65132](https://nvd.nist.gov/vuln/detail/CVE-2025-65132) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-14 | alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which a... |
| [CVE-2025-63939](https://nvd.nist.gov/vuln/detail/CVE-2025-63939) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-04-14 | Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, al... |
| [CVE-2025-61886](https://nvd.nist.gov/vuln/detail/CVE-2025-61886) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-14 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerabi... |
| [CVE-2025-61848](https://nvd.nist.gov/vuln/detail/CVE-2025-61848) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-04-14 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiA... |
| [CVE-2025-61624](https://nvd.nist.gov/vuln/detail/CVE-2025-61624) | 6.0 | MEDIUM | CWE-22 | No | 0.0% | 4.20 | 2026-04-14 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet For... |
| [CVE-2025-59809](https://nvd.nist.gov/vuln/detail/CVE-2025-59809) | 4.3 | MEDIUM | CWE-918 | No | 0.0% | 3.01 | 2026-04-14 | A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR P... |
| [CVE-2025-53847](https://nvd.nist.gov/vuln/detail/CVE-2025-53847) | 6.5 | MEDIUM | CWE-306 | No | 0.0% | 4.55 | 2026-04-14 | A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 thro... |
| [CVE-2024-23104](https://nvd.nist.gov/vuln/detail/CVE-2024-23104) | 5.4 | MEDIUM | CWE-200 | No | 0.0% | 3.78 | 2026-04-14 | An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 t... |
| [CVE-2026-4914](https://nvd.nist.gov/vuln/detail/CVE-2026-4914) | 5.4 | MEDIUM | CWE-79 | No | 0.1% | 3.78 | 2026-04-14 | Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information f... |
| [CVE-2026-4913](https://nvd.nist.gov/vuln/detail/CVE-2026-4913) | 5.7 | MEDIUM | CWE-424 | No | 0.1% | 3.99 | 2026-04-14 | Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker t... |
| [CVE-2026-4369](https://nvd.nist.gov/vuln/detail/CVE-2026-4369) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-04-14 | A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and... |
| [CVE-2026-4345](https://nvd.nist.gov/vuln/detail/CVE-2026-4345) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-04-14 | A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripti... |
| [CVE-2026-4344](https://nvd.nist.gov/vuln/detail/CVE-2026-4344) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-04-14 | A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked... |
| [CVE-2026-37980](https://nvd.nist.gov/vuln/detail/CVE-2026-37980) | 6.9 | MEDIUM | CWE-79 | No | 0.1% | 4.83 | 2026-04-14 | A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-real... |
| [CVE-2026-37602](https://nvd.nist.gov/vuln/detail/CVE-2026-37602) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/use... |
| [CVE-2026-37601](https://nvd.nist.gov/vuln/detail/CVE-2026-37601) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/app... |
| [CVE-2026-37600](https://nvd.nist.gov/vuln/detail/CVE-2026-37600) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/app... |
| [CVE-2026-37598](https://nvd.nist.gov/vuln/detail/CVE-2026-37598) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/... |
| [CVE-2026-37597](https://nvd.nist.gov/vuln/detail/CVE-2026-37597) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_at... |
| [CVE-2026-37596](https://nvd.nist.gov/vuln/detail/CVE-2026-37596) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_at... |
| [CVE-2026-37595](https://nvd.nist.gov/vuln/detail/CVE-2026-37595) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_at... |
| [CVE-2026-37594](https://nvd.nist.gov/vuln/detail/CVE-2026-37594) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_at... |
| [CVE-2026-37593](https://nvd.nist.gov/vuln/detail/CVE-2026-37593) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_at... |
| [CVE-2026-37592](https://nvd.nist.gov/vuln/detail/CVE-2026-37592) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/ma... |
| [CVE-2026-37591](https://nvd.nist.gov/vuln/detail/CVE-2026-37591) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tena... |
| [CVE-2026-37590](https://nvd.nist.gov/vuln/detail/CVE-2026-37590) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rent... |
| [CVE-2026-37589](https://nvd.nist.gov/vuln/detail/CVE-2026-37589) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-14 | SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/main... |
| [CVE-2026-30480](https://nvd.nist.gov/vuln/detail/CVE-2026-30480) | 0.0 | NONE | N/A | No | 0.0% | 0.00 | 2026-04-14 | A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows... |
| [CVE-2025-69993](https://nvd.nist.gov/vuln/detail/CVE-2025-69993) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-14 | Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This... |
| [CVE-2025-69893](https://nvd.nist.gov/vuln/detail/CVE-2025-69893) | 0.0 | NONE | N/A | No | 0.0% | 0.00 | 2026-04-14 | A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13... |
| [CVE-2025-61260](https://nvd.nist.gov/vuln/detail/CVE-2025-61260) | 0.0 | NONE | N/A | No | 0.0% | 0.00 | 2026-04-14 | A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP... |
| [CVE-2026-31049](https://nvd.nist.gov/vuln/detail/CVE-2026-31049) | 0.0 | NONE | N/A | No | 0.1% | 0.00 | 2026-04-14 | An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privile... |
| [CVE-2025-8095](https://nvd.nist.gov/vuln/detail/CVE-2025-8095) | 9.1 | CRITICAL | CWE-257 | No | 0.0% | 6.37 | 2026-04-14 | The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform.  It has been identified as crypt... |
| [CVE-2026-5307](https://nvd.nist.gov/vuln/detail/CVE-2026-5307) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-14 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r... |
| [CVE-2026-2450](https://nvd.nist.gov/vuln/detail/CVE-2026-2450) | 7.4 | HIGH | CWE-520 | No | 0.0% | 5.18 | 2026-04-14 | .NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows... |
| [CVE-2024-9168](https://nvd.nist.gov/vuln/detail/CVE-2024-9168) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-14 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r... |
| [CVE-2026-2449](https://nvd.nist.gov/vuln/detail/CVE-2026-2449) | 9.0 | CRITICAL | CWE-88 | No | 0.1% | 6.30 | 2026-04-14 | Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions u... |
| [CVE-2026-24069](https://nvd.nist.gov/vuln/detail/CVE-2026-24069) | 5.4 | MEDIUM | CWE-863 | No | 0.0% | 3.78 | 2026-04-14 | Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to conti... |
| [CVE-2025-13822](https://nvd.nist.gov/vuln/detail/CVE-2025-13822) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-04-14 | MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authenticati... |
| [CVE-2026-4109](https://nvd.nist.gov/vuln/detail/CVE-2026-4109) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-14 | The Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPress is vulnerable to u... |
| [CVE-2026-27668](https://nvd.nist.gov/vuln/detail/CVE-2026-27668) | 8.7 | HIGH | CWE-266 | No | 0.0% | 6.09 | 2026-04-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). U... |
| [CVE-2026-25654](https://nvd.nist.gov/vuln/detail/CVE-2026-25654) | 8.7 | HIGH | CWE-639 | No | 0.0% | 6.09 | 2026-04-14 | A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate u... |
| [CVE-2025-40745](https://nvd.nist.gov/vuln/detail/CVE-2025-40745) | 6.3 | MEDIUM | CWE-295 | No | 0.0% | 4.41 | 2026-04-14 | A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V... |
| [CVE-2026-2582](https://nvd.nist.gov/vuln/detail/CVE-2026-2582) | 6.5 | MEDIUM | CWE-94 | No | 0.1% | 4.55 | 2026-04-14 | The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_hold... |
| [CVE-2026-3017](https://nvd.nist.gov/vuln/detail/CVE-2026-3017) | 7.2 | HIGH | CWE-502 | No | 0.0% | 5.04 | 2026-04-14 | The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to P... |
| [CVE-2026-4479](https://nvd.nist.gov/vuln/detail/CVE-2026-4479) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-04-14 | The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Sc... |
| [CVE-2026-4059](https://nvd.nist.gov/vuln/detail/CVE-2026-4059) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-14 | The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shor... |
| [CVE-2026-40315](https://nvd.nist.gov/vuln/detail/CVE-2026-40315) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-04-14 | PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteC... |
| [CVE-2026-40313](https://nvd.nist.gov/vuln/detail/CVE-2026-40313) | 9.1 | CRITICAL | CWE-829 | No | 0.0% | 6.37 | 2026-04-14 | PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to A... |
| [CVE-2026-40289](https://nvd.nist.gov/vuln/detail/CVE-2026-40289) | 9.1 | CRITICAL | CWE-306 | No | 0.1% | 6.37 | 2026-04-14 | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the brow... |
| [CVE-2026-40288](https://nvd.nist.gov/vuln/detail/CVE-2026-40288) | 9.8 | CRITICAL | CWE-78 | No | 0.1% | 6.86 | 2026-04-14 | PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the work... |
| [CVE-2026-40287](https://nvd.nist.gov/vuln/detail/CVE-2026-40287) | 8.4 | HIGH | CWE-94 | No | 0.0% | 5.88 | 2026-04-14 | PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through a... |
| [CVE-2026-1607](https://nvd.nist.gov/vuln/detail/CVE-2026-1607) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-14 | The Surbma \| Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `... |
| [CVE-2026-6264](https://nvd.nist.gov/vuln/detail/CVE-2026-6264) | 9.8 | CRITICAL | N/A | No | 0.2% | 6.87 | 2026-04-14 | A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the... |
| [CVE-2026-6227](https://nvd.nist.gov/vuln/detail/CVE-2026-6227) | 7.2 | HIGH | CWE-22 | No | 0.3% | 5.05 | 2026-04-14 | The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/... |
| [CVE-2026-4388](https://nvd.nist.gov/vuln/detail/CVE-2026-4388) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-04-14 | The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box... |
| [CVE-2026-34984](https://nvd.nist.gov/vuln/detail/CVE-2026-34984) | 7.1 | HIGH | CWE-200 | No | 0.0% | 4.97 | 2026-04-14 | External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernete... |
| [CVE-2026-4365](https://nvd.nist.gov/vuln/detail/CVE-2026-4365) | 9.1 | CRITICAL | CWE-862 | No | 0.1% | 6.37 | 2026-04-14 | The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the... |
| [CVE-2026-4352](https://nvd.nist.gov/vuln/detail/CVE-2026-4352) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-04-14 | The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endp... |
| [CVE-2026-39426](https://nvd.nist.gov/vuln/detail/CVE-2026-39426) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS... |
| [CVE-2026-39425](https://nvd.nist.gov/vuln/detail/CVE-2026-39425) | 5.1 | MEDIUM | CWE-80 | No | 0.1% | 3.57 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS... |
| [CVE-2026-39419](https://nvd.nist.gov/vuln/detail/CVE-2026-39419) | 3.1 | LOW | CWE-74 | No | 0.0% | 2.17 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandb... |
| [CVE-2026-34225](https://nvd.nist.gov/vuln/detail/CVE-2026-34225) | 4.3 | MEDIUM | CWE-918 | No | 0.0% | 3.01 | 2026-04-14 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and be... |
| [CVE-2026-39424](https://nvd.nist.gov/vuln/detail/CVE-2026-39424) | 5.3 | MEDIUM | CWE-1236 | No | 0.1% | 3.71 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable... |
| [CVE-2026-39423](https://nvd.nist.gov/vuln/detail/CVE-2026-39423) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in... |
| [CVE-2026-39422](https://nvd.nist.gov/vuln/detail/CVE-2026-39422) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS... |
| [CVE-2026-39421](https://nvd.nist.gov/vuln/detail/CVE-2026-39421) | 6.3 | MEDIUM | CWE-94 | No | 0.1% | 4.41 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in... |
| [CVE-2026-39420](https://nvd.nist.gov/vuln/detail/CVE-2026-39420) | 6.3 | MEDIUM | CWE-78 | No | 0.2% | 4.41 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mecha... |
| [CVE-2026-39418](https://nvd.nist.gov/vuln/detail/CVE-2026-39418) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypa... |
| [CVE-2026-34264](https://nvd.nist.gov/vuln/detail/CVE-2026-34264) | 6.5 | MEDIUM | CWE-204 | No | 0.0% | 4.55 | 2026-04-14 | During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due t... |
| [CVE-2026-34262](https://nvd.nist.gov/vuln/detail/CVE-2026-34262) | 5.0 | MEDIUM | CWE-522 | No | 0.0% | 3.50 | 2026-04-14 | Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer |
| [CVE-2026-34261](https://nvd.nist.gov/vuln/detail/CVE-2026-34261) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-04-14 | Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could m... |
| [CVE-2026-34257](https://nvd.nist.gov/vuln/detail/CVE-2026-34257) | 6.1 | MEDIUM | CWE-601 | No | 0.0% | 4.27 | 2026-04-14 | Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft... |
| [CVE-2026-34256](https://nvd.nist.gov/vuln/detail/CVE-2026-34256) | 7.1 | HIGH | CWE-862 | No | 0.0% | 4.97 | 2026-04-14 | Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacke... |
| [CVE-2026-40164](https://nvd.nist.gov/vuln/detail/CVE-2026-40164) | 7.5 | HIGH | CWE-328 | No | 0.0% | 5.25 | 2026-04-14 | jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a... |
| [CVE-2026-39417](https://nvd.nist.gov/vuln/detail/CVE-2026-39417) | 4.6 | MEDIUM | CWE-20 | No | 0.1% | 3.22 | 2026-04-14 | MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-539... |
| [CVE-2026-34069](https://nvd.nist.gov/vuln/detail/CVE-2026-34069) | 5.3 | MEDIUM | CWE-617 | No | 0.0% | 3.71 | 2026-04-14 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus a... |
| [CVE-2026-33948](https://nvd.nist.gov/vuln/detail/CVE-2026-33948) | 2.9 | LOW | CWE-20 | No | 0.1% | 2.03 | 2026-04-14 | jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability whe... |
| [CVE-2026-27683](https://nvd.nist.gov/vuln/detail/CVE-2026-27683) | 4.1 | MEDIUM | CWE-79 | No | 0.0% | 2.87 | 2026-04-14 | SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript pa... |
| [CVE-2026-27681](https://nvd.nist.gov/vuln/detail/CVE-2026-27681) | 9.9 | CRITICAL | CWE-89 | No | 0.0% | 6.93 | 2026-04-14 | Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authe... |
| [CVE-2026-27679](https://nvd.nist.gov/vuln/detail/CVE-2026-27679) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-04-14 | Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker... |
| [CVE-2026-27678](https://nvd.nist.gov/vuln/detail/CVE-2026-27678) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-04-14 | Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker... |
| [CVE-2026-27677](https://nvd.nist.gov/vuln/detail/CVE-2026-27677) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-04-14 | Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could upd... |
| [CVE-2026-27676](https://nvd.nist.gov/vuln/detail/CVE-2026-27676) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-14 | Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker c... |
| [CVE-2026-27675](https://nvd.nist.gov/vuln/detail/CVE-2026-27675) | 2.0 | LOW | CWE-94 | No | 0.0% | 1.40 | 2026-04-14 | SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileg... |
| [CVE-2026-27674](https://nvd.nist.gov/vuln/detail/CVE-2026-27674) | 6.1 | MEDIUM | CWE-94 | No | 0.1% | 4.27 | 2026-04-14 | Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated att... |
| [CVE-2026-27673](https://nvd.nist.gov/vuln/detail/CVE-2026-27673) | 4.9 | MEDIUM | CWE-862 | No | 0.0% | 3.43 | 2026-04-14 | Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete... |
| [CVE-2026-27672](https://nvd.nist.gov/vuln/detail/CVE-2026-27672) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-14 | The Material Master application does not enforce authorization checks for authenticated users when executing reports, re... |
| [CVE-2026-24318](https://nvd.nist.gov/vuln/detail/CVE-2026-24318) | 4.2 | MEDIUM | CWE-539 | No | 0.0% | 2.94 | 2026-04-14 | Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthent... |
| [CVE-2026-0512](https://nvd.nist.gov/vuln/detail/CVE-2026-0512) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-04-14 | Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catal... |
| [CVE-2026-6203](https://nvd.nist.gov/vuln/detail/CVE-2026-6203) | 6.1 | MEDIUM | CWE-601 | No | 1.2% | 4.31 | 2026-04-13 | The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5... |
| [CVE-2026-5086](https://nvd.nist.gov/vuln/detail/CVE-2026-5086) | 7.5 | HIGH | CWE-208 | No | 0.0% | 5.25 | 2026-04-13 | Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.  For example, if Crypt::SecretBuff... |
| [CVE-2026-39979](https://nvd.nist.gov/vuln/detail/CVE-2026-39979) | 6.9 | MEDIUM | CWE-125 | No | 0.0% | 4.83 | 2026-04-13 | jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() AP... |
| [CVE-2026-39956](https://nvd.nist.gov/vuln/detail/CVE-2026-39956) | 6.1 | MEDIUM | CWE-125 | No | 0.0% | 4.27 | 2026-04-13 | jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin... |
| [CVE-2026-6224](https://nvd.nist.gov/vuln/detail/CVE-2026-6224) | 6.9 | MEDIUM | CWE-264 | No | 0.0% | 4.83 | 2026-04-13 | A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function... |
| [CVE-2026-6220](https://nvd.nist.gov/vuln/detail/CVE-2026-6220) | 5.1 | MEDIUM | CWE-918 | No | 0.0% | 3.57 | 2026-04-13 | A vulnerability was identified in HummerRisk up to 1.5.0. This vulnerability affects the function ServerService.addServe... |
| [CVE-2026-4786](https://nvd.nist.gov/vuln/detail/CVE-2026-4786) | 7.0 | HIGH | CWE-77 | No | 0.0% | 4.90 | 2026-04-13 | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain b... |
| [CVE-2026-40312](https://nvd.nist.gov/vuln/detail/CVE-2026-40312) | 6.2 | MEDIUM | CWE-193 | No | 0.0% | 4.34 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-1... |
| [CVE-2026-40311](https://nvd.nist.gov/vuln/detail/CVE-2026-40311) | 5.5 | MEDIUM | CWE-416 | No | 0.0% | 3.85 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 a... |
| [CVE-2026-40310](https://nvd.nist.gov/vuln/detail/CVE-2026-40310) | 5.5 | MEDIUM | CWE-122 | No | 0.0% | 3.85 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2... |
| [CVE-2026-40183](https://nvd.nist.gov/vuln/detail/CVE-2026-40183) | 5.5 | MEDIUM | CWE-122 | No | 0.0% | 3.85 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-1... |
| [CVE-2026-40169](https://nvd.nist.gov/vuln/detail/CVE-2026-40169) | 6.2 | MEDIUM | CWE-122 | No | 0.0% | 4.34 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-1... |
| [CVE-2026-34238](https://nvd.nist.gov/vuln/detail/CVE-2026-34238) | 5.1 | MEDIUM | CWE-190 | No | 0.0% | 3.57 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.... |
| [CVE-2026-33947](https://nvd.nist.gov/vuln/detail/CVE-2026-33947) | 6.2 | MEDIUM | CWE-674 | No | 0.0% | 4.34 | 2026-04-13 | jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sor... |
| [CVE-2026-33908](https://nvd.nist.gov/vuln/detail/CVE-2026-33908) | 7.5 | HIGH | CWE-674 | No | 0.0% | 5.25 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.... |
| [CVE-2026-33905](https://nvd.nist.gov/vuln/detail/CVE-2026-33905) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.... |
| [CVE-2026-33902](https://nvd.nist.gov/vuln/detail/CVE-2026-33902) | 5.5 | MEDIUM | CWE-674 | No | 0.0% | 3.85 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.... |
| [CVE-2026-6219](https://nvd.nist.gov/vuln/detail/CVE-2026-6219) | 4.8 | MEDIUM | CWE-74 | No | 0.2% | 3.37 | 2026-04-13 | A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of... |
| [CVE-2026-6218](https://nvd.nist.gov/vuln/detail/CVE-2026-6218) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-13 | A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode... |
| [CVE-2026-6216](https://nvd.nist.gov/vuln/detail/CVE-2026-6216) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-13 | A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/... |
| [CVE-2026-33901](https://nvd.nist.gov/vuln/detail/CVE-2026-33901) | 7.5 | HIGH | CWE-122 | No | 0.0% | 5.25 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.... |
| [CVE-2026-33900](https://nvd.nist.gov/vuln/detail/CVE-2026-33900) | 5.9 | MEDIUM | CWE-190 | No | 0.0% | 4.13 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.... |
| [CVE-2026-33899](https://nvd.nist.gov/vuln/detail/CVE-2026-33899) | 5.3 | MEDIUM | CWE-122 | No | 0.0% | 3.71 | 2026-04-13 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-1... |
| [CVE-2026-33740](https://nvd.nist.gov/vuln/detail/CVE-2026-33740) | 5.4 | MEDIUM | CWE-639 | No | 0.0% | 3.78 | 2026-04-13 | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Em... |
| [CVE-2026-33659](https://nvd.nist.gov/vuln/detail/CVE-2026-33659) | 3.5 | LOW | CWE-367 | No | 0.0% | 2.45 | 2026-04-13 | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/At... |
| [CVE-2026-32272](https://nvd.nist.gov/vuln/detail/CVE-2026-32272) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-04-13 | Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability e... |
| [CVE-2026-32271](https://nvd.nist.gov/vuln/detail/CVE-2026-32271) | 7.7 | HIGH | CWE-89 | No | 0.2% | 5.40 | 2026-04-13 | Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there i... |
| [CVE-2026-31280](https://nvd.nist.gov/vuln/detail/CVE-2026-31280) | 0.0 | NONE | N/A | No | 0.0% | 0.00 | 2026-04-13 | An issue in the Bluetooth RFCOMM service of Parani M10 Motorcycle Intercom v2.1.3 allows unauthorized attackers to cause... |
| [CVE-2026-26460](https://nvd.nist.gov/vuln/detail/CVE-2026-26460) | 6.1 | MEDIUM | CWE-80 | No | 0.0% | 4.27 | 2026-04-13 | A HTML Injection vulnerability exists in the Dashboard module of Vtiger CRM 8.4.0. The application fails to properly neu... |
| [CVE-2025-70936](https://nvd.nist.gov/vuln/detail/CVE-2025-70936) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-13 | Vtiger CRM 8.4.0 contains a reflected cross-site scripting (XSS) vulnerability in the MailManager module. Improper handl... |
| [CVE-2025-51414](https://nvd.nist.gov/vuln/detail/CVE-2025-51414) | 8.8 | HIGH | CWE-94 | No | 0.0% | 6.16 | 2026-04-13 | In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile... |
| [CVE-2026-6215](https://nvd.nist.gov/vuln/detail/CVE-2026-6215) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-13 | A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file pac... |
| [CVE-2026-6202](https://nvd.nist.gov/vuln/detail/CVE-2026-6202) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-13 | A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file po... |
| [CVE-2026-6201](https://nvd.nist.gov/vuln/detail/CVE-2026-6201) | 5.3 | MEDIUM | CWE-266 | No | 0.0% | 3.71 | 2026-04-13 | A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the fi... |
| [CVE-2026-33657](https://nvd.nist.gov/vuln/detail/CVE-2026-33657) | 4.6 | MEDIUM | CWE-80 | No | 0.0% | 3.22 | 2026-04-13 | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML inje... |
| [CVE-2026-33534](https://nvd.nist.gov/vuln/detail/CVE-2026-33534) | 4.3 | MEDIUM | CWE-918 | No | 0.0% | 3.01 | 2026-04-13 | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated S... |
| [CVE-2026-32605](https://nvd.nist.gov/vuln/detail/CVE-2026-32605) | 7.5 | HIGH | CWE-125 | No | 0.0% | 5.25 | 2026-04-13 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus a... |
| [CVE-2026-32270](https://nvd.nist.gov/vuln/detail/CVE-2026-32270) | 1.7 | LOW | CWE-200 | No | 0.0% | 1.19 | 2026-04-13 | Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the Pay... |
| [CVE-2026-31048](https://nvd.nist.gov/vuln/detail/CVE-2026-31048) | 9.8 | CRITICAL | CWE-94 | No | 0.0% | 6.86 | 2026-04-13 | An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a cra... |
| [CVE-2026-6200](https://nvd.nist.gov/vuln/detail/CVE-2026-6200) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-13 | A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the fil... |
| [CVE-2026-6199](https://nvd.nist.gov/vuln/detail/CVE-2026-6199) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-13 | A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting.... |
| [CVE-2026-6198](https://nvd.nist.gov/vuln/detail/CVE-2026-6198) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-13 | A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /... |
| [CVE-2026-6197](https://nvd.nist.gov/vuln/detail/CVE-2026-6197) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-13 | A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/... |
| [CVE-2026-40044](https://nvd.nist.gov/vuln/detail/CVE-2026-40044) | 9.3 | CRITICAL | CWE-502 | No | 0.1% | 6.51 | 2026-04-13 | Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by... |
| [CVE-2026-40043](https://nvd.nist.gov/vuln/detail/CVE-2026-40043) | 7.1 | HIGH | CWE-639 | No | 0.1% | 4.97 | 2026-04-13 | Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low... |
| [CVE-2026-40042](https://nvd.nist.gov/vuln/detail/CVE-2026-40042) | 9.3 | CRITICAL | CWE-403 | No | 0.0% | 6.51 | 2026-04-13 | Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbit... |
| [CVE-2026-40041](https://nvd.nist.gov/vuln/detail/CVE-2026-40041) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-04-13 | Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in a... |
| [CVE-2026-40040](https://nvd.nist.gov/vuln/detail/CVE-2026-40040) | 8.7 | HIGH | CWE-434 | No | 0.1% | 6.09 | 2026-04-13 | Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file... |
| [CVE-2026-40039](https://nvd.nist.gov/vuln/detail/CVE-2026-40039) | 7.1 | HIGH | CWE-305 | No | 0.0% | 4.97 | 2026-04-13 | Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external we... |
| [CVE-2026-40038](https://nvd.nist.gov/vuln/detail/CVE-2026-40038) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-13 | Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and sc... |
| [CVE-2026-29955](https://nvd.nist.gov/vuln/detail/CVE-2026-29955) | 8.8 | HIGH | CWE-94 | No | 0.0% | 6.16 | 2026-04-13 | The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. Th... |
| [CVE-2026-6196](https://nvd.nist.gov/vuln/detail/CVE-2026-6196) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-13 | A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeComm... |
| [CVE-2026-6195](https://nvd.nist.gov/vuln/detail/CVE-2026-6195) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-13 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the funct... |
| [CVE-2026-6194](https://nvd.nist.gov/vuln/detail/CVE-2026-6194) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-13 | A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_41... |
| [CVE-2026-32316](https://nvd.nist.gov/vuln/detail/CVE-2026-32316) | 8.2 | HIGH | CWE-122 | No | 0.0% | 5.74 | 2026-04-13 | jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_strin... |
| [CVE-2026-28291](https://nvd.nist.gov/vuln/detail/CVE-2026-28291) | 8.1 | HIGH | CWE-78 | No | 0.1% | 5.67 | 2026-04-13 | simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of a... |
| [CVE-2026-6193](https://nvd.nist.gov/vuln/detail/CVE-2026-6193) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of... |
| [CVE-2026-6192](https://nvd.nist.gov/vuln/detail/CVE-2026-6192) | 4.8 | MEDIUM | CWE-189 | No | 0.0% | 3.36 | 2026-04-13 | A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in... |
| [CVE-2026-6191](https://nvd.nist.gov/vuln/detail/CVE-2026-6191) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-13 | A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of t... |
| [CVE-2026-6190](https://nvd.nist.gov/vuln/detail/CVE-2026-6190) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-13 | A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown functio... |
| [CVE-2026-6189](https://nvd.nist.gov/vuln/detail/CVE-2026-6189) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unk... |
| [CVE-2026-39940](https://nvd.nist.gov/vuln/detail/CVE-2026-39940) | 5.3 | MEDIUM | CWE-601 | No | 0.0% | 3.71 | 2026-04-13 | ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCR... |
| [CVE-2026-36952](https://nvd.nist.gov/vuln/detail/CVE-2026-36952) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/man... |
| [CVE-2026-36950](https://nvd.nist.gov/vuln/detail/CVE-2026-36950) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php. |
| [CVE-2026-36948](https://nvd.nist.gov/vuln/detail/CVE-2026-36948) | 7.3 | HIGH | CWE-89 | No | 0.0% | 5.11 | 2026-04-13 | Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php. |
| [CVE-2026-33555](https://nvd.nist.gov/vuln/detail/CVE-2026-33555) | 4.0 | MEDIUM | CWE-130 | No | 0.0% | 2.80 | 2026-04-13 | An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches... |
| [CVE-2026-23891](https://nvd.nist.gov/vuln/detail/CVE-2026-23891) | 9.3 | CRITICAL | CWE-79 | No | 0.1% | 6.51 | 2026-04-13 | Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code ex... |
| [CVE-2026-6231](https://nvd.nist.gov/vuln/detail/CVE-2026-6231) | 5.3 | MEDIUM | CWE-20 | No | 0.0% | 3.71 | 2026-04-13 | The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could resul... |
| [CVE-2026-6188](https://nvd.nist.gov/vuln/detail/CVE-2026-6188) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the... |
| [CVE-2026-6187](https://nvd.nist.gov/vuln/detail/CVE-2026-6187) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown... |
| [CVE-2026-6186](https://nvd.nist.gov/vuln/detail/CVE-2026-6186) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-13 | A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the functi... |
| [CVE-2026-6184](https://nvd.nist.gov/vuln/detail/CVE-2026-6184) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-13 | A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of th... |
| [CVE-2026-36938](https://nvd.nist.gov/vuln/detail/CVE-2026-36938) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php. |
| [CVE-2026-36937](https://nvd.nist.gov/vuln/detail/CVE-2026-36937) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_deta... |
| [CVE-2026-34188](https://nvd.nist.gov/vuln/detail/CVE-2026-34188) | 7.5 | HIGH | CWE-78 | No | 0.4% | 5.26 | 2026-04-13 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Re... |
| [CVE-2026-34186](https://nvd.nist.gov/vuln/detail/CVE-2026-34186) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-04-13 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields.... |
| [CVE-2026-30813](https://nvd.nist.gov/vuln/detail/CVE-2026-30813) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-04-13 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search.... |
| [CVE-2026-30812](https://nvd.nist.gov/vuln/detail/CVE-2026-30812) | 2.1 | LOW | CWE-79 | No | 0.0% | 1.47 | 2026-04-13 | Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event c... |
| [CVE-2026-30811](https://nvd.nist.gov/vuln/detail/CVE-2026-30811) | 8.4 | HIGH | CWE-276 | No | 0.0% | 5.88 | 2026-04-13 | Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affe... |
| [CVE-2026-30809](https://nvd.nist.gov/vuln/detail/CVE-2026-30809) | 8.7 | HIGH | CWE-78 | No | 0.5% | 6.10 | 2026-04-13 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServe... |
| [CVE-2026-30806](https://nvd.nist.gov/vuln/detail/CVE-2026-30806) | 8.7 | HIGH | CWE-78 | No | 0.6% | 6.11 | 2026-04-13 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network... |
| [CVE-2026-30804](https://nvd.nist.gov/vuln/detail/CVE-2026-30804) | 8.6 | HIGH | CWE-434 | No | 0.4% | 6.03 | 2026-04-13 | Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue a... |
| [CVE-2025-69627](https://nvd.nist.gov/vuln/detail/CVE-2025-69627) | 8.4 | HIGH | CWE-416 | No | 0.0% | 5.88 | 2026-04-13 | Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript... |
| [CVE-2025-69624](https://nvd.nist.gov/vuln/detail/CVE-2025-69624) | 7.5 | HIGH | CWE-476 | No | 0.0% | 5.25 | 2026-04-13 | Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation o... |
| [CVE-2025-66769](https://nvd.nist.gov/vuln/detail/CVE-2025-66769) | 7.5 | HIGH | CWE-476 | No | 0.0% | 5.25 | 2026-04-13 | A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) v... |
| [CVE-2025-63743](https://nvd.nist.gov/vuln/detail/CVE-2025-63743) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-13 | Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 a... |
| [CVE-2025-31991](https://nvd.nist.gov/vuln/detail/CVE-2025-31991) | 6.8 | MEDIUM | CWE-307 | No | 0.0% | 4.76 | 2026-04-13 | Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brut... |
| [CVE-2026-6183](https://nvd.nist.gov/vuln/detail/CVE-2026-6183) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is som... |
| [CVE-2026-6182](https://nvd.nist.gov/vuln/detail/CVE-2026-6182) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is... |
| [CVE-2026-36945](https://nvd.nist.gov/vuln/detail/CVE-2026-36945) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/a... |
| [CVE-2026-36944](https://nvd.nist.gov/vuln/detail/CVE-2026-36944) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/adm... |
| [CVE-2026-36943](https://nvd.nist.gov/vuln/detail/CVE-2026-36943) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/a... |
| [CVE-2026-36942](https://nvd.nist.gov/vuln/detail/CVE-2026-36942) | 2.7 | LOW | N/A | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/ma... |
| [CVE-2026-36941](https://nvd.nist.gov/vuln/detail/CVE-2026-36941) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_... |
| [CVE-2026-31283](https://nvd.nist.gov/vuln/detail/CVE-2026-31283) | 9.8 | CRITICAL | CWE-770 | No | 0.0% | 6.86 | 2026-04-13 | In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address.... |
| [CVE-2026-31282](https://nvd.nist.gov/vuln/detail/CVE-2026-31282) | 9.8 | CRITICAL | CWE-284 | No | 0.0% | 6.86 | 2026-04-13 | Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to revea... |
| [CVE-2026-31281](https://nvd.nist.gov/vuln/detail/CVE-2026-31281) | 8.0 | HIGH | CWE-79 | No | 0.0% | 5.60 | 2026-04-13 | Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message a... |
| [CVE-2026-30999](https://nvd.nist.gov/vuln/detail/CVE-2026-30999) | 7.5 | HIGH | CWE-122 | No | 0.0% | 5.25 | 2026-04-13 | A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Servi... |
| [CVE-2026-30998](https://nvd.nist.gov/vuln/detail/CVE-2026-30998) | 7.5 | HIGH | CWE-400 | No | 0.0% | 5.25 | 2026-04-13 | An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows att... |
| [CVE-2026-30997](https://nvd.nist.gov/vuln/detail/CVE-2026-30997) | 7.5 | HIGH | CWE-125 | No | 0.0% | 5.25 | 2026-04-13 | An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cau... |
| [CVE-2026-29628](https://nvd.nist.gov/vuln/detail/CVE-2026-29628) | 6.2 | MEDIUM | CWE-121 | No | 0.0% | 4.34 | 2026-04-13 | A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allows attackers to cause... |
| [CVE-2026-1462](https://nvd.nist.gov/vuln/detail/CVE-2026-1462) | 8.8 | HIGH | CWE-502 | No | 0.1% | 6.16 | 2026-04-13 | A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow S... |
| [CVE-2025-66236](https://nvd.nist.gov/vuln/detail/CVE-2025-66236) | 7.5 | HIGH | CWE-532 | No | 0.0% | 5.25 | 2026-04-13 | Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate... |
| [CVE-2026-36947](https://nvd.nist.gov/vuln/detail/CVE-2026-36947) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/a... |
| [CVE-2026-36946](https://nvd.nist.gov/vuln/detail/CVE-2026-36946) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/a... |
| [CVE-2026-36923](https://nvd.nist.gov/vuln/detail/CVE-2026-36923) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php... |
| [CVE-2026-36922](https://nvd.nist.gov/vuln/detail/CVE-2026-36922) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category... |
| [CVE-2026-36920](https://nvd.nist.gov/vuln/detail/CVE-2026-36920) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/... |
| [CVE-2026-36919](https://nvd.nist.gov/vuln/detail/CVE-2026-36919) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/e... |
| [CVE-2026-36874](https://nvd.nist.gov/vuln/detail/CVE-2026-36874) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php. |
| [CVE-2026-36873](https://nvd.nist.gov/vuln/detail/CVE-2026-36873) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php. |
| [CVE-2026-36872](https://nvd.nist.gov/vuln/detail/CVE-2026-36872) | 2.7 | LOW | CWE-89 | No | 0.0% | 1.89 | 2026-04-13 | Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php. |
| [CVE-2026-6204](https://nvd.nist.gov/vuln/detail/CVE-2026-6204) | 8.5 | HIGH | CWE-78 | No | 0.0% | 5.95 | 2026-04-13 | LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Bina... |
| [CVE-2026-2728](https://nvd.nist.gov/vuln/detail/CVE-2026-2728) | 4.6 | MEDIUM | CWE-79 | No | 0.0% | 3.22 | 2026-04-13 | LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig pa... |
| [CVE-2025-15632](https://nvd.nist.gov/vuln/detail/CVE-2025-15632) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-13 | A vulnerability has been found in 1Panel-dev MaxKB up to 2.4.2. Impacted is an unknown function of the file ui/src/chat.... |
| [CVE-2026-0234](https://nvd.nist.gov/vuln/detail/CVE-2026-0234) | 7.2 | HIGH | CWE-347 | No | 0.0% | 5.04 | 2026-04-13 | An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms duri... |
| [CVE-2026-0233](https://nvd.nist.gov/vuln/detail/CVE-2026-0233) | 2.0 | LOW | CWE-295 | No | 0.0% | 1.40 | 2026-04-13 | A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an... |
| [CVE-2026-0232](https://nvd.nist.gov/vuln/detail/CVE-2026-0232) | 4.0 | MEDIUM | CWE-15 | No | 0.0% | 2.80 | 2026-04-13 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows admin... |
| [CVE-2026-6168](https://nvd.nist.gov/vuln/detail/CVE-2026-6168) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-13 | A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of... |
| [CVE-2026-6167](https://nvd.nist.gov/vuln/detail/CVE-2026-6167) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file... |
| [CVE-2026-6166](https://nvd.nist.gov/vuln/detail/CVE-2026-6166) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects s... |
| [CVE-2026-5936](https://nvd.nist.gov/vuln/detail/CVE-2026-5936) | 8.5 | HIGH | CWE-918 | No | 0.0% | 5.95 | 2026-04-13 | An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests t... |
| [CVE-2026-40436](https://nvd.nist.gov/vuln/detail/CVE-2026-40436) | 7.1 | HIGH | N/A | No | 0.0% | 4.97 | 2026-04-13 | The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS porta... |
| [CVE-2026-3830](https://nvd.nist.gov/vuln/detail/CVE-2026-3830) | 8.6 | HIGH | CWE-89 | No | 0.1% | 6.02 | 2026-04-13 | The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before... |
| [CVE-2026-34866](https://nvd.nist.gov/vuln/detail/CVE-2026-34866) | 5.1 | MEDIUM | CWE-120 | No | 0.0% | 3.57 | 2026-04-13 | Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect av... |
| [CVE-2026-34865](https://nvd.nist.gov/vuln/detail/CVE-2026-34865) | 10.0 | CRITICAL | CWE-122 | No | 0.0% | 7.00 | 2026-04-13 | Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect av... |
| [CVE-2025-15441](https://nvd.nist.gov/vuln/detail/CVE-2025-15441) | 6.8 | MEDIUM | CWE-89 | No | 0.0% | 4.76 | 2026-04-13 | The Form Maker by 10Web  WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping"... |
| [CVE-2026-6165](https://nvd.nist.gov/vuln/detail/CVE-2026-6165) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unkno... |
| [CVE-2026-6164](https://nvd.nist.gov/vuln/detail/CVE-2026-6164) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part o... |
| [CVE-2026-6163](https://nvd.nist.gov/vuln/detail/CVE-2026-6163) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unkn... |
| [CVE-2026-40447](https://nvd.nist.gov/vuln/detail/CVE-2026-40447) | 5.1 | MEDIUM | CWE-190 | No | 0.0% | 3.57 | 2026-04-13 | Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affect... |
| [CVE-2026-21014](https://nvd.nist.gov/vuln/detail/CVE-2026-21014) | 5.1 | MEDIUM | N/A | No | 0.0% | 3.57 | 2026-04-13 | Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. Use... |
| [CVE-2026-21013](https://nvd.nist.gov/vuln/detail/CVE-2026-21013) | 6.9 | MEDIUM | N/A | No | 0.0% | 4.83 | 2026-04-13 | Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive in... |
| [CVE-2026-21012](https://nvd.nist.gov/vuln/detail/CVE-2026-21012) | 6.8 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.76 | 2026-04-13 | External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create f... |
| [CVE-2026-21011](https://nvd.nist.gov/vuln/detail/CVE-2026-21011) | 5.4 | MEDIUM | CWE-732 | No | 0.0% | 3.78 | 2026-04-13 | Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attacker... |
| [CVE-2026-21010](https://nvd.nist.gov/vuln/detail/CVE-2026-21010) | 6.6 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 4.62 | 2026-04-13 | Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged fu... |
| [CVE-2026-21009](https://nvd.nist.gov/vuln/detail/CVE-2026-21009) | 4.1 | MEDIUM | N/A | No | 0.0% | 2.87 | 2026-04-13 | Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass... |
| [CVE-2026-21008](https://nvd.nist.gov/vuln/detail/CVE-2026-21008) | 5.1 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.57 | 2026-04-13 | Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitiv... |
| [CVE-2026-21007](https://nvd.nist.gov/vuln/detail/CVE-2026-21007) | 4.4 | MEDIUM | CWE-754 | No | 0.0% | 3.08 | 2026-04-13 | Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to by... |
| [CVE-2026-21006](https://nvd.nist.gov/vuln/detail/CVE-2026-21006) | 4.7 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.29 | 2026-04-13 | Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden not... |
| [CVE-2026-6162](https://nvd.nist.gov/vuln/detail/CVE-2026-6162) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-13 | A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of... |
| [CVE-2026-6161](https://nvd.nist.gov/vuln/detail/CVE-2026-6161) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chat... |
| [CVE-2026-6160](https://nvd.nist.gov/vuln/detail/CVE-2026-6160) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-13 | A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP... |
| [CVE-2026-6159](https://nvd.nist.gov/vuln/detail/CVE-2026-6159) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-13 | A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown f... |
| [CVE-2026-6158](https://nvd.nist.gov/vuln/detail/CVE-2026-6158) | 6.9 | MEDIUM | CWE-77 | No | 2.4% | 4.90 | 2026-04-13 | A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgra... |
| [CVE-2026-40446](https://nvd.nist.gov/vuln/detail/CVE-2026-40446) | 6.9 | MEDIUM | CWE-843 | No | 0.0% | 4.83 | 2026-04-13 | Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Point... |
| [CVE-2026-35553](https://nvd.nist.gov/vuln/detail/CVE-2026-35553) | 8.4 | HIGH | CWE-121 | No | 0.0% | 5.88 | 2026-04-13 | Bluetooth ACPI Drivers provided by Dynabook Inc. contain a stack-based buffer overflow vulnerability. An attacker may ex... |
| [CVE-2026-34864](https://nvd.nist.gov/vuln/detail/CVE-2026-34864) | 6.8 | MEDIUM | CWE-119 | No | 0.0% | 4.76 | 2026-04-13 | Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability m... |
| [CVE-2026-34863](https://nvd.nist.gov/vuln/detail/CVE-2026-34863) | 6.7 | MEDIUM | CWE-787 | No | 0.0% | 4.69 | 2026-04-13 | Out-of-bounds write vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect a... |
| [CVE-2026-34862](https://nvd.nist.gov/vuln/detail/CVE-2026-34862) | 6.3 | MEDIUM | CWE-362 | No | 0.0% | 4.41 | 2026-04-13 | Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnera... |
| [CVE-2026-34861](https://nvd.nist.gov/vuln/detail/CVE-2026-34861) | 6.3 | MEDIUM | CWE-362 | No | 0.0% | 4.41 | 2026-04-13 | Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may... |
| [CVE-2026-34859](https://nvd.nist.gov/vuln/detail/CVE-2026-34859) | 5.9 | MEDIUM | CWE-416 | No | 0.0% | 4.13 | 2026-04-13 | UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability a... |
| [CVE-2026-34858](https://nvd.nist.gov/vuln/detail/CVE-2026-34858) | 4.1 | MEDIUM | CWE-362 | No | 0.0% | 2.87 | 2026-04-13 | UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availabi... |
| [CVE-2026-34857](https://nvd.nist.gov/vuln/detail/CVE-2026-34857) | 4.7 | MEDIUM | CWE-362 | No | 0.0% | 3.29 | 2026-04-13 | UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availabi... |
| [CVE-2026-34854](https://nvd.nist.gov/vuln/detail/CVE-2026-34854) | 5.7 | MEDIUM | CWE-416 | No | 0.0% | 3.99 | 2026-04-13 | UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability a... |
| [CVE-2026-25209](https://nvd.nist.gov/vuln/detail/CVE-2026-25209) | 6.5 | MEDIUM | CWE-125 | No | 0.0% | 4.55 | 2026-04-13 | Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escarg... |
| [CVE-2026-25208](https://nvd.nist.gov/vuln/detail/CVE-2026-25208) | 8.1 | HIGH | CWE-190 | No | 0.0% | 5.67 | 2026-04-13 | Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8... |
| [CVE-2026-25207](https://nvd.nist.gov/vuln/detail/CVE-2026-25207) | 7.4 | HIGH | CWE-787 | No | 0.0% | 5.18 | 2026-04-13 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 9... |
| [CVE-2026-25206](https://nvd.nist.gov/vuln/detail/CVE-2026-25206) | 6.7 | MEDIUM | CWE-125 | No | 0.0% | 4.69 | 2026-04-13 | Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escarg... |
| [CVE-2026-21003](https://nvd.nist.gov/vuln/detail/CVE-2026-21003) | 5.2 | MEDIUM | N/A | No | 0.0% | 3.64 | 2026-04-13 | Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attack... |
| [CVE-2026-6157](https://nvd.nist.gov/vuln/detail/CVE-2026-6157) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-13 | A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig... |
| [CVE-2026-6156](https://nvd.nist.gov/vuln/detail/CVE-2026-6156) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-13 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosR... |
| [CVE-2026-6155](https://nvd.nist.gov/vuln/detail/CVE-2026-6155) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-13 | A weakness has been identified in Totolink A7100RU 7.4cu.2313. The impacted element is the function setWanCfg of the fil... |
| [CVE-2026-6154](https://nvd.nist.gov/vuln/detail/CVE-2026-6154) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-13 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setWi... |
| [CVE-2026-6153](https://nvd.nist.gov/vuln/detail/CVE-2026-6153) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function... |
| [CVE-2026-6179](https://nvd.nist.gov/vuln/detail/CVE-2026-6179) | 6.3 | MEDIUM | CWE-79 | No | 0.0% | 4.41 | 2026-04-13 | Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in... |
| [CVE-2026-6152](https://nvd.nist.gov/vuln/detail/CVE-2026-6152) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown... |
| [CVE-2026-6151](https://nvd.nist.gov/vuln/detail/CVE-2026-6151) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown co... |
| [CVE-2026-6150](https://nvd.nist.gov/vuln/detail/CVE-2026-6150) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-13 | A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /che... |
| [CVE-2026-6149](https://nvd.nist.gov/vuln/detail/CVE-2026-6149) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown fu... |
| [CVE-2026-6148](https://nvd.nist.gov/vuln/detail/CVE-2026-6148) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is... |
| [CVE-2026-6143](https://nvd.nist.gov/vuln/detail/CVE-2026-6143) | 5.3 | MEDIUM | CWE-346 | No | 0.0% | 3.71 | 2026-04-13 | A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functio... |
| [CVE-2026-6142](https://nvd.nist.gov/vuln/detail/CVE-2026-6142) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-13 | A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Af... |
| [CVE-2026-6141](https://nvd.nist.gov/vuln/detail/CVE-2026-6141) | 5.3 | MEDIUM | CWE-77 | No | 0.7% | 3.73 | 2026-04-13 | A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function... |
| [CVE-2026-6140](https://nvd.nist.gov/vuln/detail/CVE-2026-6140) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-13 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function UploadFirmwareFile of the... |
| [CVE-2026-6139](https://nvd.nist.gov/vuln/detail/CVE-2026-6139) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-13 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function UploadOpenVpnCert of... |
| [CVE-2026-6138](https://nvd.nist.gov/vuln/detail/CVE-2026-6138) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-13 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setAccessDeviceCfg... |
| [CVE-2026-6137](https://nvd.nist.gov/vuln/detail/CVE-2026-6137) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-13 | A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the... |
| [CVE-2026-6136](https://nvd.nist.gov/vuln/detail/CVE-2026-6136) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-13 | A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the... |
| [CVE-2026-6135](https://nvd.nist.gov/vuln/detail/CVE-2026-6135) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-13 | A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the fi... |
| [CVE-2026-6134](https://nvd.nist.gov/vuln/detail/CVE-2026-6134) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-12 | A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqosset... |
| [CVE-2026-6133](https://nvd.nist.gov/vuln/detail/CVE-2026-6133) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-12 | A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file... |
| [CVE-2026-6132](https://nvd.nist.gov/vuln/detail/CVE-2026-6132) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-12 | A vulnerability was determined in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setLedCf... |
| [CVE-2026-6131](https://nvd.nist.gov/vuln/detail/CVE-2026-6131) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-12 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTr... |
| [CVE-2026-6130](https://nvd.nist.gov/vuln/detail/CVE-2026-6130) | 6.9 | MEDIUM | CWE-77 | No | 0.8% | 4.86 | 2026-04-12 | A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/... |
| [CVE-2026-6129](https://nvd.nist.gov/vuln/detail/CVE-2026-6129) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-04-12 | A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the... |
| [CVE-2026-40396](https://nvd.nist.gov/vuln/detail/CVE-2026-40396) | 4.0 | MEDIUM | CWE-670 | No | 0.0% | 2.80 | 2026-04-12 | Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A mali... |
| [CVE-2026-40395](https://nvd.nist.gov/vuln/detail/CVE-2026-40395) | 4.0 | MEDIUM | CWE-770 | No | 0.0% | 2.80 | 2026-04-12 | Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The h... |
| [CVE-2026-40394](https://nvd.nist.gov/vuln/detail/CVE-2026-40394) | 4.0 | MEDIUM | CWE-670 | No | 0.0% | 2.80 | 2026-04-12 | Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (da... |
| [CVE-2026-40393](https://nvd.nist.gov/vuln/detail/CVE-2026-40393) | 8.1 | HIGH | CWE-787 | No | 0.0% | 5.67 | 2026-04-12 | In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-... |
| [CVE-2026-40386](https://nvd.nist.gov/vuln/detail/CVE-2026-40386) | 4.0 | MEDIUM | CWE-191 | No | 0.0% | 2.80 | 2026-04-12 | In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used b... |
| [CVE-2026-40385](https://nvd.nist.gov/vuln/detail/CVE-2026-40385) | 4.0 | MEDIUM | CWE-190 | No | 0.0% | 2.80 | 2026-04-12 | In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attacke... |
| [CVE-2019-25713](https://nvd.nist.gov/vuln/detail/CVE-2019-25713) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-04-12 | MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL querie... |
| [CVE-2019-25712](https://nvd.nist.gov/vuln/detail/CVE-2019-25712) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-04-12 | BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers t... |
| [CVE-2019-25711](https://nvd.nist.gov/vuln/detail/CVE-2019-25711) | 6.9 | MEDIUM | CWE-807 | No | 0.0% | 4.83 | 2026-04-12 | SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the appli... |
| [CVE-2019-25710](https://nvd.nist.gov/vuln/detail/CVE-2019-25710) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-12 | Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint tha... |
| [CVE-2019-25709](https://nvd.nist.gov/vuln/detail/CVE-2019-25709) | 9.3 | CRITICAL | CWE-552 | No | 0.1% | 6.51 | 2026-04-12 | CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by access... |
| [CVE-2019-25708](https://nvd.nist.gov/vuln/detail/CVE-2019-25708) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-04-12 | Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change admini... |
| [CVE-2019-25707](https://nvd.nist.gov/vuln/detail/CVE-2019-25707) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-04-12 | eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL qu... |
| [CVE-2019-25706](https://nvd.nist.gov/vuln/detail/CVE-2019-25706) | 8.7 | HIGH | CWE-538 | No | 0.1% | 6.09 | 2026-04-12 | Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom... |
| [CVE-2019-25705](https://nvd.nist.gov/vuln/detail/CVE-2019-25705) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-04-12 | Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or e... |
| [CVE-2019-25703](https://nvd.nist.gov/vuln/detail/CVE-2019-25703) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-04-12 | ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipul... |
| [CVE-2019-25701](https://nvd.nist.gov/vuln/detail/CVE-2019-25701) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-04-12 | Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that a... |
| [CVE-2019-25699](https://nvd.nist.gov/vuln/detail/CVE-2019-25699) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-04-12 | Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authentic... |
| [CVE-2019-25697](https://nvd.nist.gov/vuln/detail/CVE-2019-25697) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-12 | CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries... |
| [CVE-2019-25695](https://nvd.nist.gov/vuln/detail/CVE-2019-25695) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-04-12 | R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting mali... |
| [CVE-2019-25693](https://nvd.nist.gov/vuln/detail/CVE-2019-25693) | 7.1 | HIGH | CWE-352 | No | 0.0% | 4.97 | 2026-04-12 | ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL q... |
| [CVE-2019-25691](https://nvd.nist.gov/vuln/detail/CVE-2019-25691) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-04-12 | Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attac... |
| [CVE-2019-25689](https://nvd.nist.gov/vuln/detail/CVE-2019-25689) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-04-12 | HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code... |
| [CVE-2018-25258](https://nvd.nist.gov/vuln/detail/CVE-2018-25258) | 8.6 | HIGH | CWE-434 | No | 0.0% | 6.02 | 2026-04-12 | RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass... |
| [CVE-2018-25257](https://nvd.nist.gov/vuln/detail/CVE-2018-25257) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-04-12 | Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate... |
| [CVE-2017-20239](https://nvd.nist.gov/vuln/detail/CVE-2017-20239) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-12 | MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by inj... |
| [CVE-2026-6126](https://nvd.nist.gov/vuln/detail/CVE-2026-6126) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-04-12 | A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function... |
| [CVE-2026-6125](https://nvd.nist.gov/vuln/detail/CVE-2026-6125) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-12 | A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpressio... |
| [CVE-2026-6124](https://nvd.nist.gov/vuln/detail/CVE-2026-6124) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-12 | A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the f... |
| [CVE-2026-6123](https://nvd.nist.gov/vuln/detail/CVE-2026-6123) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-12 | A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat... |
| [CVE-2026-6122](https://nvd.nist.gov/vuln/detail/CVE-2026-6122) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-12 | A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /... |
| [CVE-2026-6121](https://nvd.nist.gov/vuln/detail/CVE-2026-6121) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-12 | A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /go... |
| [CVE-2026-6120](https://nvd.nist.gov/vuln/detail/CVE-2026-6120) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-12 | A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/Dhcp... |
| [CVE-2026-6119](https://nvd.nist.gov/vuln/detail/CVE-2026-6119) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-12 | A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get o... |
| [CVE-2026-6118](https://nvd.nist.gov/vuln/detail/CVE-2026-6118) | 5.3 | MEDIUM | CWE-74 | No | 3.4% | 3.81 | 2026-04-12 | A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file... |
| [CVE-2026-6117](https://nvd.nist.gov/vuln/detail/CVE-2026-6117) | 5.3 | MEDIUM | CWE-264 | No | 0.0% | 3.71 | 2026-04-12 | A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of... |
| [CVE-2026-6116](https://nvd.nist.gov/vuln/detail/CVE-2026-6116) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-12 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiag... |
| [CVE-2026-6115](https://nvd.nist.gov/vuln/detail/CVE-2026-6115) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-12 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin... |
| [CVE-2026-6114](https://nvd.nist.gov/vuln/detail/CVE-2026-6114) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-12 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetwork... |
| [CVE-2026-6113](https://nvd.nist.gov/vuln/detail/CVE-2026-6113) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-12 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is t... |
| [CVE-2026-6112](https://nvd.nist.gov/vuln/detail/CVE-2026-6112) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-12 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the fil... |
| [CVE-2026-6111](https://nvd.nist.gov/vuln/detail/CVE-2026-6111) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-12 | A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of t... |
| [CVE-2026-6110](https://nvd.nist.gov/vuln/detail/CVE-2026-6110) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-04-12 | A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of t... |
| [CVE-2026-1116](https://nvd.nist.gov/vuln/detail/CVE-2026-1116) | 8.2 | HIGH | CWE-79 | No | 0.0% | 5.74 | 2026-04-12 | A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in p... |
| [CVE-2026-6109](https://nvd.nist.gov/vuln/detail/CVE-2026-6109) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-04-12 | A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCod... |
| [CVE-2026-6108](https://nvd.nist.gov/vuln/detail/CVE-2026-6108) | 5.3 | MEDIUM | CWE-77 | No | 0.3% | 3.72 | 2026-04-12 | A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps... |
| [CVE-2026-6107](https://nvd.nist.gov/vuln/detail/CVE-2026-6107) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-12 | A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/commo... |
| [CVE-2026-6106](https://nvd.nist.gov/vuln/detail/CVE-2026-6106) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-11 | A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddl... |
| [CVE-2026-6105](https://nvd.nist.gov/vuln/detail/CVE-2026-6105) | 6.9 | MEDIUM | CWE-266 | No | 0.0% | 4.83 | 2026-04-11 | A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the fi... |
| [CVE-2026-23900](https://nvd.nist.gov/vuln/detail/CVE-2026-23900) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-11 | Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been d... |
| [CVE-2026-5809](https://nvd.nist.gov/vuln/detail/CVE-2026-5809) | 7.1 | HIGH | CWE-73 | No | 0.0% | 4.97 | 2026-04-11 | The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.2. Th... |
| [CVE-2026-34621](https://nvd.nist.gov/vuln/detail/CVE-2026-34621) | 8.6 | HIGH | CWE-1321 | Yes | 6.1% | 6.20 | 2026-04-11 | Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of... |
| [CVE-2026-5226](https://nvd.nist.gov/vuln/detail/CVE-2026-5226) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-04-11 | The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL... |
| [CVE-2026-5217](https://nvd.nist.gov/vuln/detail/CVE-2026-5217) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-04-11 | The Optimole – Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image Optimization plugin for WordPress is v... |
| [CVE-2026-5207](https://nvd.nist.gov/vuln/detail/CVE-2026-5207) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-04-11 | The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and i... |
| [CVE-2026-5144](https://nvd.nist.gov/vuln/detail/CVE-2026-5144) | 8.8 | HIGH | CWE-269 | No | 0.0% | 6.16 | 2026-04-11 | The BuddyPress Groupblog plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including... |
| [CVE-2026-4979](https://nvd.nist.gov/vuln/detail/CVE-2026-4979) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-04-11 | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPre... |
| [CVE-2026-4895](https://nvd.nist.gov/vuln/detail/CVE-2026-4895) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-11 | The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in... |
| [CVE-2026-3498](https://nvd.nist.gov/vuln/detail/CVE-2026-3498) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-11 | The BlockArt Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'clientId' block attribute... |
| [CVE-2026-3371](https://nvd.nist.gov/vuln/detail/CVE-2026-3371) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-04-11 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Refere... |
| [CVE-2026-3358](https://nvd.nist.gov/vuln/detail/CVE-2026-3358) | 5.4 | MEDIUM | CWE-862 | No | 0.1% | 3.78 | 2026-04-11 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized private course e... |
| [CVE-2026-40354](https://nvd.nist.gov/vuln/detail/CVE-2026-40354) | 2.9 | LOW | CWE-61 | No | 0.0% | 2.03 | 2026-04-11 | Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host c... |
| [CVE-2026-33119](https://nvd.nist.gov/vuln/detail/CVE-2026-33119) | 5.4 | MEDIUM | CWE-451 | No | 0.1% | 3.78 | 2026-04-10 | User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized... |
| [CVE-2026-33118](https://nvd.nist.gov/vuln/detail/CVE-2026-33118) | 4.3 | MEDIUM | CWE-451 | No | 0.1% | 3.01 | 2026-04-10 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| [CVE-2026-40252](https://nvd.nist.gov/vuln/detail/CVE-2026-40252) | 5.3 | MEDIUM | CWE-284 | No | 0.1% | 3.71 | 2026-04-10 | FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (IDOR/BOLA) allows any... |
| [CVE-2026-40242](https://nvd.nist.gov/vuln/detail/CVE-2026-40242) | 7.2 | HIGH | CWE-918 | No | 0.0% | 5.04 | 2026-04-10 | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/template... |
| [CVE-2026-40194](https://nvd.nist.gov/vuln/detail/CVE-2026-40194) | 3.7 | LOW | CWE-208 | No | 0.0% | 2.59 | 2026-04-10 | phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_pa... |
| [CVE-2026-40191](https://nvd.nist.gov/vuln/detail/CVE-2026-40191) | 6.8 | MEDIUM | CWE-863 | No | 0.0% | 4.76 | 2026-04-10 | ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta... |
| [CVE-2026-40190](https://nvd.nist.gov/vuln/detail/CVE-2026-40190) | 5.6 | MEDIUM | CWE-1321 | No | 0.0% | 3.92 | 2026-04-10 | LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScri... |
| [CVE-2026-40189](https://nvd.nist.gov/vuln/detail/CVE-2026-40189) | 9.3 | CRITICAL | CWE-862 | No | 0.1% | 6.51 | 2026-04-10 | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/ba... |
| [CVE-2026-40188](https://nvd.nist.gov/vuln/detail/CVE-2026-40188) | 7.7 | HIGH | CWE-1314 | No | 0.0% | 5.39 | 2026-04-10 | goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the... |
| [CVE-2026-40185](https://nvd.nist.gov/vuln/detail/CVE-2026-40185) | 7.1 | HIGH | CWE-862 | No | 0.0% | 4.97 | 2026-04-10 | TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo m... |
| [CVE-2026-40184](https://nvd.nist.gov/vuln/detail/CVE-2026-40184) | 3.7 | LOW | CWE-306 | No | 0.1% | 2.59 | 2026-04-10 | TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. Th... |
| [CVE-2026-40180](https://nvd.nist.gov/vuln/detail/CVE-2026-40180) | 7.7 | HIGH | CWE-22 | No | 0.0% | 5.39 | 2026-04-10 | Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.... |
| [CVE-2026-40178](https://nvd.nist.gov/vuln/detail/CVE-2026-40178) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-04-10 | ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was a... |
| [CVE-2026-40177](https://nvd.nist.gov/vuln/detail/CVE-2026-40177) | 9.3 | CRITICAL | CWE-287 | No | 0.1% | 6.51 | 2026-04-10 | ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was a... |
| [CVE-2026-40175](https://nvd.nist.gov/vuln/detail/CVE-2026-40175) | 10.0 | CRITICAL | CWE-113 | No | 0.4% | 7.01 | 2026-04-10 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulner... |
| [CVE-2026-40168](https://nvd.nist.gov/vuln/detail/CVE-2026-40168) | 8.2 | HIGH | CWE-918 | No | 0.0% | 5.74 | 2026-04-10 | Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Al... |
| [CVE-2026-39922](https://nvd.nist.gov/vuln/detail/CVE-2026-39922) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-10 | GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability in the servic... |
| [CVE-2026-39921](https://nvd.nist.gov/vuln/detail/CVE-2026-39921) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-10 | GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows a... |
| [CVE-2026-32252](https://nvd.nist.gov/vuln/detail/CVE-2026-32252) | 7.7 | HIGH | CWE-285 | No | 0.0% | 5.39 | 2026-04-10 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create c... |
| [CVE-2026-30232](https://nvd.nist.gov/vuln/detail/CVE-2026-30232) | 7.8 | HIGH | CWE-918 | No | 0.0% | 5.46 | 2026-04-10 | Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create c... |
| [CVE-2026-3446](https://nvd.nist.gov/vuln/detail/CVE-2026-3446) | 6.0 | MEDIUM | CWE-345 | No | 0.0% | 4.20 | 2026-04-10 | When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded... |
| [CVE-2026-33737](https://nvd.nist.gov/vuln/detail/CVE-2026-33737) | 5.3 | MEDIUM | CWE-611 | No | 0.0% | 3.71 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string()... |
| [CVE-2026-33736](https://nvd.nist.gov/vuln/detail/CVE-2026-33736) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can en... |
| [CVE-2026-33710](https://nvd.nist.gov/vuln/detail/CVE-2026-33710) | 7.5 | HIGH | CWE-330 | No | 0.0% | 5.25 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time... |
| [CVE-2026-33708](https://nvd.nist.gov/vuln/detail/CVE-2026-33708) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns... |
| [CVE-2026-33707](https://nvd.nist.gov/vuln/detail/CVE-2026-33707) | 9.4 | CRITICAL | CWE-640 | No | 0.1% | 6.58 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism gener... |
| [CVE-2026-33706](https://nvd.nist.gov/vuln/detail/CVE-2026-33706) | 7.1 | HIGH | CWE-269 | No | 0.0% | 4.97 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify the... |
| [CVE-2026-33705](https://nvd.nist.gov/vuln/detail/CVE-2026-33705) | 5.3 | MEDIUM | CWE-538 | No | 0.0% | 3.71 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/... |
| [CVE-2026-33704](https://nvd.nist.gov/vuln/detail/CVE-2026-33704) | 7.1 | HIGH | CWE-434 | No | 0.2% | 4.98 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arb... |
| [CVE-2026-33703](https://nvd.nist.gov/vuln/detail/CVE-2026-33703) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerabili... |
| [CVE-2026-33702](https://nvd.nist.gov/vuln/detail/CVE-2026-33702) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Ob... |
| [CVE-2026-33698](https://nvd.nist.gov/vuln/detail/CVE-2026-33698) | 9.3 | CRITICAL | CWE-552 | No | 0.1% | 6.51 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code fr... |
| [CVE-2026-33618](https://nvd.nist.gov/vuln/detail/CVE-2026-33618) | 8.8 | HIGH | CWE-95 | No | 0.0% | 6.16 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray... |
| [CVE-2026-27460](https://nvd.nist.gov/vuln/detail/CVE-2026-27460) | 6.5 | MEDIUM | CWE-409 | No | 0.0% | 4.55 | 2026-04-10 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a c... |
| [CVE-2026-5483](https://nvd.nist.gov/vuln/detail/CVE-2026-5483) | 8.5 | HIGH | CWE-201 | No | 0.1% | 5.95 | 2026-04-10 | A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Ha... |
| [CVE-2026-40163](https://nvd.nist.gov/vuln/detail/CVE-2026-40163) | 8.2 | HIGH | CWE-22 | No | 0.1% | 5.74 | 2026-04-10 | Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, t... |
| [CVE-2026-40162](https://nvd.nist.gov/vuln/detail/CVE-2026-40162) | 7.1 | HIGH | CWE-20 | No | 0.1% | 4.97 | 2026-04-10 | Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugs... |
| [CVE-2026-33141](https://nvd.nist.gov/vuln/detail/CVE-2026-33141) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerabili... |
| [CVE-2026-32932](https://nvd.nist.gov/vuln/detail/CVE-2026-32932) | 4.7 | MEDIUM | CWE-601 | No | 0.0% | 3.29 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the sess... |
| [CVE-2026-32931](https://nvd.nist.gov/vuln/detail/CVE-2026-32931) | 7.5 | HIGH | CWE-434 | No | 0.2% | 5.25 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability... |
| [CVE-2026-32930](https://nvd.nist.gov/vuln/detail/CVE-2026-32930) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR)... |
| [CVE-2026-32894](https://nvd.nist.gov/vuln/detail/CVE-2026-32894) | 7.1 | HIGH | CWE-476 | No | 0.0% | 4.97 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR)... |
| [CVE-2026-32893](https://nvd.nist.gov/vuln/detail/CVE-2026-32893) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability i... |
| [CVE-2026-32892](https://nvd.nist.gov/vuln/detail/CVE-2026-32892) | 9.1 | CRITICAL | CWE-78 | No | 0.2% | 6.38 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injecti... |
| [CVE-2026-31941](https://nvd.nist.gov/vuln/detail/CVE-2026-31941) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request... |
| [CVE-2026-31940](https://nvd.nist.gov/vuln/detail/CVE-2026-31940) | 7.5 | HIGH | CWE-384 | No | 0.0% | 5.25 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled... |
| [CVE-2026-31939](https://nvd.nist.gov/vuln/detail/CVE-2026-31939) | 8.3 | HIGH | CWE-22 | No | 0.0% | 5.81 | 2026-04-10 | Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php... |
| [CVE-2026-1502](https://nvd.nist.gov/vuln/detail/CVE-2026-1502) | 5.7 | MEDIUM | N/A | No | 0.0% | 3.99 | 2026-04-10 | CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. |
| [CVE-2025-66447](https://nvd.nist.gov/vuln/detail/CVE-2025-66447) | 0.0 | NONE | CWE-601 | No | 0.0% | 0.00 | 2026-04-10 | Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through... |
| [CVE-2026-40200](https://nvd.nist.gov/vuln/detail/CVE-2026-40200) | 8.1 | HIGH | CWE-670 | No | 0.0% | 5.67 | 2026-04-10 | An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very... |
| [CVE-2026-40160](https://nvd.nist.gov/vuln/detail/CVE-2026-40160) | 7.1 | HIGH | CWE-918 | No | 0.0% | 4.97 | 2026-04-10 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied UR... |
| [CVE-2026-40159](https://nvd.nist.gov/vuln/detail/CVE-2026-40159) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-10 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol) integration allows s... |
| [CVE-2026-40158](https://nvd.nist.gov/vuln/detail/CVE-2026-40158) | 8.6 | HIGH | CWE-94 | No | 0.0% | 6.02 | 2026-04-10 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using ty... |
| [CVE-2026-40157](https://nvd.nist.gov/vuln/detail/CVE-2026-40157) | 9.4 | CRITICAL | CWE-22 | No | 0.1% | 6.58 | 2026-04-10 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives u... |
| [CVE-2026-40156](https://nvd.nist.gov/vuln/detail/CVE-2026-40156) | 7.8 | HIGH | CWE-94 | No | 0.0% | 5.46 | 2026-04-10 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the... |
| [CVE-2026-40103](https://nvd.nist.gov/vuln/detail/CVE-2026-40103) | 4.3 | MEDIUM | CWE-836 | No | 0.0% | 3.01 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement f... |
| [CVE-2026-40100](https://nvd.nist.gov/vuln/detail/CVE-2026-40100) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-10 | FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitr... |
| [CVE-2026-40097](https://nvd.nist.gov/vuln/detail/CVE-2026-40097) | 3.7 | LOW | CWE-129 | No | 0.0% | 2.59 | 2026-04-10 | Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to befor... |
| [CVE-2026-40086](https://nvd.nist.gov/vuln/detail/CVE-2026-40086) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-04-10 | Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server al... |
| [CVE-2026-40074](https://nvd.nist.gov/vuln/detail/CVE-2026-40074) | 6.3 | MEDIUM | CWE-755 | No | 0.0% | 4.41 | 2026-04-10 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redir... |
| [CVE-2026-40073](https://nvd.nist.gov/vuln/detail/CVE-2026-40073) | 8.2 | HIGH | CWE-770 | No | 0.1% | 5.74 | 2026-04-10 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under... |
| [CVE-2026-35670](https://nvd.nist.gov/vuln/detail/CVE-2026-35670) | 6.0 | MEDIUM | CWE-807 | No | 0.1% | 4.20 | 2026-04-10 | OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies t... |
| [CVE-2026-35669](https://nvd.nist.gov/vuln/detail/CVE-2026-35669) | 8.7 | HIGH | CWE-648 | No | 0.0% | 6.09 | 2026-04-10 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that... |
| [CVE-2026-35668](https://nvd.nist.gov/vuln/detail/CVE-2026-35668) | 7.1 | HIGH | CWE-22 | No | 0.0% | 4.97 | 2026-04-10 | OpenClaw before 2026.3.24 contains a path traversal vulnerability in sandbox enforcement allowing sandboxed agents to re... |
| [CVE-2026-35667](https://nvd.nist.gov/vuln/detail/CVE-2026-35667) | 6.9 | MEDIUM | CWE-404 | No | 0.0% | 4.83 | 2026-04-10 | OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched k... |
| [CVE-2026-35666](https://nvd.nist.gov/vuln/detail/CVE-2026-35666) | 7.7 | HIGH | CWE-706 | No | 0.0% | 5.39 | 2026-04-10 | OpenClaw before 2026.3.22 contains an allowlist bypass vulnerability in system.run approvals that fails to unwrap /usr/b... |
| [CVE-2026-35665](https://nvd.nist.gov/vuln/detail/CVE-2026-35665) | 6.9 | MEDIUM | CWE-405 | No | 0.1% | 4.83 | 2026-04-10 | OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request... |
| [CVE-2026-35664](https://nvd.nist.gov/vuln/detail/CVE-2026-35664) | 6.9 | MEDIUM | CWE-288 | No | 0.1% | 4.83 | 2026-04-10 | OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired... |
| [CVE-2026-35663](https://nvd.nist.gov/vuln/detail/CVE-2026-35663) | 8.7 | HIGH | CWE-648 | No | 0.0% | 6.09 | 2026-04-10 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request bro... |
| [CVE-2026-35662](https://nvd.nist.gov/vuln/detail/CVE-2026-35662) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-10 | OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to mess... |
| [CVE-2026-35661](https://nvd.nist.gov/vuln/detail/CVE-2026-35661) | 6.9 | MEDIUM | CWE-288 | No | 0.0% | 4.83 | 2026-04-10 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows... |
| [CVE-2026-35660](https://nvd.nist.gov/vuln/detail/CVE-2026-35660) | 7.2 | HIGH | CWE-862 | No | 0.0% | 5.04 | 2026-04-10 | OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint tha... |
| [CVE-2026-35659](https://nvd.nist.gov/vuln/detail/CVE-2026-35659) | 5.1 | MEDIUM | CWE-345 | No | 0.0% | 3.57 | 2026-04-10 | OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could in... |
| [CVE-2026-35658](https://nvd.nist.gov/vuln/detail/CVE-2026-35658) | 6.0 | MEDIUM | CWE-668 | No | 0.0% | 4.20 | 2026-04-10 | OpenClaw before 2026.3.2 contains a filesystem boundary bypass vulnerability in the image tool that fails to honor tools... |
| [CVE-2026-35657](https://nvd.nist.gov/vuln/detail/CVE-2026-35657) | 7.1 | HIGH | CWE-863 | No | 0.0% | 4.97 | 2026-04-10 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route... |
| [CVE-2026-35656](https://nvd.nist.gov/vuln/detail/CVE-2026-35656) | 6.3 | MEDIUM | CWE-290 | No | 0.1% | 4.41 | 2026-04-10 | OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when... |
| [CVE-2026-35655](https://nvd.nist.gov/vuln/detail/CVE-2026-35655) | 6.9 | MEDIUM | CWE-807 | No | 0.0% | 4.83 | 2026-04-10 | OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicti... |
| [CVE-2026-35654](https://nvd.nist.gov/vuln/detail/CVE-2026-35654) | 6.9 | MEDIUM | CWE-288 | No | 0.0% | 4.83 | 2026-04-10 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Microsoft Teams feedback invokes that allows... |
| [CVE-2026-35653](https://nvd.nist.gov/vuln/detail/CVE-2026-35653) | 7.2 | HIGH | CWE-863 | No | 0.1% | 5.04 | 2026-04-10 | OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that all... |
| [CVE-2026-35652](https://nvd.nist.gov/vuln/detail/CVE-2026-35652) | 6.9 | MEDIUM | CWE-696 | No | 0.0% | 4.83 | 2026-04-10 | OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows no... |
| [CVE-2026-35651](https://nvd.nist.gov/vuln/detail/CVE-2026-35651) | 5.3 | MEDIUM | CWE-150 | No | 0.0% | 3.71 | 2026-04-10 | OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompt... |
| [CVE-2026-35650](https://nvd.nist.gov/vuln/detail/CVE-2026-35650) | 7.7 | HIGH | CWE-15 | No | 0.1% | 5.39 | 2026-04-10 | OpenClaw before 2026.3.22 contains an environment variable override handling vulnerability that allows attackers to bypa... |
| [CVE-2026-35649](https://nvd.nist.gov/vuln/detail/CVE-2026-35649) | 6.3 | MEDIUM | CWE-183 | No | 0.0% | 4.41 | 2026-04-10 | OpenClaw before 2026.3.22 contains a settings reconciliation vulnerability that allows attackers to bypass intended deny... |
| [CVE-2026-35648](https://nvd.nist.gov/vuln/detail/CVE-2026-35648) | 2.3 | LOW | CWE-367 | No | 0.0% | 1.61 | 2026-04-10 | OpenClaw before 2026.3.22 contains a policy bypass vulnerability where queued node actions are not revalidated against c... |
| [CVE-2026-35647](https://nvd.nist.gov/vuln/detail/CVE-2026-35647) | 6.9 | MEDIUM | CWE-288 | No | 0.0% | 4.83 | 2026-04-10 | OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks an... |
| [CVE-2026-35643](https://nvd.nist.gov/vuln/detail/CVE-2026-35643) | 8.6 | HIGH | CWE-940 | No | 0.0% | 6.02 | 2026-04-10 | OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject... |
| [CVE-2026-35641](https://nvd.nist.gov/vuln/detail/CVE-2026-35641) | 8.4 | HIGH | CWE-349 | No | 0.0% | 5.88 | 2026-04-10 | OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that... |
| [CVE-2026-35621](https://nvd.nist.gov/vuln/detail/CVE-2026-35621) | 7.1 | HIGH | CWE-862 | No | 0.0% | 4.97 | 2026-04-10 | OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validat... |
| [CVE-2026-35620](https://nvd.nist.gov/vuln/detail/CVE-2026-35620) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-04-10 | OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handle... |
| [CVE-2026-35619](https://nvd.nist.gov/vuln/detail/CVE-2026-35619) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-04-10 | OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to e... |
| [CVE-2026-35602](https://nvd.nist.gov/vuln/detail/CVE-2026-35602) | 5.4 | MEDIUM | CWE-770 | No | 0.0% | 3.78 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses th... |
| [CVE-2026-35601](https://nvd.nist.gov/vuln/detail/CVE-2026-35601) | 4.1 | MEDIUM | CWE-93 | No | 0.0% | 2.87 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCale... |
| [CVE-2026-35600](https://nvd.nist.gov/vuln/detail/CVE-2026-35600) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into M... |
| [CVE-2026-35599](https://nvd.nist.gov/vuln/detail/CVE-2026-35599) | 6.5 | MEDIUM | CWE-407 | No | 0.0% | 4.55 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function use... |
| [CVE-2026-35598](https://nvd.nist.gov/vuln/detail/CVE-2026-35598) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesB... |
| [CVE-2026-35597](https://nvd.nist.gov/vuln/detail/CVE-2026-35597) | 5.9 | MEDIUM | CWE-307 | No | 0.0% | 4.13 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanis... |
| [CVE-2026-35596](https://nvd.nist.gov/vuln/detail/CVE-2026-35596) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a... |
| [CVE-2026-35595](https://nvd.nist.gov/vuln/detail/CVE-2026-35595) | 8.3 | HIGH | CWE-269 | No | 0.0% | 5.81 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projec... |
| [CVE-2026-22560](https://nvd.nist.gov/vuln/detail/CVE-2026-22560) | 5.3 | MEDIUM | CWE-601 | No | 0.0% | 3.71 | 2026-04-10 | An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by... |
| [CVE-2026-40228](https://nvd.nist.gov/vuln/detail/CVE-2026-40228) | 2.9 | LOW | CWE-669 | No | 0.0% | 2.03 | 2026-04-10 | In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p em... |
| [CVE-2026-40227](https://nvd.nist.gov/vuln/detail/CVE-2026-40227) | 6.2 | MEDIUM | CWE-1025 | No | 0.0% | 4.34 | 2026-04-10 | In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that... |
| [CVE-2026-40226](https://nvd.nist.gov/vuln/detail/CVE-2026-40226) | 6.4 | MEDIUM | CWE-348 | No | 0.0% | 4.48 | 2026-04-10 | In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. |
| [CVE-2026-40225](https://nvd.nist.gov/vuln/detail/CVE-2026-40225) | 6.4 | MEDIUM | CWE-669 | No | 0.0% | 4.48 | 2026-04-10 | In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel outp... |
| [CVE-2026-40224](https://nvd.nist.gov/vuln/detail/CVE-2026-40224) | 6.7 | MEDIUM | CWE-863 | No | 0.0% | 4.69 | 2026-04-10 | In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach... |
| [CVE-2026-40223](https://nvd.nist.gov/vuln/detail/CVE-2026-40223) | 4.7 | MEDIUM | CWE-696 | No | 0.0% | 3.29 | 2026-04-10 | In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exi... |
| [CVE-2026-35594](https://nvd.nist.gov/vuln/detail/CVE-2026-35594) | 6.5 | MEDIUM | CWE-613 | No | 0.0% | 4.55 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication (Get... |
| [CVE-2026-34727](https://nvd.nist.gov/vuln/detail/CVE-2026-34727) | 7.4 | HIGH | CWE-287 | No | 0.0% | 5.18 | 2026-04-10 | Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full... |
| [CVE-2026-29043](https://nvd.nist.gov/vuln/detail/CVE-2026-29043) | 5.5 | MEDIUM | CWE-122 | No | 0.0% | 3.85 | 2026-04-10 | HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can t... |
| [CVE-2026-29002](https://nvd.nist.gov/vuln/detail/CVE-2026-29002) | 8.6 | HIGH | CWE-639 | No | 0.0% | 6.02 | 2026-04-10 | CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin... |
| [CVE-2026-23781](https://nvd.nist.gov/vuln/detail/CVE-2026-23781) | 9.8 | CRITICAL | CWE-798 | No | 0.0% | 6.86 | 2026-04-10 | An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded... |
| [CVE-2026-36236](https://nvd.nist.gov/vuln/detail/CVE-2026-36236) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-04-10 | SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password p... |
| [CVE-2026-36235](https://nvd.nist.gov/vuln/detail/CVE-2026-36235) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-04-10 | A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System... |
| [CVE-2026-36234](https://nvd.nist.gov/vuln/detail/CVE-2026-36234) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-04-10 | itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename'... |
| [CVE-2026-36233](https://nvd.nist.gov/vuln/detail/CVE-2026-36233) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-04-10 | A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollme... |
| [CVE-2026-36232](https://nvd.nist.gov/vuln/detail/CVE-2026-36232) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-04-10 | A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment Syst... |
| [CVE-2026-31262](https://nvd.nist.gov/vuln/detail/CVE-2026-31262) | 6.1 | MEDIUM | CWE-200 | No | 0.1% | 4.27 | 2026-04-10 | Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtai... |
| [CVE-2026-29861](https://nvd.nist.gov/vuln/detail/CVE-2026-29861) | 9.8 | CRITICAL | CWE-89 | No | 0.0% | 6.86 | 2026-04-10 | PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at l... |
| [CVE-2026-23782](https://nvd.nist.gov/vuln/detail/CVE-2026-23782) | 7.5 | HIGH | CWE-284 | No | 0.1% | 5.25 | 2026-04-10 | An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated us... |
| [CVE-2026-23780](https://nvd.nist.gov/vuln/detail/CVE-2026-23780) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.16 | 2026-04-10 | An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug... |
| [CVE-2025-44560](https://nvd.nist.gov/vuln/detail/CVE-2025-44560) | 9.8 | CRITICAL | CWE-120 | No | 0.0% | 6.86 | 2026-04-10 | owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking. |
| [CVE-2026-6069](https://nvd.nist.gov/vuln/detail/CVE-2026-6069) | 7.5 | HIGH | N/A | No | 0.0% | 5.25 | 2026-04-10 | NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker... |
| [CVE-2026-6068](https://nvd.nist.gov/vuln/detail/CVE-2026-6068) | 6.5 | MEDIUM | N/A | No | 0.0% | 4.55 | 2026-04-10 | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed mem... |
| [CVE-2026-6067](https://nvd.nist.gov/vuln/detail/CVE-2026-6067) | 7.5 | HIGH | N/A | No | 0.1% | 5.25 | 2026-04-10 | A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_... |
| [CVE-2026-40217](https://nvd.nist.gov/vuln/detail/CVE-2026-40217) | 8.8 | HIGH | CWE-420 | No | 0.2% | 6.17 | 2026-04-10 | LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t... |
| [CVE-2026-33092](https://nvd.nist.gov/vuln/detail/CVE-2026-33092) | 7.8 | HIGH | CWE-15 | No | 0.0% | 5.46 | 2026-04-10 | Local privilege escalation due to improper handling of environment variables. The following products are affected: Acron... |
| [CVE-2025-5804](https://nvd.nist.gov/vuln/detail/CVE-2025-5804) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-04-10 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2025-58920](https://nvd.nist.gov/vuln/detail/CVE-2025-58920) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-04-10 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato... |
| [CVE-2025-58913](https://nvd.nist.gov/vuln/detail/CVE-2025-58913) | 8.1 | HIGH | CWE-98 | No | 0.1% | 5.67 | 2026-04-10 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-5774](https://nvd.nist.gov/vuln/detail/CVE-2026-5774) | 6.0 | MEDIUM | CWE-362 | No | 0.0% | 4.20 | 2026-04-10 | Improper synchronization of the userTokens map in the API server in Canonical Juju 4.0.5, 3.6.20, and 2.9.56 may allow a... |
| [CVE-2026-5412](https://nvd.nist.gov/vuln/detail/CVE-2026-5412) | 9.9 | CRITICAL | CWE-285 | No | 0.0% | 6.93 | 2026-04-10 | In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated us... |
| [CVE-2026-5777](https://nvd.nist.gov/vuln/detail/CVE-2026-5777) | 8.7 | HIGH | CWE-306 | No | 0.0% | 6.09 | 2026-04-10 | This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service ov... |
| [CVE-2026-6057](https://nvd.nist.gov/vuln/detail/CVE-2026-6057) | 9.8 | CRITICAL | CWE-22 | No | 0.1% | 6.86 | 2026-04-10 | FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remot... |
| [CVE-2026-4162](https://nvd.nist.gov/vuln/detail/CVE-2026-4162) | 7.1 | HIGH | CWE-862 | No | 0.0% | 4.97 | 2026-04-10 | The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. Th... |
| [CVE-2021-47961](https://nvd.nist.gov/vuln/detail/CVE-2021-47961) | 8.1 | HIGH | CWE-256 | No | 0.0% | 5.67 | 2026-04-10 | A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to... |
| [CVE-2021-47960](https://nvd.nist.gov/vuln/detail/CVE-2021-47960) | 6.5 | MEDIUM | CWE-552 | No | 0.0% | 4.55 | 2026-04-10 | A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows... |
| [CVE-2026-6042](https://nvd.nist.gov/vuln/detail/CVE-2026-6042) | 4.8 | MEDIUM | CWE-404 | No | 0.0% | 3.36 | 2026-04-10 | A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/icon... |
| [CVE-2026-6038](https://nvd.nist.gov/vuln/detail/CVE-2026-6038) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-10 | A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function... |
| [CVE-2026-6037](https://nvd.nist.gov/vuln/detail/CVE-2026-6037) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-10 | A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function... |
| [CVE-2026-6036](https://nvd.nist.gov/vuln/detail/CVE-2026-6036) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-10 | A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown fu... |
| [CVE-2026-33457](https://nvd.nist.gov/vuln/detail/CVE-2026-33457) | 5.3 | MEDIUM | CWE-140 | No | 0.0% | 3.71 | 2026-04-10 | Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated... |
| [CVE-2026-33456](https://nvd.nist.gov/vuln/detail/CVE-2026-33456) | 5.1 | MEDIUM | CWE-140 | No | 0.0% | 3.57 | 2026-04-10 | Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with a... |
| [CVE-2026-33455](https://nvd.nist.gov/vuln/detail/CVE-2026-33455) | 5.3 | MEDIUM | CWE-140 | No | 0.0% | 3.71 | 2026-04-10 | Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livest... |
| [CVE-2026-6035](https://nvd.nist.gov/vuln/detail/CVE-2026-6035) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-10 | A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unkno... |
| [CVE-2026-6034](https://nvd.nist.gov/vuln/detail/CVE-2026-6034) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-10 | A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the fi... |
| [CVE-2026-6033](https://nvd.nist.gov/vuln/detail/CVE-2026-6033) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-10 | A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedet... |
| [CVE-2026-6032](https://nvd.nist.gov/vuln/detail/CVE-2026-6032) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-10 | A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /chec... |
| [CVE-2026-6031](https://nvd.nist.gov/vuln/detail/CVE-2026-6031) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-10 | A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the... |
| [CVE-2026-5525](https://nvd.nist.gov/vuln/detail/CVE-2026-5525) | 6.0 | MEDIUM | CWE-121 | No | 0.0% | 4.20 | 2026-04-10 | A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a... |
| [CVE-2026-40212](https://nvd.nist.gov/vuln/detail/CVE-2026-40212) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-10 | OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console... |
| [CVE-2026-6030](https://nvd.nist.gov/vuln/detail/CVE-2026-6030) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-10 | A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of... |
| [CVE-2026-6029](https://nvd.nist.gov/vuln/detail/CVE-2026-6029) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-10 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccoun... |
| [CVE-2026-6028](https://nvd.nist.gov/vuln/detail/CVE-2026-6028) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-10 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpSer... |
| [CVE-2026-6027](https://nvd.nist.gov/vuln/detail/CVE-2026-6027) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-10 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRul... |
| [CVE-2026-6026](https://nvd.nist.gov/vuln/detail/CVE-2026-6026) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-10 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function se... |
| [CVE-2026-4432](https://nvd.nist.gov/vuln/detail/CVE-2026-4432) | 6.5 | MEDIUM | N/A | No | 0.0% | 4.55 | 2026-04-10 | The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_t... |
| [CVE-2026-28704](https://nvd.nist.gov/vuln/detail/CVE-2026-28704) | 8.4 | HIGH | CWE-427 | No | 0.0% | 5.88 | 2026-04-10 | Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbit... |
| [CVE-2026-1115](https://nvd.nist.gov/vuln/detail/CVE-2026-1115) | 9.6 | CRITICAL | CWE-79 | No | 0.0% | 6.72 | 2026-04-10 | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the... |
| [CVE-2025-14545](https://nvd.nist.gov/vuln/detail/CVE-2025-14545) | 6.5 | MEDIUM | N/A | No | 0.1% | 4.55 | 2026-04-10 | The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation... |
| [CVE-2026-6025](https://nvd.nist.gov/vuln/detail/CVE-2026-6025) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-10 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the f... |
| [CVE-2026-6024](https://nvd.nist.gov/vuln/detail/CVE-2026-6024) | 6.9 | MEDIUM | CWE-22 | No | 0.1% | 4.83 | 2026-04-10 | A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfu... |
| [CVE-2026-6016](https://nvd.nist.gov/vuln/detail/CVE-2026-6016) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-10 | A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/W... |
| [CVE-2026-6015](https://nvd.nist.gov/vuln/detail/CVE-2026-6015) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-10 | A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/Qui... |
| [CVE-2026-5477](https://nvd.nist.gov/vuln/detail/CVE-2026-5477) | 8.2 | HIGH | CWE-190 | No | 0.0% | 5.74 | 2026-04-10 | An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The functi... |
| [CVE-2026-6014](https://nvd.nist.gov/vuln/detail/CVE-2026-6014) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-10 | A flaw has been found in D-Link DIR-513 1.10. This issue affects the function formAdvanceSetup of the file /goform/formA... |
| [CVE-2026-6013](https://nvd.nist.gov/vuln/detail/CVE-2026-6013) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-10 | A vulnerability was detected in D-Link DIR-513 1.10. This vulnerability affects the function formSetRoute of the file /g... |
| [CVE-2026-6012](https://nvd.nist.gov/vuln/detail/CVE-2026-6012) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-10 | A security vulnerability has been detected in D-Link DIR-513 1.10. This affects the function formSetPassword of the file... |
| [CVE-2026-6011](https://nvd.nist.gov/vuln/detail/CVE-2026-6011) | 6.3 | MEDIUM | CWE-918 | No | 0.0% | 4.41 | 2026-04-10 | A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the... |
| [CVE-2026-4482](https://nvd.nist.gov/vuln/detail/CVE-2026-4482) | 6.8 | MEDIUM | CWE-732 | No | 0.0% | 4.76 | 2026-04-10 | The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windo... |
| [CVE-2026-6010](https://nvd.nist.gov/vuln/detail/CVE-2026-6010) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-10 | A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknow... |
| [CVE-2026-6007](https://nvd.nist.gov/vuln/detail/CVE-2026-6007) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-10 | A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the fi... |
| [CVE-2026-6006](https://nvd.nist.gov/vuln/detail/CVE-2026-6006) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-10 | A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown... |
| [CVE-2026-6005](https://nvd.nist.gov/vuln/detail/CVE-2026-6005) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-10 | A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function... |
| [CVE-2026-5501](https://nvd.nist.gov/vuln/detail/CVE-2026-5501) | 8.6 | HIGH | CWE-295 | No | 0.0% | 6.02 | 2026-04-10 | wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is... |
| [CVE-2026-5500](https://nvd.nist.gov/vuln/detail/CVE-2026-5500) | 8.7 | HIGH | CWE-20 | No | 0.1% | 6.09 | 2026-04-10 | wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received a... |
| [CVE-2026-5479](https://nvd.nist.gov/vuln/detail/CVE-2026-5479) | 7.6 | HIGH | CWE-354 | No | 0.0% | 5.32 | 2026-04-10 | In wolfSSL's EVP layer, the ChaCha20-Poly1305 AEAD decryption path in wolfSSL_EVP_CipherFinal (and related EVP cipher fi... |
| [CVE-2026-5466](https://nvd.nist.gov/vuln/detail/CVE-2026-5466) | 7.6 | HIGH | CWE-347 | No | 0.0% | 5.32 | 2026-04-10 | wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_... |
| [CVE-2026-5188](https://nvd.nist.gov/vuln/detail/CVE-2026-5188) | 2.3 | LOW | CWE-191 | No | 0.0% | 1.61 | 2026-04-10 | An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certific... |
| [CVE-2026-2305](https://nvd.nist.gov/vuln/detail/CVE-2026-2305) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-10 | The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `aFhfc_head_cod... |
| [CVE-2026-6004](https://nvd.nist.gov/vuln/detail/CVE-2026-6004) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-10 | A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the fil... |
| [CVE-2026-6003](https://nvd.nist.gov/vuln/detail/CVE-2026-6003) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-10 | A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unkn... |
| [CVE-2026-6000](https://nvd.nist.gov/vuln/detail/CVE-2026-6000) | 2.1 | LOW | CWE-200 | No | 0.0% | 1.47 | 2026-04-10 | A vulnerability was found in code-projects Online Library Management System 1.0. Affected is an unknown function of the... |
| [CVE-2026-5999](https://nvd.nist.gov/vuln/detail/CVE-2026-5999) | 5.3 | MEDIUM | CWE-266 | No | 0.0% | 3.71 | 2026-04-10 | A vulnerability has been found in JeecgBoot up to 3.9.1. This impacts an unknown function of the component SysAnnounceme... |
| [CVE-2026-33551](https://nvd.nist.gov/vuln/detail/CVE-2026-33551) | 3.5 | LOW | CWE-863 | No | 0.0% | 2.45 | 2026-04-10 | An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted applic... |
| [CVE-2026-5998](https://nvd.nist.gov/vuln/detail/CVE-2026-5998) | 5.5 | MEDIUM | CWE-22 | No | 0.0% | 3.85 | 2026-04-10 | A flaw has been found in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects the function dispatch of the file... |
| [CVE-2026-5997](https://nvd.nist.gov/vuln/detail/CVE-2026-5997) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-10 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setLoginPass... |
| [CVE-2026-5996](https://nvd.nist.gov/vuln/detail/CVE-2026-5996) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-10 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the functio... |
| [CVE-2026-4977](https://nvd.nist.gov/vuln/detail/CVE-2026-4977) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-10 | The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerab... |
| [CVE-2026-4664](https://nvd.nist.gov/vuln/detail/CVE-2026-4664) | 5.3 | MEDIUM | CWE-287 | No | 0.1% | 3.71 | 2026-04-10 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to,... |
| [CVE-2026-4351](https://nvd.nist.gov/vuln/detail/CVE-2026-4351) | 8.1 | HIGH | CWE-22 | No | 0.1% | 5.67 | 2026-04-10 | The Perfmatters plugin for WordPress is vulnerable to arbitrary file overwrite via path traversal in all versions up to,... |
| [CVE-2026-4305](https://nvd.nist.gov/vuln/detail/CVE-2026-4305) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-10 | The Royal WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the... |
| [CVE-2026-4057](https://nvd.nist.gov/vuln/detail/CVE-2026-4057) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-10 | The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability... |
| [CVE-2026-3360](https://nvd.nist.gov/vuln/detail/CVE-2026-3360) | 7.5 | HIGH | CWE-862 | No | 0.1% | 5.25 | 2026-04-10 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Ref... |
| [CVE-2026-2712](https://nvd.nist.gov/vuln/detail/CVE-2026-2712) | 5.4 | MEDIUM | CWE-863 | No | 0.0% | 3.78 | 2026-04-10 | The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability che... |
| [CVE-2026-1924](https://nvd.nist.gov/vuln/detail/CVE-2026-1924) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-04-10 | The Aruba HiSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and incl... |
| [CVE-2026-1263](https://nvd.nist.gov/vuln/detail/CVE-2026-1263) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-10 | The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.... |
| [CVE-2026-5995](https://nvd.nist.gov/vuln/detail/CVE-2026-5995) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-10 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setMiniuiHomeInfoShow... |
| [CVE-2026-5994](https://nvd.nist.gov/vuln/detail/CVE-2026-5994) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-10 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setTelnetC... |
| [CVE-2026-5993](https://nvd.nist.gov/vuln/detail/CVE-2026-5993) | 8.9 | HIGH | CWE-77 | No | 0.9% | 6.26 | 2026-04-10 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFi... |
| [CVE-2026-5992](https://nvd.nist.gov/vuln/detail/CVE-2026-5992) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-10 | A vulnerability was determined in Tenda F451 1.0.0.7. This affects the function fromP2pListFilter of the file /goform/P2... |
| [CVE-2026-5991](https://nvd.nist.gov/vuln/detail/CVE-2026-5991) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-10 | A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /gof... |
| [CVE-2026-5990](https://nvd.nist.gov/vuln/detail/CVE-2026-5990) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-10 | A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter... |
| [CVE-2026-5989](https://nvd.nist.gov/vuln/detail/CVE-2026-5989) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-10 | A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. E... |
| [CVE-2026-5460](https://nvd.nist.gov/vuln/detail/CVE-2026-5460) | 6.3 | MEDIUM | CWE-416 | No | 0.1% | 4.41 | 2026-04-10 | A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the err... |
| [CVE-2026-5448](https://nvd.nist.gov/vuln/detail/CVE-2026-5448) | 2.3 | LOW | CWE-122 | No | 0.0% | 1.61 | 2026-04-10 | X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing d... |
| [CVE-2026-5393](https://nvd.nist.gov/vuln/detail/CVE-2026-5393) | 6.3 | MEDIUM | CWE-125 | No | 0.0% | 4.41 | 2026-04-10 | Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-... |
| [CVE-2026-5392](https://nvd.nist.gov/vuln/detail/CVE-2026-5392) | 2.3 | LOW | CWE-125 | No | 0.0% | 1.61 | 2026-04-10 | Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bound... |
| [CVE-2026-5988](https://nvd.nist.gov/vuln/detail/CVE-2026-5988) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-09 | A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetW... |
| [CVE-2026-5987](https://nvd.nist.gov/vuln/detail/CVE-2026-5987) | 5.1 | MEDIUM | CWE-791 | No | 0.1% | 3.57 | 2026-04-09 | A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFree... |
| [CVE-2026-5986](https://nvd.nist.gov/vuln/detail/CVE-2026-5986) | 5.5 | MEDIUM | CWE-400 | No | 0.1% | 3.85 | 2026-04-09 | A weakness has been identified in Zod jsVideoUrlParser up to 0.5.1. The impacted element is the function getTime in the... |
| [CVE-2026-5985](https://nvd.nist.gov/vuln/detail/CVE-2026-5985) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-09 | A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown... |
| [CVE-2026-5507](https://nvd.nist.gov/vuln/detail/CVE-2026-5507) | 4.1 | MEDIUM | CWE-502 | No | 0.0% | 2.87 | 2026-04-09 | When restoring a session from cache, a pointer from the serialized session data is used in a free operation without vali... |
| [CVE-2026-5504](https://nvd.nist.gov/vuln/detail/CVE-2026-5504) | 6.3 | MEDIUM | CWE-354 | No | 0.0% | 4.41 | 2026-04-09 | A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repe... |
| [CVE-2026-5503](https://nvd.nist.gov/vuln/detail/CVE-2026-5503) | 6.9 | MEDIUM | CWE-787 | No | 0.1% | 4.83 | 2026-04-09 | In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This... |
| [CVE-2026-5295](https://nvd.nist.gov/vuln/detail/CVE-2026-5295) | 5.9 | MEDIUM | CWE-121 | No | 0.0% | 4.13 | 2026-04-09 | A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/... |
| [CVE-2026-34424](https://nvd.nist.gov/vuln/detail/CVE-2026-34424) | 9.3 | CRITICAL | CWE-506 | No | 0.2% | 6.52 | 2026-04-09 | Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected throu... |
| [CVE-2026-5984](https://nvd.nist.gov/vuln/detail/CVE-2026-5984) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-09 | A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formS... |
| [CVE-2026-5983](https://nvd.nist.gov/vuln/detail/CVE-2026-5983) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-09 | A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /gofo... |
| [CVE-2026-5982](https://nvd.nist.gov/vuln/detail/CVE-2026-5982) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-09 | A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file... |
| [CVE-2026-5981](https://nvd.nist.gov/vuln/detail/CVE-2026-5981) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-09 | A vulnerability has been found in D-Link DIR-605L 2.13B01. This affects the function formAdvFirewall of the file /goform... |
| [CVE-2026-5778](https://nvd.nist.gov/vuln/detail/CVE-2026-5778) | 2.1 | LOW | CWE-191 | No | 0.1% | 1.47 | 2026-04-09 | Integer underflow in wolfSSL packet sniffer <= 5.9.0 allows an attacker to cause a program crash in the AEAD decryption... |
| [CVE-2026-5772](https://nvd.nist.gov/vuln/detail/CVE-2026-5772) | 2.1 | LOW | CWE-126 | No | 0.0% | 1.47 | 2026-04-09 | A 1-byte stack buffer over-read was identified in the MatchDomainName function (src/internal.c) during wildcard hostname... |
| [CVE-2026-5264](https://nvd.nist.gov/vuln/detail/CVE-2026-5264) | 8.3 | HIGH | CWE-122 | No | 0.2% | 5.82 | 2026-04-09 | Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that... |
| [CVE-2026-5263](https://nvd.nist.gov/vuln/detail/CVE-2026-5263) | 7.0 | HIGH | CWE-295 | No | 0.0% | 4.90 | 2026-04-09 | URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification... |
| [CVE-2026-40154](https://nvd.nist.gov/vuln/detail/CVE-2026-40154) | 9.3 | CRITICAL | CWE-829 | No | 0.0% | 6.51 | 2026-04-09 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI treats remotely fetched template files as trusted e... |
| [CVE-2026-40153](https://nvd.nist.gov/vuln/detail/CVE-2026-40153) | 7.4 | HIGH | CWE-526 | No | 0.0% | 5.18 | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os... |
| [CVE-2026-40152](https://nvd.nist.gov/vuln/detail/CVE-2026-40152) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he list_files() tool in FileTools validates the directo... |
| [CVE-2026-40151](https://nvd.nist.gov/vuln/detail/CVE-2026-40151) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-04-09 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the AgentOS deployment platform exposes a GET /api/agents end... |
| [CVE-2026-40150](https://nvd.nist.gov/vuln/detail/CVE-2026-40150) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_c... |
| [CVE-2026-40149](https://nvd.nist.gov/vuln/detail/CVE-2026-40149) | 7.9 | HIGH | CWE-396 | No | 0.0% | 5.53 | 2026-04-09 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unaut... |
| [CVE-2026-40148](https://nvd.nist.gov/vuln/detail/CVE-2026-40148) | 6.5 | MEDIUM | CWE-409 | No | 0.0% | 4.55 | 2026-04-09 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registr... |
| [CVE-2026-40117](https://nvd.nist.gov/vuln/detail/CVE-2026-40117) | 6.2 | MEDIUM | CWE-862 | No | 0.0% | 4.34 | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbi... |
| [CVE-2026-40116](https://nvd.nist.gov/vuln/detail/CVE-2026-40116) | 7.5 | HIGH | CWE-770 | No | 0.0% | 5.25 | 2026-04-09 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call modu... |
| [CVE-2026-40115](https://nvd.nist.gov/vuln/detail/CVE-2026-40115) | 6.2 | MEDIUM | CWE-770 | No | 0.0% | 4.34 | 2026-04-09 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server (server.py) reads the e... |
| [CVE-2026-40114](https://nvd.nist.gov/vuln/detail/CVE-2026-40114) | 7.2 | HIGH | CWE-918 | No | 0.0% | 5.04 | 2026-04-09 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /api/v1/runs endpoint accepts an arbitrary webhook_url in... |
| [CVE-2026-40112](https://nvd.nist.gov/vuln/detail/CVE-2026-40112) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-09 | PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent... |
| [CVE-2026-40111](https://nvd.nist.gov/vuln/detail/CVE-2026-40111) | 9.3 | CRITICAL | CWE-78 | No | 0.0% | 6.51 | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a us... |
| [CVE-2026-39848](https://nvd.nist.gov/vuln/detail/CVE-2026-39848) | 6.5 | MEDIUM | CWE-306 | No | 0.0% | 4.55 | 2026-04-09 | Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed... |
| [CVE-2026-35646](https://nvd.nist.gov/vuln/detail/CVE-2026-35646) | 6.3 | MEDIUM | CWE-307 | No | 0.1% | 4.41 | 2026-04-09 | OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that... |
| [CVE-2026-35645](https://nvd.nist.gov/vuln/detail/CVE-2026-35645) | 6.1 | MEDIUM | CWE-648 | No | 0.0% | 4.27 | 2026-04-09 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSe... |
| [CVE-2026-35644](https://nvd.nist.gov/vuln/detail/CVE-2026-35644) | 7.1 | HIGH | CWE-312 | No | 0.0% | 4.97 | 2026-04-09 | OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scop... |
| [CVE-2026-35642](https://nvd.nist.gov/vuln/detail/CVE-2026-35642) | 5.3 | MEDIUM | CWE-288 | No | 0.0% | 3.71 | 2026-04-09 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireM... |
| [CVE-2026-35640](https://nvd.nist.gov/vuln/detail/CVE-2026-35640) | 6.9 | MEDIUM | CWE-696 | No | 0.1% | 4.83 | 2026-04-09 | OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated atta... |
| [CVE-2026-35639](https://nvd.nist.gov/vuln/detail/CVE-2026-35639) | 8.7 | HIGH | CWE-648 | No | 0.2% | 6.10 | 2026-04-09 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an... |
| [CVE-2026-35638](https://nvd.nist.gov/vuln/detail/CVE-2026-35638) | 8.7 | HIGH | CWE-286 | No | 0.0% | 6.09 | 2026-04-09 | OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated se... |
| [CVE-2026-35637](https://nvd.nist.gov/vuln/detail/CVE-2026-35637) | 6.9 | MEDIUM | CWE-696 | No | 0.1% | 4.83 | 2026-04-09 | OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite w... |
| [CVE-2026-35636](https://nvd.nist.gov/vuln/detail/CVE-2026-35636) | 7.1 | HIGH | CWE-696 | No | 0.0% | 4.97 | 2026-04-09 | OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status reso... |
| [CVE-2026-35635](https://nvd.nist.gov/vuln/detail/CVE-2026-35635) | 6.3 | MEDIUM | CWE-706 | No | 0.0% | 4.41 | 2026-04-09 | OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that al... |
| [CVE-2026-35634](https://nvd.nist.gov/vuln/detail/CVE-2026-35634) | 5.1 | MEDIUM | CWE-288 | No | 0.0% | 3.57 | 2026-04-09 | OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasReq... |
| [CVE-2026-35633](https://nvd.nist.gov/vuln/detail/CVE-2026-35633) | 6.9 | MEDIUM | CWE-789 | No | 0.2% | 4.84 | 2026-04-09 | OpenClaw before 2026.3.22 contains an unbounded memory allocation vulnerability in remote media HTTP error handling that... |
| [CVE-2026-35632](https://nvd.nist.gov/vuln/detail/CVE-2026-35632) | 6.9 | MEDIUM | CWE-61 | No | 0.1% | 4.83 | 2026-04-09 | OpenClaw through 2026.2.22 contains a symlink traversal vulnerability in agents.create and agents.update handlers that u... |
| [CVE-2026-35631](https://nvd.nist.gov/vuln/detail/CVE-2026-35631) | 7.1 | HIGH | CWE-862 | No | 0.0% | 4.97 | 2026-04-09 | OpenClaw before 2026.3.22 fails to enforce operator.admin scope on mutating internal ACP chat commands, allowing unautho... |
| [CVE-2026-35629](https://nvd.nist.gov/vuln/detail/CVE-2026-35629) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-09 | OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail... |
| [CVE-2026-35628](https://nvd.nist.gov/vuln/detail/CVE-2026-35628) | 6.3 | MEDIUM | CWE-307 | No | 0.0% | 4.41 | 2026-04-09 | OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows... |
| [CVE-2026-35627](https://nvd.nist.gov/vuln/detail/CVE-2026-35627) | 6.9 | MEDIUM | CWE-696 | No | 0.1% | 4.83 | 2026-04-09 | OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforci... |
| [CVE-2026-35626](https://nvd.nist.gov/vuln/detail/CVE-2026-35626) | 6.9 | MEDIUM | CWE-405 | No | 0.1% | 4.83 | 2026-04-09 | OpenClaw before 2026.3.22 contains an unauthenticated resource exhaustion vulnerability in voice call webhook handling t... |
| [CVE-2026-35625](https://nvd.nist.gov/vuln/detail/CVE-2026-35625) | 8.5 | HIGH | CWE-648 | No | 0.0% | 5.95 | 2026-04-09 | OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-a... |
| [CVE-2026-35624](https://nvd.nist.gov/vuln/detail/CVE-2026-35624) | 2.3 | LOW | CWE-807 | No | 0.1% | 1.61 | 2026-04-09 | OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room na... |
| [CVE-2026-35623](https://nvd.nist.gov/vuln/detail/CVE-2026-35623) | 6.3 | MEDIUM | CWE-307 | No | 0.1% | 4.41 | 2026-04-09 | OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers... |
| [CVE-2026-35622](https://nvd.nist.gov/vuln/detail/CVE-2026-35622) | 6.0 | MEDIUM | CWE-290 | No | 0.0% | 4.20 | 2026-04-09 | OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook... |
| [CVE-2026-35618](https://nvd.nist.gov/vuln/detail/CVE-2026-35618) | 8.3 | HIGH | CWE-294 | No | 0.0% | 5.81 | 2026-04-09 | OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attack... |
| [CVE-2026-35617](https://nvd.nist.gov/vuln/detail/CVE-2026-35617) | 2.3 | LOW | CWE-807 | No | 0.1% | 1.61 | 2026-04-09 | OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that re... |
| [CVE-2026-34512](https://nvd.nist.gov/vuln/detail/CVE-2026-34512) | 7.2 | HIGH | CWE-863 | No | 0.0% | 5.04 | 2026-04-09 | OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route... |
| [CVE-2026-5980](https://nvd.nist.gov/vuln/detail/CVE-2026-5980) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-09 | A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /g... |
| [CVE-2026-5979](https://nvd.nist.gov/vuln/detail/CVE-2026-5979) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-09 | A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ... |
| [CVE-2026-5978](https://nvd.nist.gov/vuln/detail/CVE-2026-5978) | 8.9 | HIGH | CWE-77 | No | 1.3% | 6.27 | 2026-04-09 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAcl... |
| [CVE-2026-5977](https://nvd.nist.gov/vuln/detail/CVE-2026-5977) | 8.9 | HIGH | CWE-77 | No | 1.3% | 6.27 | 2026-04-09 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of th... |
| [CVE-2026-5447](https://nvd.nist.gov/vuln/detail/CVE-2026-5447) | 6.3 | MEDIUM | CWE-122 | No | 0.0% | 4.41 | 2026-04-09 | Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when conve... |
| [CVE-2026-5446](https://nvd.nist.gov/vuln/detail/CVE-2026-5446) | 6.0 | MEDIUM | CWE-323 | No | 0.0% | 4.20 | 2026-04-09 | In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every applicati... |
| [CVE-2026-40109](https://nvd.nist.gov/vuln/detail/CVE-2026-40109) | 3.1 | LOW | CWE-287 | No | 0.0% | 2.17 | 2026-04-09 | Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prio... |
| [CVE-2026-40107](https://nvd.nist.gov/vuln/detail/CVE-2026-40107) | 8.7 | HIGH | CWE-918 | No | 0.1% | 6.09 | 2026-04-09 | SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loos... |
| [CVE-2026-40093](https://nvd.nist.gov/vuln/detail/CVE-2026-40093) | 8.1 | HIGH | CWE-1284 | No | 0.1% | 5.67 | 2026-04-09 | nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestam... |
| [CVE-2026-35206](https://nvd.nist.gov/vuln/detail/CVE-2026-35206) | 4.8 | MEDIUM | CWE-22 | No | 0.0% | 3.36 | 2026-04-09 | Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart wi... |
| [CVE-2023-54364](https://nvd.nist.gov/vuln/detail/CVE-2023-54364) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-04-09 | Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to i... |
| [CVE-2023-54363](https://nvd.nist.gov/vuln/detail/CVE-2023-54363) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-04-09 | Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to... |
| [CVE-2023-54362](https://nvd.nist.gov/vuln/detail/CVE-2023-54362) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-09 | Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to... |
| [CVE-2023-54361](https://nvd.nist.gov/vuln/detail/CVE-2023-54361) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-09 | Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inje... |
| [CVE-2023-54360](https://nvd.nist.gov/vuln/detail/CVE-2023-54360) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-09 | Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicio... |
| [CVE-2023-54359](https://nvd.nist.gov/vuln/detail/CVE-2023-54359) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-09 | WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated... |
| [CVE-2023-54358](https://nvd.nist.gov/vuln/detail/CVE-2023-54358) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-04-09 | WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated... |
| [CVE-2026-5976](https://nvd.nist.gov/vuln/detail/CVE-2026-5976) | 8.9 | HIGH | CWE-77 | No | 1.3% | 6.27 | 2026-04-09 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of... |
| [CVE-2026-5975](https://nvd.nist.gov/vuln/detail/CVE-2026-5975) | 8.9 | HIGH | CWE-77 | No | 1.3% | 6.27 | 2026-04-09 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg... |
| [CVE-2026-5974](https://nvd.nist.gov/vuln/detail/CVE-2026-5974) | 6.9 | MEDIUM | CWE-77 | No | 1.8% | 4.88 | 2026-04-09 | A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in... |
| [CVE-2026-5973](https://nvd.nist.gov/vuln/detail/CVE-2026-5973) | 6.9 | MEDIUM | CWE-77 | No | 1.8% | 4.88 | 2026-04-09 | A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file me... |
| [CVE-2026-5972](https://nvd.nist.gov/vuln/detail/CVE-2026-5972) | 6.9 | MEDIUM | CWE-77 | No | 1.8% | 4.88 | 2026-04-09 | A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_com... |
| [CVE-2026-5194](https://nvd.nist.gov/vuln/detail/CVE-2026-5194) | 9.3 | CRITICAL | CWE-295 | No | 0.0% | 6.51 | 2026-04-09 | Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller... |
| [CVE-2026-5187](https://nvd.nist.gov/vuln/detail/CVE-2026-5187) | 2.3 | LOW | CWE-122 | No | 0.0% | 1.61 | 2026-04-09 | Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds che... |
| [CVE-2026-40089](https://nvd.nist.gov/vuln/detail/CVE-2026-40089) | 9.9 | CRITICAL | CWE-918 | No | 0.0% | 6.93 | 2026-04-09 | Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack da... |
| [CVE-2026-40088](https://nvd.nist.gov/vuln/detail/CVE-2026-40088) | 9.6 | CRITICAL | CWE-78 | No | 0.1% | 6.72 | 2026-04-09 | PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are... |
| [CVE-2026-40087](https://nvd.nist.gov/vuln/detail/CVE-2026-40087) | 5.3 | MEDIUM | CWE-1336 | No | 0.0% | 3.71 | 2026-04-09 | LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-str... |
| [CVE-2026-40077](https://nvd.nist.gov/vuln/detail/CVE-2026-40077) | 3.5 | LOW | CWE-184 | No | 0.1% | 2.45 | 2026-04-09 | Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied sys... |
| [CVE-2026-39977](https://nvd.nist.gov/vuln/detail/CVE-2026-39977) | 7.1 | HIGH | CWE-22 | No | 0.1% | 4.97 | 2026-04-09 | flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key take... |
| [CVE-2026-35577](https://nvd.nist.gov/vuln/detail/CVE-2026-35577) | 6.8 | MEDIUM | CWE-346 | No | 0.0% | 4.76 | 2026-04-09 | Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.... |
| [CVE-2026-35063](https://nvd.nist.gov/vuln/detail/CVE-2026-35063) | 8.7 | HIGH | CWE-862 | No | 0.0% | 6.09 | 2026-04-09 | OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with r... |
| [CVE-2026-34734](https://nvd.nist.gov/vuln/detail/CVE-2026-34734) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-09 | HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utilit... |
| [CVE-2026-29923](https://nvd.nist.gov/vuln/detail/CVE-2026-29923) | 7.8 | HIGH | CWE-269 | No | 0.0% | 5.46 | 2026-04-09 | The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a... |
| [CVE-2026-39912](https://nvd.nist.gov/vuln/detail/CVE-2026-39912) | 9.1 | CRITICAL | CWE-201 | No | 0.1% | 6.37 | 2026-04-09 | V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWi... |
| [CVE-2026-35556](https://nvd.nist.gov/vuln/detail/CVE-2026-35556) | 9.2 | CRITICAL | CWE-256 | No | 0.1% | 6.44 | 2026-04-09 | OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve cre... |
| [CVE-2026-35195](https://nvd.nist.gov/vuln/detail/CVE-2026-35195) | 6.1 | MEDIUM | CWE-787 | No | 0.0% | 4.27 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transco... |
| [CVE-2026-35186](https://nvd.nist.gov/vuln/detail/CVE-2026-35186) | 6.1 | MEDIUM | CWE-789 | No | 0.0% | 4.27 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backe... |
| [CVE-2026-34988](https://nvd.nist.gov/vuln/detail/CVE-2026-34988) | 2.3 | LOW | CWE-119 | No | 0.0% | 1.61 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of it... |
| [CVE-2026-34987](https://nvd.nist.gov/vuln/detail/CVE-2026-34987) | 9.0 | CRITICAL | CWE-125 | No | 0.0% | 6.30 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseli... |
| [CVE-2026-34983](https://nvd.nist.gov/vuln/detail/CVE-2026-34983) | 1.0 | LOW | CWE-416 | No | 0.0% | 0.70 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free... |
| [CVE-2026-34971](https://nvd.nist.gov/vuln/detail/CVE-2026-34971) | 9.0 | CRITICAL | CWE-125 | No | 0.0% | 6.30 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilatio... |
| [CVE-2026-34946](https://nvd.nist.gov/vuln/detail/CVE-2026-34946) | 5.9 | MEDIUM | CWE-670 | No | 0.0% | 4.13 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler conta... |
| [CVE-2026-34945](https://nvd.nist.gov/vuln/detail/CVE-2026-34945) | 2.3 | LOW | CWE-681 | No | 0.0% | 1.61 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler conta... |
| [CVE-2026-34944](https://nvd.nist.gov/vuln/detail/CVE-2026-34944) | 4.1 | MEDIUM | CWE-248 | No | 0.0% | 2.87 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabl... |
| [CVE-2026-34943](https://nvd.nist.gov/vuln/detail/CVE-2026-34943) | 5.6 | MEDIUM | CWE-248 | No | 0.0% | 3.92 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic w... |
| [CVE-2026-34942](https://nvd.nist.gov/vuln/detail/CVE-2026-34942) | 5.9 | MEDIUM | CWE-129 | No | 0.0% | 4.13 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transco... |
| [CVE-2026-34941](https://nvd.nist.gov/vuln/detail/CVE-2026-34941) | 6.9 | MEDIUM | CWE-125 | No | 0.0% | 4.83 | 2026-04-09 | Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a vulnerability wh... |
| [CVE-2026-31170](https://nvd.nist.gov/vuln/detail/CVE-2026-31170) | 9.8 | CRITICAL | CWE-77 | No | 0.1% | 6.86 | 2026-04-09 | An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary comm... |
| [CVE-2026-28205](https://nvd.nist.gov/vuln/detail/CVE-2026-28205) | 9.2 | CRITICAL | CWE-1188 | No | 0.1% | 6.44 | 2026-04-09 | OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an... |
| [CVE-2026-5971](https://nvd.nist.gov/vuln/detail/CVE-2026-5971) | 6.9 | MEDIUM | CWE-94 | No | 0.1% | 4.83 | 2026-04-09 | A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fi... |
| [CVE-2026-5970](https://nvd.nist.gov/vuln/detail/CVE-2026-5970) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-04-09 | A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the co... |
| [CVE-2026-5329](https://nvd.nist.gov/vuln/detail/CVE-2026-5329) | 8.5 | HIGH | CWE-20 | No | 0.2% | 5.96 | 2026-04-09 | Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring... |
| [CVE-2026-40072](https://nvd.nist.gov/vuln/detail/CVE-2026-40072) | 1.7 | LOW | CWE-918 | No | 0.1% | 1.19 | 2026-04-09 | web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web... |
| [CVE-2026-40071](https://nvd.nist.gov/vuln/detail/CVE-2026-40071) | 5.4 | MEDIUM | CWE-863 | No | 0.0% | 3.78 | 2026-04-09 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/package_order, /j... |
| [CVE-2026-40070](https://nvd.nist.gov/vuln/detail/CVE-2026-40070) | 8.1 | HIGH | CWE-347 | No | 0.0% | 5.67 | 2026-04-09 | BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certi... |
| [CVE-2026-40069](https://nvd.nist.gov/vuln/detail/CVE-2026-40069) | 7.5 | HIGH | CWE-754 | No | 0.0% | 5.25 | 2026-04-09 | BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.1.0 to before 0.8.2, BSV::Network::ARC's failure detection o... |
| [CVE-2026-39987](https://nvd.nist.gov/vuln/detail/CVE-2026-39987) | 9.3 | CRITICAL | CWE-306 | No | 3.2% | 6.61 | 2026-04-09 | marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket e... |
| [CVE-2026-39985](https://nvd.nist.gov/vuln/detail/CVE-2026-39985) | 4.3 | MEDIUM | CWE-601 | No | 0.0% | 3.01 | 2026-04-09 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project... |
| [CVE-2026-39983](https://nvd.nist.gov/vuln/detail/CVE-2026-39983) | 8.6 | HIGH | CWE-93 | No | 7.0% | 6.23 | 2026-04-09 | basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n)... |
| [CVE-2026-39981](https://nvd.nist.gov/vuln/detail/CVE-2026-39981) | 8.8 | HIGH | CWE-22 | No | 0.5% | 6.18 | 2026-04-09 | AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities ext... |
| [CVE-2026-39980](https://nvd.nist.gov/vuln/detail/CVE-2026-39980) | 9.1 | CRITICAL | CWE-1336 | No | 0.1% | 6.37 | 2026-04-09 | OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the... |
| [CVE-2026-39961](https://nvd.nist.gov/vuln/detail/CVE-2026-39961) | 6.8 | MEDIUM | CWE-269 | No | 0.0% | 4.76 | 2026-04-09 | Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.3... |
| [CVE-2026-39911](https://nvd.nist.gov/vuln/detail/CVE-2026-39911) | 8.7 | HIGH | CWE-668 | No | 0.1% | 6.09 | 2026-04-09 | Hashgraph Guardian through version 3.5.0 contains an unsandboxed JavaScript execution vulnerability in the Custom Logic... |
| [CVE-2026-39315](https://nvd.nist.gov/vuln/detail/CVE-2026-39315) | 6.1 | MEDIUM | CWE-184 | No | 0.1% | 4.27 | 2026-04-09 | Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documen... |
| [CVE-2026-35207](https://nvd.nist.gov/vuln/detail/CVE-2026-35207) | 5.4 | MEDIUM | CWE-295 | No | 0.0% | 3.78 | 2026-04-09 | dde-control-center is the control panel of DDE, the Deepin Desktop Environment. plugin-deepinid is a plugin in dde-contr... |
| [CVE-2026-30478](https://nvd.nist.gov/vuln/detail/CVE-2026-30478) | 8.8 | HIGH | CWE-427 | No | 0.0% | 6.16 | 2026-04-09 | A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalat... |
| [CVE-2026-1584](https://nvd.nist.gov/vuln/detail/CVE-2026-1584) | 7.5 | HIGH | CWE-476 | No | 0.1% | 5.25 | 2026-04-09 | A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially cra... |
| [CVE-2025-70797](https://nvd.nist.gov/vuln/detail/CVE-2025-70797) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-04-09 | Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via... |
| [CVE-2025-63238](https://nvd.nist.gov/vuln/detail/CVE-2025-63238) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-09 | A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validatio... |
| [CVE-2026-5962](https://nvd.nist.gov/vuln/detail/CVE-2026-5962) | 6.9 | MEDIUM | CWE-22 | No | 0.1% | 4.83 | 2026-04-09 | A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction o... |
| [CVE-2026-5961](https://nvd.nist.gov/vuln/detail/CVE-2026-5961) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-09 | A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects u... |
| [CVE-2026-39976](https://nvd.nist.gov/vuln/detail/CVE-2026-39976) | 7.1 | HIGH | CWE-287 | No | 0.1% | 4.97 | 2026-04-09 | Laravel Passport provides OAuth2 server support to Laravel. From 13.0.0 to before 13.7.1, there is an Authentication Byp... |
| [CVE-2026-39974](https://nvd.nist.gov/vuln/detail/CVE-2026-39974) | 8.5 | HIGH | CWE-918 | No | 0.0% | 5.95 | 2026-04-09 | n8n-MCP is a Model Context Protocol (MCP) server that provides AI assistants with comprehensive access to n8n node docum... |
| [CVE-2026-39972](https://nvd.nist.gov/vuln/detail/CVE-2026-39972) | 7.1 | HIGH | CWE-1289 | No | 0.1% | 4.97 | 2026-04-09 | Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior... |
| [CVE-2026-39962](https://nvd.nist.gov/vuln/detail/CVE-2026-39962) | 8.8 | HIGH | CWE-90 | No | 0.2% | 6.16 | 2026-04-09 | MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special ele... |
| [CVE-2026-39959](https://nvd.nist.gov/vuln/detail/CVE-2026-39959) | 7.1 | HIGH | CWE-290 | No | 0.0% | 4.97 | 2026-04-09 | Tmds.DBus provides .NET libraries for working with D-Bus from .NET. Tmds.DBus and Tmds.DBus.Protocol are vulnerable to m... |
| [CVE-2026-39958](https://nvd.nist.gov/vuln/detail/CVE-2026-39958) | 5.2 | MEDIUM | CWE-93 | No | 0.1% | 3.64 | 2026-04-09 | oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repos... |
| [CVE-2026-39957](https://nvd.nist.gov/vuln/detail/CVE-2026-39957) | 2.3 | LOW | CWE-863 | No | 0.0% | 1.61 | 2026-04-09 | Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController:... |
| [CVE-2026-39943](https://nvd.nist.gov/vuln/detail/CVE-2026-39943) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-04-09 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revis... |
| [CVE-2026-39942](https://nvd.nist.gov/vuln/detail/CVE-2026-39942) | 8.5 | HIGH | CWE-284 | No | 0.0% | 5.95 | 2026-04-09 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/{id}... |
| [CVE-2026-39856](https://nvd.nist.gov/vuln/detail/CVE-2026-39856) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-04-09 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulne... |
| [CVE-2026-39855](https://nvd.nist.gov/vuln/detail/CVE-2026-39855) | 5.5 | MEDIUM | CWE-125 | No | 0.0% | 3.85 | 2026-04-09 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulner... |
| [CVE-2026-30479](https://nvd.nist.gov/vuln/detail/CVE-2026-30479) | 9.1 | CRITICAL | CWE-94 | No | 0.1% | 6.37 | 2026-04-09 | A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitr... |
| [CVE-2026-5960](https://nvd.nist.gov/vuln/detail/CVE-2026-5960) | 2.1 | LOW | CWE-200 | No | 0.0% | 1.47 | 2026-04-09 | A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of th... |
| [CVE-2026-4878](https://nvd.nist.gov/vuln/detail/CVE-2026-4878) | 6.7 | MEDIUM | CWE-367 | No | 0.0% | 4.69 | 2026-04-09 | A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition... |
| [CVE-2026-39941](https://nvd.nist.gov/vuln/detail/CVE-2026-39941) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-09 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied inpu... |
| [CVE-2026-39853](https://nvd.nist.gov/vuln/detail/CVE-2026-39853) | 7.8 | HIGH | CWE-121 | No | 0.0% | 5.46 | 2026-04-09 | osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vul... |
| [CVE-2026-39843](https://nvd.nist.gov/vuln/detail/CVE-2026-39843) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-04-09 | Plane is an an open-source project management tool. From 0.28.0 to before 1.3.0, the remediation of GHSA-jcc6-f9v6-f7jw... |
| [CVE-2026-39398](https://nvd.nist.gov/vuln/detail/CVE-2026-39398) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-09 | Rejected reason: The affected product and advisory are not public. |
| [CVE-2026-35205](https://nvd.nist.gov/vuln/detail/CVE-2026-35205) | 8.4 | HIGH | CWE-636 | No | 0.0% | 5.88 | 2026-04-09 | Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (... |
| [CVE-2026-35204](https://nvd.nist.gov/vuln/detail/CVE-2026-35204) | 8.4 | HIGH | CWE-22 | No | 0.0% | 5.88 | 2026-04-09 | Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, a specially crafted Helm plugin, when installe... |
| [CVE-2026-35041](https://nvd.nist.gov/vuln/detail/CVE-2026-35041) | 4.2 | MEDIUM | CWE-1333 | No | 0.0% | 2.94 | 2026-04-09 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in... |
| [CVE-2026-35040](https://nvd.nist.gov/vuln/detail/CVE-2026-35040) | 5.3 | MEDIUM | CWE-440 | No | 0.1% | 3.71 | 2026-04-09 | fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to 6.2.1, using certain modifiers on RegExp objects in... |
| [CVE-2025-70365](https://nvd.nist.gov/vuln/detail/CVE-2025-70365) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-09 | A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-sup... |
| [CVE-2025-70364](https://nvd.nist.gov/vuln/detail/CVE-2025-70364) | 8.8 | HIGH | CWE-94 | No | 0.1% | 6.16 | 2026-04-09 | An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP cod... |
| [CVE-2025-15480](https://nvd.nist.gov/vuln/detail/CVE-2025-15480) | 2.7 | LOW | CWE-1258 | No | 0.1% | 1.89 | 2026-04-09 | In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon i... |
| [CVE-2025-14551](https://nvd.nist.gov/vuln/detail/CVE-2025-14551) | 2.7 | LOW | CWE-1258 | No | 0.1% | 1.89 | 2026-04-09 | In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation fai... |
| [CVE-2026-5959](https://nvd.nist.gov/vuln/detail/CVE-2026-5959) | 7.5 | HIGH | CWE-287 | No | 0.1% | 5.25 | 2026-04-09 | A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is... |
| [CVE-2026-5445](https://nvd.nist.gov/vuln/detail/CVE-2026-5445) | 9.1 | CRITICAL | CWE-125 | No | 0.1% | 6.37 | 2026-04-09 | An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The looku... |
| [CVE-2026-5444](https://nvd.nist.gov/vuln/detail/CVE-2026-5444) | 7.1 | HIGH | CWE-787 | No | 0.0% | 4.97 | 2026-04-09 | A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image e... |
| [CVE-2026-5443](https://nvd.nist.gov/vuln/detail/CVE-2026-5443) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-04-09 | A heap buffer overflow vulnerability exists during the decoding of `PALETTE COLOR` DICOM images. Pixel length validation... |
| [CVE-2026-5442](https://nvd.nist.gov/vuln/detail/CVE-2026-5442) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-04-09 | A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Represe... |
| [CVE-2026-5441](https://nvd.nist.gov/vuln/detail/CVE-2026-5441) | 7.1 | HIGH | CWE-125 | No | 0.0% | 4.97 | 2026-04-09 | An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1... |
| [CVE-2026-5440](https://nvd.nist.gov/vuln/detail/CVE-2026-5440) | 7.5 | HIGH | CWE-770 | No | 1.6% | 5.30 | 2026-04-09 | A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header.  The se... |
| [CVE-2026-5439](https://nvd.nist.gov/vuln/detail/CVE-2026-5439) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-04-09 | A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded... |
| [CVE-2026-5438](https://nvd.nist.gov/vuln/detail/CVE-2026-5438) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-04-09 | A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The se... |
| [CVE-2026-5437](https://nvd.nist.gov/vuln/detail/CVE-2026-5437) | 7.5 | HIGH | CWE-125 | No | 0.0% | 5.25 | 2026-04-09 | An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malf... |
| [CVE-2026-4116](https://nvd.nist.gov/vuln/detail/CVE-2026-4116) | 7.2 | HIGH | CWE-176 | No | 0.1% | 5.04 | 2026-04-09 | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user t... |
| [CVE-2026-4114](https://nvd.nist.gov/vuln/detail/CVE-2026-4114) | 0.0 | NONE | CWE-176 | No | 0.0% | 0.00 | 2026-04-09 | Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin... |
| [CVE-2026-4113](https://nvd.nist.gov/vuln/detail/CVE-2026-4113) | 7.2 | HIGH | CWE-204 | No | 0.1% | 5.04 | 2026-04-09 | An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to... |
| [CVE-2026-4112](https://nvd.nist.gov/vuln/detail/CVE-2026-4112) | 0.0 | NONE | CWE-89 | No | 0.1% | 0.00 | 2026-04-09 | Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series applian... |
| [CVE-2026-34757](https://nvd.nist.gov/vuln/detail/CVE-2026-34757) | 5.1 | MEDIUM | CWE-416 | No | 0.0% | 3.57 | 2026-04-09 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics)... |
| [CVE-2026-34578](https://nvd.nist.gov/vuln/detail/CVE-2026-34578) | 8.2 | HIGH | CWE-90 | No | 0.2% | 5.75 | 2026-04-09 | OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector pas... |
| [CVE-2025-70811](https://nvd.nist.gov/vuln/detail/CVE-2025-70811) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-04-09 | Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via t... |
| [CVE-2025-70810](https://nvd.nist.gov/vuln/detail/CVE-2025-70810) | 8.8 | HIGH | CWE-352 | No | 0.0% | 6.16 | 2026-04-09 | Cross Site Request Forgery vulnerability in Phpbb phbb3 v.3.3.15 allows a local attacker to execute arbitrary code via t... |
| [CVE-2025-62718](https://nvd.nist.gov/vuln/detail/CVE-2025-62718) | 9.3 | CRITICAL | CWE-441 | No | 0.0% | 6.51 | 2026-04-09 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly h... |
| [CVE-2025-50228](https://nvd.nist.gov/vuln/detail/CVE-2025-50228) | 9.1 | CRITICAL | CWE-918 | No | 0.0% | 6.37 | 2026-04-09 | Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery (SSRF) in User Evaluation, Message, and Comment modules. |
| [CVE-2026-4660](https://nvd.nist.gov/vuln/detail/CVE-2026-4660) | 7.5 | HIGH | CWE-200 | No | 0.0% | 5.25 | 2026-04-09 | HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operatio... |
| [CVE-2025-45806](https://nvd.nist.gov/vuln/detail/CVE-2025-45806) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-09 | A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrar... |
| [CVE-2026-3005](https://nvd.nist.gov/vuln/detail/CVE-2026-3005) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-09 | The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' sho... |
| [CVE-2026-2519](https://nvd.nist.gov/vuln/detail/CVE-2026-2519) | 5.3 | MEDIUM | CWE-472 | No | 0.0% | 3.71 | 2026-04-09 | The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation v... |
| [CVE-2026-24661](https://nvd.nist.gov/vuln/detail/CVE-2026-24661) | 3.7 | LOW | CWE-770 | No | 0.1% | 2.59 | 2026-04-09 | Mattermost Plugins versions <=2.1.3.0 fail to limit the request body size on the {{/changes}} webhook endpoint which all... |
| [CVE-2026-21388](https://nvd.nist.gov/vuln/detail/CVE-2026-21388) | 3.7 | LOW | CWE-770 | No | 0.1% | 2.59 | 2026-04-09 | Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which all... |
| [CVE-2024-1490](https://nvd.nist.gov/vuln/detail/CVE-2024-1490) | 7.2 | HIGH | CWE-94 | No | 0.1% | 5.04 | 2026-04-09 | An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management... |
| [CVE-2026-4901](https://nvd.nist.gov/vuln/detail/CVE-2026-4901) | 6.9 | MEDIUM | CWE-532 | No | 0.1% | 4.83 | 2026-04-09 | Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing... |
| [CVE-2026-34185](https://nvd.nist.gov/vuln/detail/CVE-2026-34185) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-04-09 | Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protectio... |
| [CVE-2026-34184](https://nvd.nist.gov/vuln/detail/CVE-2026-34184) | 8.8 | HIGH | CWE-862 | No | 0.1% | 6.16 | 2026-04-09 | Hydrosystem Control System does not enforce authorization for some directories. This allows an unauthorized attacker to... |
| [CVE-2026-34179](https://nvd.nist.gov/vuln/detail/CVE-2026-34179) | 9.1 | CRITICAL | CWE-915 | No | 0.1% | 6.37 | 2026-04-09 | In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate th... |
| [CVE-2026-34178](https://nvd.nist.gov/vuln/detail/CVE-2026-34178) | 9.1 | CRITICAL | CWE-20 | No | 0.1% | 6.37 | 2026-04-09 | In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supp... |
| [CVE-2026-34177](https://nvd.nist.gov/vuln/detail/CVE-2026-34177) | 9.1 | CRITICAL | CWE-184 | No | 0.1% | 6.37 | 2026-04-09 | Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limit... |
| [CVE-2026-5854](https://nvd.nist.gov/vuln/detail/CVE-2026-5854) | 8.9 | HIGH | CWE-77 | No | 0.3% | 6.24 | 2026-04-09 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setWiFiEas... |
| [CVE-2026-5853](https://nvd.nist.gov/vuln/detail/CVE-2026-5853) | 8.9 | HIGH | CWE-77 | No | 1.3% | 6.27 | 2026-04-09 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is t... |
| [CVE-2026-5852](https://nvd.nist.gov/vuln/detail/CVE-2026-5852) | 8.9 | HIGH | CWE-77 | No | 1.3% | 6.27 | 2026-04-09 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file... |
| [CVE-2026-5851](https://nvd.nist.gov/vuln/detail/CVE-2026-5851) | 8.9 | HIGH | CWE-77 | No | 1.3% | 6.27 | 2026-04-09 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setUPnPCfg of th... |
| [CVE-2026-5850](https://nvd.nist.gov/vuln/detail/CVE-2026-5850) | 8.9 | HIGH | CWE-77 | No | 1.3% | 6.27 | 2026-04-09 | A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setVpnPassCfg of the... |
| [CVE-2026-5849](https://nvd.nist.gov/vuln/detail/CVE-2026-5849) | 6.9 | MEDIUM | CWE-22 | No | 0.1% | 4.83 | 2026-04-09 | A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component... |
| [CVE-2026-5848](https://nvd.nist.gov/vuln/detail/CVE-2026-5848) | 5.1 | MEDIUM | CWE-74 | No | 0.1% | 3.57 | 2026-04-09 | A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getCon... |
| [CVE-2026-5847](https://nvd.nist.gov/vuln/detail/CVE-2026-5847) | 2.1 | LOW | CWE-200 | No | 0.0% | 1.47 | 2026-04-09 | A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file... |
| [CVE-2026-5844](https://nvd.nist.gov/vuln/detail/CVE-2026-5844) | 7.3 | HIGH | CWE-77 | No | 0.3% | 5.12 | 2026-04-09 | A vulnerability was found in D-Link DIR-882 1.01B02. Impacted is the function sprintf of the file prog.cgi of the compon... |
| [CVE-2026-5842](https://nvd.nist.gov/vuln/detail/CVE-2026-5842) | 6.9 | MEDIUM | CWE-285 | No | 0.1% | 4.83 | 2026-04-09 | A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function... |
| [CVE-2026-5841](https://nvd.nist.gov/vuln/detail/CVE-2026-5841) | 6.9 | MEDIUM | CWE-22 | No | 0.1% | 4.83 | 2026-04-09 | A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of... |
| [CVE-2026-5840](https://nvd.nist.gov/vuln/detail/CVE-2026-5840) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-04-09 | A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /... |
| [CVE-2026-5839](https://nvd.nist.gov/vuln/detail/CVE-2026-5839) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-04-09 | A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the... |
| [CVE-2026-5838](https://nvd.nist.gov/vuln/detail/CVE-2026-5838) | 5.1 | MEDIUM | CWE-74 | No | 0.0% | 3.57 | 2026-04-09 | A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the fil... |
| [CVE-2026-5742](https://nvd.nist.gov/vuln/detail/CVE-2026-5742) | 6.4 | MEDIUM | CWE-79 | No | 0.1% | 4.48 | 2026-04-09 | The UsersWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.2.60. Th... |
| [CVE-2026-4336](https://nvd.nist.gov/vuln/detail/CVE-2026-4336) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-09 | The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all vers... |
| [CVE-2026-1830](https://nvd.nist.gov/vuln/detail/CVE-2026-1830) | 9.8 | CRITICAL | CWE-862 | No | 0.2% | 6.87 | 2026-04-09 | The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1... |
| [CVE-2026-5837](https://nvd.nist.gov/vuln/detail/CVE-2026-5837) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-09 | A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.... |
| [CVE-2026-5836](https://nvd.nist.gov/vuln/detail/CVE-2026-5836) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-09 | A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functional... |
| [CVE-2026-5835](https://nvd.nist.gov/vuln/detail/CVE-2026-5835) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-09 | A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality... |
| [CVE-2026-5834](https://nvd.nist.gov/vuln/detail/CVE-2026-5834) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-09 | A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/... |
| [CVE-2026-5833](https://nvd.nist.gov/vuln/detail/CVE-2026-5833) | 4.8 | MEDIUM | CWE-74 | No | 0.3% | 3.37 | 2026-04-09 | A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function serv... |
| [CVE-2026-5357](https://nvd.nist.gov/vuln/detail/CVE-2026-5357) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-09 | The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'w... |
| [CVE-2026-4429](https://nvd.nist.gov/vuln/detail/CVE-2026-4429) | 6.4 | MEDIUM | CWE-79 | No | 0.1% | 4.48 | 2026-04-09 | The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'marker_name' and 'fil... |
| [CVE-2026-4124](https://nvd.nist.gov/vuln/detail/CVE-2026-4124) | 5.4 | MEDIUM | CWE-862 | No | 0.1% | 3.78 | 2026-04-09 | The Ziggeo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.1.1. The... |
| [CVE-2026-3574](https://nvd.nist.gov/vuln/detail/CVE-2026-3574) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-04-09 | The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... |
| [CVE-2026-3568](https://nvd.nist.gov/vuln/detail/CVE-2026-3568) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-04-09 | The MStore API plugin for WordPress is vulnerable to  Insecure Direct Object Reference in all versions up to, and includ... |
| [CVE-2026-5832](https://nvd.nist.gov/vuln/detail/CVE-2026-5832) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-04-09 | A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_t... |
| [CVE-2026-5831](https://nvd.nist.gov/vuln/detail/CVE-2026-5831) | 5.3 | MEDIUM | CWE-77 | No | 1.2% | 3.75 | 2026-04-09 | A security flaw has been discovered in Agions taskflow-ai up to 2.1.8. This impacts an unknown function of the file src/... |
| [CVE-2026-5830](https://nvd.nist.gov/vuln/detail/CVE-2026-5830) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-09 | A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysTo... |
| [CVE-2026-5829](https://nvd.nist.gov/vuln/detail/CVE-2026-5829) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-09 | A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown funct... |
| [CVE-2026-5828](https://nvd.nist.gov/vuln/detail/CVE-2026-5828) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-09 | A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function o... |
| [CVE-2026-4326](https://nvd.nist.gov/vuln/detail/CVE-2026-4326) | 8.8 | HIGH | CWE-862 | No | 0.1% | 6.16 | 2026-04-09 | The Vertex Addons for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to and in... |
| [CVE-2026-5827](https://nvd.nist.gov/vuln/detail/CVE-2026-5827) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-09 | A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the f... |
| [CVE-2026-5826](https://nvd.nist.gov/vuln/detail/CVE-2026-5826) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-09 | A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the... |
| [CVE-2026-5825](https://nvd.nist.gov/vuln/detail/CVE-2026-5825) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-09 | A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the... |
| [CVE-2026-5824](https://nvd.nist.gov/vuln/detail/CVE-2026-5824) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-09 | A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of t... |
| [CVE-2026-5823](https://nvd.nist.gov/vuln/detail/CVE-2026-5823) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-09 | A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknow... |
| [CVE-2026-5815](https://nvd.nist.gov/vuln/detail/CVE-2026-5815) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-09 | A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-... |
| [CVE-2026-5814](https://nvd.nist.gov/vuln/detail/CVE-2026-5814) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-09 | A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown... |
| [CVE-2026-5813](https://nvd.nist.gov/vuln/detail/CVE-2026-5813) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-08 | A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of... |
| [CVE-2026-5812](https://nvd.nist.gov/vuln/detail/CVE-2026-5812) | 5.3 | MEDIUM | CWE-840 | No | 0.0% | 3.71 | 2026-04-08 | A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown pa... |
| [CVE-2026-5811](https://nvd.nist.gov/vuln/detail/CVE-2026-5811) | 5.3 | MEDIUM | CWE-840 | No | 0.0% | 3.71 | 2026-04-08 | A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function... |
| [CVE-2026-5173](https://nvd.nist.gov/vuln/detail/CVE-2026-5173) | 8.5 | HIGH | CWE-749 | No | 0.0% | 5.95 | 2026-04-08 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and... |
| [CVE-2026-4916](https://nvd.nist.gov/vuln/detail/CVE-2026-4916) | 2.7 | LOW | CWE-862 | No | 0.0% | 1.89 | 2026-04-08 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 1... |
| [CVE-2026-4398](https://nvd.nist.gov/vuln/detail/CVE-2026-4398) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-08 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-4332](https://nvd.nist.gov/vuln/detail/CVE-2026-4332) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-08 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.1... |
| [CVE-2026-3438](https://nvd.nist.gov/vuln/detail/CVE-2026-3438) | 5.1 | MEDIUM | CWE-79 | No | 0.3% | 3.58 | 2026-04-08 | A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that al... |
| [CVE-2026-3199](https://nvd.nist.gov/vuln/detail/CVE-2026-3199) | 9.4 | CRITICAL | CWE-502 | No | 0.1% | 6.58 | 2026-04-08 | A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an a... |
| [CVE-2026-2619](https://nvd.nist.gov/vuln/detail/CVE-2026-2619) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-04-08 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.1... |
| [CVE-2026-2104](https://nvd.nist.gov/vuln/detail/CVE-2026-2104) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-04-08 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 1... |
| [CVE-2026-1752](https://nvd.nist.gov/vuln/detail/CVE-2026-1752) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-04-08 | GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.1... |
| [CVE-2026-1516](https://nvd.nist.gov/vuln/detail/CVE-2026-1516) | 5.7 | MEDIUM | CWE-94 | No | 0.0% | 3.99 | 2026-04-08 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18... |
| [CVE-2026-1101](https://nvd.nist.gov/vuln/detail/CVE-2026-1101) | 6.5 | MEDIUM | CWE-1284 | No | 0.0% | 4.55 | 2026-04-08 | GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.1... |
| [CVE-2026-1092](https://nvd.nist.gov/vuln/detail/CVE-2026-1092) | 7.5 | HIGH | CWE-1284 | No | 0.0% | 5.25 | 2026-04-08 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and... |
| [CVE-2025-9484](https://nvd.nist.gov/vuln/detail/CVE-2025-9484) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-08 | GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.1... |
| [CVE-2025-12664](https://nvd.nist.gov/vuln/detail/CVE-2025-12664) | 7.5 | HIGH | CWE-1284 | No | 0.1% | 5.25 | 2026-04-08 | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 1... |
| [CVE-2026-5919](https://nvd.nist.gov/vuln/detail/CVE-2026-5919) | 6.5 | MEDIUM | CWE-20 | No | 0.0% | 4.55 | 2026-04-08 | Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attack... |
| [CVE-2026-5918](https://nvd.nist.gov/vuln/detail/CVE-2026-5918) | 4.3 | MEDIUM | CWE-346 | No | 0.0% | 3.01 | 2026-04-08 | Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had com... |
| [CVE-2026-5915](https://nvd.nist.gov/vuln/detail/CVE-2026-5915) | 8.1 | HIGH | CWE-20 | No | 0.1% | 5.67 | 2026-04-08 | Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to... |
| [CVE-2026-5914](https://nvd.nist.gov/vuln/detail/CVE-2026-5914) | 8.8 | HIGH | CWE-843 | No | 0.0% | 6.16 | 2026-04-08 | Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a mali... |
| [CVE-2026-5913](https://nvd.nist.gov/vuln/detail/CVE-2026-5913) | 8.1 | HIGH | CWE-125 | No | 0.1% | 5.67 | 2026-04-08 | Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bound... |
| [CVE-2026-5912](https://nvd.nist.gov/vuln/detail/CVE-2026-5912) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-04-08 | Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds... |
| [CVE-2026-5911](https://nvd.nist.gov/vuln/detail/CVE-2026-5911) | 4.3 | MEDIUM | CWE-693 | No | 0.0% | 3.01 | 2026-04-08 | Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content secu... |
| [CVE-2026-5910](https://nvd.nist.gov/vuln/detail/CVE-2026-5910) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-04-08 | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-5909](https://nvd.nist.gov/vuln/detail/CVE-2026-5909) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-04-08 | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-5908](https://nvd.nist.gov/vuln/detail/CVE-2026-5908) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-04-08 | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-5907](https://nvd.nist.gov/vuln/detail/CVE-2026-5907) | 8.1 | HIGH | CWE-125 | No | 0.1% | 5.67 | 2026-04-08 | Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an ou... |
| [CVE-2026-5906](https://nvd.nist.gov/vuln/detail/CVE-2026-5906) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-04-08 | Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof t... |
| [CVE-2026-5905](https://nvd.nist.gov/vuln/detail/CVE-2026-5905) | 6.5 | MEDIUM | CWE-451 | No | 0.0% | 4.55 | 2026-04-08 | Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to per... |
| [CVE-2026-5904](https://nvd.nist.gov/vuln/detail/CVE-2026-5904) | 8.8 | HIGH | CWE-416 | No | 0.0% | 6.16 | 2026-04-08 | Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malic... |
| [CVE-2026-5903](https://nvd.nist.gov/vuln/detail/CVE-2026-5903) | 6.5 | MEDIUM | CWE-693 | No | 0.0% | 4.55 | 2026-04-08 | Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to... |
| [CVE-2026-5902](https://nvd.nist.gov/vuln/detail/CVE-2026-5902) | 9.8 | CRITICAL | CWE-362 | No | 0.1% | 6.86 | 2026-04-08 | Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the rende... |
| [CVE-2026-5901](https://nvd.nist.gov/vuln/detail/CVE-2026-5901) | 6.5 | MEDIUM | CWE-602 | No | 0.0% | 4.55 | 2026-04-08 | Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a... |
| [CVE-2026-5900](https://nvd.nist.gov/vuln/detail/CVE-2026-5900) | 4.3 | MEDIUM | CWE-693 | No | 0.0% | 3.01 | 2026-04-08 | Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download... |
| [CVE-2026-5899](https://nvd.nist.gov/vuln/detail/CVE-2026-5899) | 6.1 | MEDIUM | CWE-346 | No | 0.0% | 4.27 | 2026-04-08 | Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker... |
| [CVE-2026-5898](https://nvd.nist.gov/vuln/detail/CVE-2026-5898) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-04-08 | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI... |
| [CVE-2026-5897](https://nvd.nist.gov/vuln/detail/CVE-2026-5897) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-04-08 | Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a use... |
| [CVE-2026-5896](https://nvd.nist.gov/vuln/detail/CVE-2026-5896) | 6.1 | MEDIUM | CWE-693 | No | 0.0% | 4.27 | 2026-04-08 | Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage... |
| [CVE-2026-5895](https://nvd.nist.gov/vuln/detail/CVE-2026-5895) | 5.4 | MEDIUM | CWE-451 | No | 0.1% | 3.78 | 2026-04-08 | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the c... |
| [CVE-2026-5894](https://nvd.nist.gov/vuln/detail/CVE-2026-5894) | 4.3 | MEDIUM | CWE-358 | No | 0.0% | 3.01 | 2026-04-08 | Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigati... |
| [CVE-2026-5893](https://nvd.nist.gov/vuln/detail/CVE-2026-5893) | 6.8 | MEDIUM | CWE-362 | No | 0.0% | 4.76 | 2026-04-08 | Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via... |
| [CVE-2026-5892](https://nvd.nist.gov/vuln/detail/CVE-2026-5892) | 6.6 | MEDIUM | CWE-1268 | No | 0.0% | 4.62 | 2026-04-08 | Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compro... |
| [CVE-2026-5891](https://nvd.nist.gov/vuln/detail/CVE-2026-5891) | 4.3 | MEDIUM | CWE-451 | No | 0.1% | 3.01 | 2026-04-08 | Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had... |
| [CVE-2026-5890](https://nvd.nist.gov/vuln/detail/CVE-2026-5890) | 0.0 | NONE | CWE-362 | No | 0.0% | 0.00 | 2026-04-08 | Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive info... |
| [CVE-2026-5889](https://nvd.nist.gov/vuln/detail/CVE-2026-5889) | 4.3 | MEDIUM | CWE-326 | No | 0.0% | 3.01 | 2026-04-08 | Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive i... |
| [CVE-2026-5888](https://nvd.nist.gov/vuln/detail/CVE-2026-5888) | 6.5 | MEDIUM | CWE-457 | No | 0.0% | 4.55 | 2026-04-08 | Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially s... |
| [CVE-2026-5887](https://nvd.nist.gov/vuln/detail/CVE-2026-5887) | 4.3 | MEDIUM | CWE-20 | No | 0.0% | 3.01 | 2026-04-08 | Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a rem... |
| [CVE-2026-5886](https://nvd.nist.gov/vuln/detail/CVE-2026-5886) | 5.3 | MEDIUM | CWE-125 | No | 0.0% | 3.71 | 2026-04-08 | Out of bounds read in WebAudio in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to obtain potent... |
| [CVE-2026-5885](https://nvd.nist.gov/vuln/detail/CVE-2026-5885) | 6.5 | MEDIUM | CWE-20 | No | 0.0% | 4.55 | 2026-04-08 | Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote... |
| [CVE-2026-5884](https://nvd.nist.gov/vuln/detail/CVE-2026-5884) | 8.8 | HIGH | CWE-20 | No | 0.1% | 6.16 | 2026-04-08 | Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker wh... |
| [CVE-2026-5883](https://nvd.nist.gov/vuln/detail/CVE-2026-5883) | 0.0 | NONE | CWE-416 | No | 0.1% | 0.00 | 2026-04-08 | Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code insi... |
| [CVE-2026-5882](https://nvd.nist.gov/vuln/detail/CVE-2026-5882) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-04-08 | Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoo... |
| [CVE-2026-5881](https://nvd.nist.gov/vuln/detail/CVE-2026-5881) | 6.5 | MEDIUM | CWE-284 | No | 0.0% | 4.55 | 2026-04-08 | Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigati... |
| [CVE-2026-5880](https://nvd.nist.gov/vuln/detail/CVE-2026-5880) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-04-08 | Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had... |
| [CVE-2026-5879](https://nvd.nist.gov/vuln/detail/CVE-2026-5879) | 8.8 | HIGH | CWE-20 | No | 0.1% | 6.16 | 2026-04-08 | Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote atta... |
| [CVE-2026-5878](https://nvd.nist.gov/vuln/detail/CVE-2026-5878) | 4.3 | MEDIUM | CWE-451 | No | 0.0% | 3.01 | 2026-04-08 | Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing... |
| [CVE-2026-5877](https://nvd.nist.gov/vuln/detail/CVE-2026-5877) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-08 | Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code... |
| [CVE-2026-5876](https://nvd.nist.gov/vuln/detail/CVE-2026-5876) | 6.5 | MEDIUM | CWE-1300 | No | 0.0% | 4.55 | 2026-04-08 | Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak... |
| [CVE-2026-5875](https://nvd.nist.gov/vuln/detail/CVE-2026-5875) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-04-08 | Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a cr... |
| [CVE-2026-5874](https://nvd.nist.gov/vuln/detail/CVE-2026-5874) | 9.6 | CRITICAL | CWE-416 | No | 0.1% | 6.72 | 2026-04-08 | Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to en... |
| [CVE-2026-5873](https://nvd.nist.gov/vuln/detail/CVE-2026-5873) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-04-08 | Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrar... |
| [CVE-2026-5872](https://nvd.nist.gov/vuln/detail/CVE-2026-5872) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-08 | Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code insi... |
| [CVE-2026-5871](https://nvd.nist.gov/vuln/detail/CVE-2026-5871) | 8.8 | HIGH | CWE-843 | No | 0.1% | 6.16 | 2026-04-08 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside... |
| [CVE-2026-5870](https://nvd.nist.gov/vuln/detail/CVE-2026-5870) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-04-08 | Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code ins... |
| [CVE-2026-5869](https://nvd.nist.gov/vuln/detail/CVE-2026-5869) | 4.3 | MEDIUM | CWE-122 | No | 0.0% | 3.01 | 2026-04-08 | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially se... |
| [CVE-2026-5868](https://nvd.nist.gov/vuln/detail/CVE-2026-5868) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-04-08 | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitr... |
| [CVE-2026-5867](https://nvd.nist.gov/vuln/detail/CVE-2026-5867) | 4.3 | MEDIUM | CWE-122 | No | 0.0% | 3.01 | 2026-04-08 | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially se... |
| [CVE-2026-5866](https://nvd.nist.gov/vuln/detail/CVE-2026-5866) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-08 | Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code insi... |
| [CVE-2026-5865](https://nvd.nist.gov/vuln/detail/CVE-2026-5865) | 8.8 | HIGH | CWE-843 | No | 0.1% | 6.16 | 2026-04-08 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside... |
| [CVE-2026-5864](https://nvd.nist.gov/vuln/detail/CVE-2026-5864) | 4.3 | MEDIUM | CWE-122 | No | 0.0% | 3.01 | 2026-04-08 | Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially... |
| [CVE-2026-5863](https://nvd.nist.gov/vuln/detail/CVE-2026-5863) | 8.8 | HIGH | NVD-CWE-noinfo | No | 0.1% | 6.16 | 2026-04-08 | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrar... |
| [CVE-2026-5862](https://nvd.nist.gov/vuln/detail/CVE-2026-5862) | 8.8 | HIGH | NVD-CWE-noinfo | No | 0.1% | 6.16 | 2026-04-08 | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrar... |
| [CVE-2026-5861](https://nvd.nist.gov/vuln/detail/CVE-2026-5861) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-08 | Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside... |
| [CVE-2026-5860](https://nvd.nist.gov/vuln/detail/CVE-2026-5860) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-08 | Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code ins... |
| [CVE-2026-5859](https://nvd.nist.gov/vuln/detail/CVE-2026-5859) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-04-08 | Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap... |
| [CVE-2026-5858](https://nvd.nist.gov/vuln/detail/CVE-2026-5858) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-04-08 | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary cod... |
| [CVE-2026-5810](https://nvd.nist.gov/vuln/detail/CVE-2026-5810) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-08 | A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /del... |
| [CVE-2026-5808](https://nvd.nist.gov/vuln/detail/CVE-2026-5808) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-08 | A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an... |
| [CVE-2026-5806](https://nvd.nist.gov/vuln/detail/CVE-2026-5806) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-08 | A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the... |
| [CVE-2026-5711](https://nvd.nist.gov/vuln/detail/CVE-2026-5711) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block at... |
| [CVE-2026-40037](https://nvd.nist.gov/vuln/detail/CVE-2026-40037) | 7.1 | HIGH | CWE-601 | No | 0.0% | 4.97 | 2026-04-08 | OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that... |
| [CVE-2026-40036](https://nvd.nist.gov/vuln/detail/CVE-2026-40036) | 8.7 | HIGH | CWE-409 | No | 0.1% | 6.09 | 2026-04-08 | Unfurl before 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote a... |
| [CVE-2026-40035](https://nvd.nist.gov/vuln/detail/CVE-2026-40035) | 9.3 | CRITICAL | CWE-489 | No | 0.1% | 6.51 | 2026-04-08 | Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mo... |
| [CVE-2026-40032](https://nvd.nist.gov/vuln/detail/CVE-2026-40032) | 8.5 | HIGH | CWE-78 | No | 0.0% | 5.95 | 2026-04-08 | UAC (Unix-like Artifacts Collector) before 3.3.0-rc1 contains a command injection vulnerability in the placeholder subst... |
| [CVE-2026-40031](https://nvd.nist.gov/vuln/detail/CVE-2026-40031) | 8.5 | HIGH | CWE-427 | No | 0.0% | 5.95 | 2026-04-08 | MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking acr... |
| [CVE-2026-40030](https://nvd.nist.gov/vuln/detail/CVE-2026-40030) | 8.4 | HIGH | CWE-78 | No | 0.0% | 5.88 | 2026-04-08 | parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is... |
| [CVE-2026-40029](https://nvd.nist.gov/vuln/detail/CVE-2026-40029) | 8.5 | HIGH | CWE-78 | No | 0.0% | 5.95 | 2026-04-08 | parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsa... |
| [CVE-2026-40028](https://nvd.nist.gov/vuln/detail/CVE-2026-40028) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-08 | Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allow... |
| [CVE-2026-40027](https://nvd.nist.gov/vuln/detail/CVE-2026-40027) | 8.4 | HIGH | CWE-22 | No | 0.0% | 5.88 | 2026-04-08 | ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerability in the NQ_Vault.p... |
| [CVE-2026-40026](https://nvd.nist.gov/vuln/detail/CVE-2026-40026) | 4.8 | MEDIUM | CWE-125 | No | 0.0% | 3.36 | 2026-04-08 | The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the pa... |
| [CVE-2026-40025](https://nvd.nist.gov/vuln/detail/CVE-2026-40025) | 4.8 | MEDIUM | CWE-125 | No | 0.0% | 3.36 | 2026-04-08 | The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where th... |
| [CVE-2026-40024](https://nvd.nist.gov/vuln/detail/CVE-2026-40024) | 8.4 | HIGH | CWE-22 | No | 0.0% | 5.88 | 2026-04-08 | The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write fi... |
| [CVE-2026-39901](https://nvd.nist.gov/vuln/detail/CVE-2026-39901) | 5.7 | MEDIUM | CWE-285 | No | 0.0% | 3.99 | 2026-04-08 | monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity f... |
| [CVE-2026-5805](https://nvd.nist.gov/vuln/detail/CVE-2026-5805) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-08 | A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of... |
| [CVE-2026-5803](https://nvd.nist.gov/vuln/detail/CVE-2026-5803) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-08 | A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The aff... |
| [CVE-2026-5451](https://nvd.nist.gov/vuln/detail/CVE-2026-5451) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-trac... |
| [CVE-2026-5436](https://nvd.nist.gov/vuln/detail/CVE-2026-5436) | 8.1 | HIGH | CWE-22 | No | 0.2% | 5.68 | 2026-04-08 | The MW WP Form plugin for WordPress is vulnerable to Arbitrary File Move/Read in all versions up to and including 5.1.1.... |
| [CVE-2026-39892](https://nvd.nist.gov/vuln/detail/CVE-2026-39892) | 6.9 | MEDIUM | CWE-119 | No | 0.1% | 4.83 | 2026-04-08 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to b... |
| [CVE-2026-39891](https://nvd.nist.gov/vuln/detail/CVE-2026-39891) | 8.8 | HIGH | CWE-94 | No | 0.1% | 6.16 | 2026-04-08 | PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like... |
| [CVE-2026-39890](https://nvd.nist.gov/vuln/detail/CVE-2026-39890) | 9.8 | CRITICAL | CWE-502 | No | 0.4% | 6.87 | 2026-04-08 | PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml li... |
| [CVE-2026-39889](https://nvd.nist.gov/vuln/detail/CVE-2026-39889) | 7.5 | HIGH | CWE-200 | No | 0.0% | 5.25 | 2026-04-08 | PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI expo... |
| [CVE-2026-39888](https://nvd.nist.gov/vuln/detail/CVE-2026-39888) | 9.9 | CRITICAL | CWE-657 | No | 0.1% | 6.93 | 2026-04-08 | PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults... |
| [CVE-2026-39885](https://nvd.nist.gov/vuln/detail/CVE-2026-39885) | 7.5 | HIGH | CWE-918 | No | 0.0% | 5.25 | 2026-04-08 | FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi libr... |
| [CVE-2026-39883](https://nvd.nist.gov/vuln/detail/CVE-2026-39883) | 7.3 | HIGH | CWE-426 | No | 0.0% | 5.11 | 2026-04-08 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed th... |
| [CVE-2026-39882](https://nvd.nist.gov/vuln/detail/CVE-2026-39882) | 5.3 | MEDIUM | CWE-789 | No | 0.0% | 3.71 | 2026-04-08 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/log... |
| [CVE-2026-39881](https://nvd.nist.gov/vuln/detail/CVE-2026-39881) | 5.0 | MEDIUM | CWE-94 | No | 0.2% | 3.50 | 2026-04-08 | Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans... |
| [CVE-2026-39860](https://nvd.nist.gov/vuln/detail/CVE-2026-39860) | 9.0 | CRITICAL | CWE-61 | No | 0.0% | 6.30 | 2026-04-08 | Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary ove... |
| [CVE-2026-39844](https://nvd.nist.gov/vuln/detail/CVE-2026-39844) | 5.9 | MEDIUM | CWE-22 | No | 0.1% | 4.13 | 2026-04-08 | NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward slashes (/) as path... |
| [CVE-2026-39429](https://nvd.nist.gov/vuln/detail/CVE-2026-39429) | 8.2 | HIGH | CWE-302 | No | 0.1% | 5.74 | 2026-04-08 | kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior t... |
| [CVE-2026-39416](https://nvd.nist.gov/vuln/detail/CVE-2026-39416) | 8.5 | HIGH | CWE-79 | No | 0.1% | 5.95 | 2026-04-08 | AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a store... |
| [CVE-2026-39415](https://nvd.nist.gov/vuln/detail/CVE-2026-39415) | 5.3 | MEDIUM | CWE-602 | No | 0.1% | 3.71 | 2026-04-08 | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.46.0,... |
| [CVE-2026-39414](https://nvd.nist.gov/vuln/detail/CVE-2026-39414) | 7.1 | HIGH | CWE-770 | No | 0.0% | 4.97 | 2026-04-08 | MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-... |
| [CVE-2026-5802](https://nvd.nist.gov/vuln/detail/CVE-2026-5802) | 6.9 | MEDIUM | CWE-77 | No | 1.8% | 4.88 | 2026-04-08 | A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP... |
| [CVE-2026-39880](https://nvd.nist.gov/vuln/detail/CVE-2026-39880) | 5.0 | MEDIUM | CWE-362 | No | 0.0% | 3.50 | 2026-04-08 | Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the H... |
| [CVE-2026-39864](https://nvd.nist.gov/vuln/detail/CVE-2026-39864) | 4.4 | MEDIUM | CWE-125 | No | 0.2% | 3.09 | 2026-04-08 | Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in... |
| [CVE-2026-39863](https://nvd.nist.gov/vuln/detail/CVE-2026-39863) | 7.5 | HIGH | CWE-119 | No | 0.1% | 5.25 | 2026-04-08 | Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds... |
| [CVE-2026-39862](https://nvd.nist.gov/vuln/detail/CVE-2026-39862) | 6.3 | MEDIUM | CWE-78 | No | 0.5% | 4.43 | 2026-04-08 | Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted... |
| [CVE-2026-39859](https://nvd.nist.gov/vuln/detail/CVE-2026-39859) | 6.3 | MEDIUM | CWE-22 | No | 0.1% | 4.41 | 2026-04-08 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 d... |
| [CVE-2026-39413](https://nvd.nist.gov/vuln/detail/CVE-2026-39413) | 4.2 | MEDIUM | CWE-347 | No | 0.0% | 2.94 | 2026-04-08 | LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a J... |
| [CVE-2026-39412](https://nvd.nist.gov/vuln/detail/CVE-2026-39412) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-04-08 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sort_natural f... |
| [CVE-2026-39411](https://nvd.nist.gov/vuln/detail/CVE-2026-39411) | 5.0 | MEDIUM | CWE-287 | No | 0.0% | 3.50 | 2026-04-08 | LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to... |
| [CVE-2026-39362](https://nvd.nist.gov/vuln/detail/CVE-2026-39362) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-08 | InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DOWNLOAD_FROM_URL is e... |
| [CVE-2026-35525](https://nvd.nist.gov/vuln/detail/CVE-2026-35525) | 8.2 | HIGH | CWE-61 | No | 0.1% | 5.74 | 2026-04-08 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %},... |
| [CVE-2026-35479](https://nvd.nist.gov/vuln/detail/CVE-2026-35479) | 6.6 | MEDIUM | CWE-285 | No | 0.0% | 4.62 | 2026-04-08 | InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who have staff access permi... |
| [CVE-2026-35478](https://nvd.nist.gov/vuln/detail/CVE-2026-35478) | 8.3 | HIGH | CWE-639 | No | 0.1% | 5.81 | 2026-04-08 | InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user c... |
| [CVE-2026-35477](https://nvd.nist.gov/vuln/detail/CVE-2026-35477) | 5.5 | MEDIUM | CWE-1336 | No | 0.0% | 3.85 | 2026-04-08 | InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PA... |
| [CVE-2026-35476](https://nvd.nist.gov/vuln/detail/CVE-2026-35476) | 7.2 | HIGH | CWE-285 | No | 0.0% | 5.04 | 2026-04-08 | InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can el... |
| [CVE-2026-23869](https://nvd.nist.gov/vuln/detail/CVE-2026-23869) | 7.5 | HIGH | CWE-400 | No | 0.4% | 5.26 | 2026-04-08 | A denial of service vulnerability exists in React Server Components, affecting the following packages: react-server-dom-... |
| [CVE-2026-39851](https://nvd.nist.gov/vuln/detail/CVE-2026-39851) | 5.3 | MEDIUM | CWE-204 | No | 0.1% | 3.71 | 2026-04-08 | Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange... |
| [CVE-2026-35455](https://nvd.nist.gov/vuln/detail/CVE-2026-35455) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-08 | immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripti... |
| [CVE-2026-35446](https://nvd.nist.gov/vuln/detail/CVE-2026-35446) | 7.7 | HIGH | CWE-552 | No | 0.0% | 5.39 | 2026-04-08 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project... |
| [CVE-2026-35407](https://nvd.nist.gov/vuln/detail/CVE-2026-35407) | 5.9 | MEDIUM | CWE-285 | No | 0.0% | 4.13 | 2026-04-08 | Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and a... |
| [CVE-2026-35403](https://nvd.nist.gov/vuln/detail/CVE-2026-35403) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project... |
| [CVE-2026-35401](https://nvd.nist.gov/vuln/detail/CVE-2026-35401) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-04-08 | Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a malicious actor can i... |
| [CVE-2026-35400](https://nvd.nist.gov/vuln/detail/CVE-2026-35400) | 3.5 | LOW | CWE-59 | No | 0.0% | 2.45 | 2026-04-08 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project... |
| [CVE-2026-35169](https://nvd.nist.gov/vuln/detail/CVE-2026-35169) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-04-08 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project... |
| [CVE-2026-35165](https://nvd.nist.gov/vuln/detail/CVE-2026-35165) | 6.3 | MEDIUM | CWE-639 | No | 0.0% | 4.41 | 2026-04-08 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project... |
| [CVE-2026-34985](https://nvd.nist.gov/vuln/detail/CVE-2026-34985) | 6.3 | MEDIUM | CWE-639 | No | 0.0% | 4.41 | 2026-04-08 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project... |
| [CVE-2026-34837](https://nvd.nist.gov/vuln/detail/CVE-2026-34837) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/ai_ass... |
| [CVE-2026-34782](https://nvd.nist.gov/vuln/detail/CVE-2026-34782) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /ap... |
| [CVE-2026-34724](https://nvd.nist.gov/vuln/detail/CVE-2026-34724) | 8.7 | HIGH | CWE-94 | No | 0.1% | 6.09 | 2026-04-08 | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vul... |
| [CVE-2026-34723](https://nvd.nist.gov/vuln/detail/CVE-2026-34723) | 8.7 | HIGH | CWE-284 | No | 0.0% | 6.09 | 2026-04-08 | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote att... |
| [CVE-2026-34722](https://nvd.nist.gov/vuln/detail/CVE-2026-34722) | 6.9 | MEDIUM | CWE-862 | No | 0.1% | 4.83 | 2026-04-08 | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for tick... |
| [CVE-2026-34721](https://nvd.nist.gov/vuln/detail/CVE-2026-34721) | 5.9 | MEDIUM | CWE-352 | No | 0.0% | 4.13 | 2026-04-08 | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoin... |
| [CVE-2026-34720](https://nvd.nist.gov/vuln/detail/CVE-2026-34720) | 2.3 | LOW | CWE-346 | No | 0.0% | 1.61 | 2026-04-08 | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zamma... |
| [CVE-2026-34719](https://nvd.nist.gov/vuln/detail/CVE-2026-34719) | 8.3 | HIGH | CWE-918 | No | 0.0% | 5.81 | 2026-04-08 | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was miss... |
| [CVE-2026-34718](https://nvd.nist.gov/vuln/detail/CVE-2026-34718) | 5.3 | MEDIUM | CWE-80 | No | 0.1% | 3.71 | 2026-04-08 | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for tic... |
| [CVE-2026-34392](https://nvd.nist.gov/vuln/detail/CVE-2026-34392) | 7.5 | HIGH | CWE-552 | No | 0.0% | 5.25 | 2026-04-08 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project... |
| [CVE-2026-34248](https://nvd.nist.gov/vuln/detail/CVE-2026-34248) | 2.1 | LOW | CWE-284 | No | 0.0% | 1.47 | 2026-04-08 | Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (m... |
| [CVE-2026-34166](https://nvd.nist.gov/vuln/detail/CVE-2026-34166) | 3.7 | LOW | CWE-400 | No | 0.0% | 2.59 | 2026-04-08 | LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter... |
| [CVE-2026-33350](https://nvd.nist.gov/vuln/detail/CVE-2026-33350) | 7.5 | HIGH | CWE-89 | No | 0.0% | 5.25 | 2026-04-08 | LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project... |
| [CVE-2026-30817](https://nvd.nist.gov/vuln/detail/CVE-2026-30817) | 6.8 | MEDIUM | CWE-15 | No | 0.0% | 4.76 | 2026-04-08 | An external configuration control vulnerability in the OpenVPN module of TP-Link AX53 v1.0 allows an authenticated adjac... |
| [CVE-2026-2942](https://nvd.nist.gov/vuln/detail/CVE-2026-2942) | 9.8 | CRITICAL | CWE-434 | No | 0.2% | 6.87 | 2026-04-08 | The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validati... |
| [CVE-2026-27806](https://nvd.nist.gov/vuln/detail/CVE-2026-27806) | 7.8 | HIGH | CWE-78 | No | 0.0% | 5.46 | 2026-04-08 | Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotati... |
| [CVE-2026-20709](https://nvd.nist.gov/vuln/detail/CVE-2026-20709) | 5.8 | MEDIUM | CWE-1394 | No | 0.0% | 4.06 | 2026-04-08 | Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(... |
| [CVE-2026-0814](https://nvd.nist.gov/vuln/detail/CVE-2026-0814) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-08 | The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capabi... |
| [CVE-2026-0811](https://nvd.nist.gov/vuln/detail/CVE-2026-0811) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-04-08 | The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a... |
| [CVE-2025-50673](https://nvd.nist.gov/vuln/detail/CVE-2025-50673) | 7.5 | HIGH | CWE-120 | No | 0.0% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport paramet... |
| [CVE-2025-50672](https://nvd.nist.gov/vuln/detail/CVE-2025-50672) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /yyxz_... |
| [CVE-2025-50671](https://nvd.nist.gov/vuln/detail/CVE-2025-50671) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_... |
| [CVE-2025-50670](https://nvd.nist.gov/vuln/detail/CVE-2025-50670) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_... |
| [CVE-2025-50669](https://nvd.nist.gov/vuln/detail/CVE-2025-50669) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of... |
| [CVE-2025-50668](https://nvd.nist.gov/vuln/detail/CVE-2025-50668) | 7.5 | HIGH | CWE-120 | No | 0.0% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /... |
| [CVE-2025-50667](https://nvd.nist.gov/vuln/detail/CVE-2025-50667) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the iface parameter in t... |
| [CVE-2025-50666](https://nvd.nist.gov/vuln/detail/CVE-2025-50666) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in t... |
| [CVE-2025-50665](https://nvd.nist.gov/vuln/detail/CVE-2025-50665) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the... |
| [CVE-2025-50664](https://nvd.nist.gov/vuln/detail/CVE-2025-50664) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_... |
| [CVE-2025-50663](https://nvd.nist.gov/vuln/detail/CVE-2025-50663) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in th... |
| [CVE-2025-50662](https://nvd.nist.gov/vuln/detail/CVE-2025-50662) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in th... |
| [CVE-2025-50661](https://nvd.nist.gov/vuln/detail/CVE-2025-50661) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in t... |
| [CVE-2025-50660](https://nvd.nist.gov/vuln/detail/CVE-2025-50660) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in th... |
| [CVE-2025-50659](https://nvd.nist.gov/vuln/detail/CVE-2025-50659) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error paramet... |
| [CVE-2025-50657](https://nvd.nist.gov/vuln/detail/CVE-2025-50657) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the... |
| [CVE-2025-50655](https://nvd.nist.gov/vuln/detail/CVE-2025-50655) | 7.5 | HIGH | CWE-121 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in th... |
| [CVE-2025-50654](https://nvd.nist.gov/vuln/detail/CVE-2025-50654) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in th... |
| [CVE-2025-50653](https://nvd.nist.gov/vuln/detail/CVE-2025-50653) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem paramet... |
| [CVE-2025-50652](https://nvd.nist.gov/vuln/detail/CVE-2025-50652) | 7.5 | HIGH | CWE-120 | No | 0.0% | 5.25 | 2026-04-08 | An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint... |
| [CVE-2025-50650](https://nvd.nist.gov/vuln/detail/CVE-2025-50650) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the ro... |
| [CVE-2025-50649](https://nvd.nist.gov/vuln/detail/CVE-2025-50649) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name pa... |
| [CVE-2025-50648](https://nvd.nist.gov/vuln/detail/CVE-2025-50648) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp... |
| [CVE-2025-50647](https://nvd.nist.gov/vuln/detail/CVE-2025-50647) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter... |
| [CVE-2025-50646](https://nvd.nist.gov/vuln/detail/CVE-2025-50646) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name par... |
| [CVE-2025-50645](https://nvd.nist.gov/vuln/detail/CVE-2025-50645) | 7.5 | HIGH | CWE-120 | No | 0.0% | 5.25 | 2026-04-08 | A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s paramet... |
| [CVE-2025-50644](https://nvd.nist.gov/vuln/detail/CVE-2025-50644) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.a... |
| [CVE-2026-33756](https://nvd.nist.gov/vuln/detail/CVE-2026-33756) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-04-08 | Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query b... |
| [CVE-2026-33466](https://nvd.nist.gov/vuln/detail/CVE-2026-33466) | 8.1 | HIGH | CWE-22 | No | 0.4% | 5.68 | 2026-04-08 | Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and po... |
| [CVE-2026-33459](https://nvd.nist.gov/vuln/detail/CVE-2026-33459) | 6.5 | MEDIUM | CWE-400 | No | 0.0% | 4.55 | 2026-04-08 | Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130)... |
| [CVE-2026-33458](https://nvd.nist.gov/vuln/detail/CVE-2026-33458) | 6.3 | MEDIUM | CWE-918 | No | 0.1% | 4.41 | 2026-04-08 | Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user w... |
| [CVE-2026-32591](https://nvd.nist.gov/vuln/detail/CVE-2026-32591) | 5.2 | MEDIUM | CWE-918 | No | 0.0% | 3.64 | 2026-04-08 | A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an u... |
| [CVE-2026-32590](https://nvd.nist.gov/vuln/detail/CVE-2026-32590) | 7.1 | HIGH | CWE-502 | No | 0.1% | 4.97 | 2026-04-08 | A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores interm... |
| [CVE-2026-32589](https://nvd.nist.gov/vuln/detail/CVE-2026-32589) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-04-08 | A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any reposit... |
| [CVE-2025-52222](https://nvd.nist.gov/vuln/detail/CVE-2025-52222) | 7.5 | HIGH | CWE-120 | No | 0.0% | 5.25 | 2026-04-08 | D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-840... |
| [CVE-2025-52221](https://nvd.nist.gov/vuln/detail/CVE-2025-52221) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-04-08 | Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and... |
| [CVE-2025-45059](https://nvd.nist.gov/vuln/detail/CVE-2025-45059) | 7.5 | HIGH | CWE-120 | No | 0.0% | 5.25 | 2026-04-08 | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function.... |
| [CVE-2025-45058](https://nvd.nist.gov/vuln/detail/CVE-2025-45058) | 7.5 | HIGH | CWE-120 | No | 0.0% | 5.25 | 2026-04-08 | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. T... |
| [CVE-2025-45057](https://nvd.nist.gov/vuln/detail/CVE-2025-45057) | 7.5 | HIGH | CWE-120 | No | 0.0% | 5.25 | 2026-04-08 | D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp funct... |
| [CVE-2026-4837](https://nvd.nist.gov/vuln/detail/CVE-2026-4837) | 6.6 | MEDIUM | CWE-95 | No | 0.3% | 4.63 | 2026-04-08 | An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically all... |
| [CVE-2026-4498](https://nvd.nist.gov/vuln/detail/CVE-2026-4498) | 7.7 | HIGH | CWE-250 | No | 0.1% | 5.39 | 2026-04-08 | Execution with Unnecessary Privileges (CWE-250) in Kibana’s Fleet plugin debug route handlers can lead reading index dat... |
| [CVE-2026-33461](https://nvd.nist.gov/vuln/detail/CVE-2026-33461) | 7.7 | HIGH | CWE-863 | No | 0.1% | 5.39 | 2026-04-08 | Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user w... |
| [CVE-2026-33460](https://nvd.nist.gov/vuln/detail/CVE-2026-33460) | 4.3 | MEDIUM | CWE-863 | No | 0.0% | 3.01 | 2026-04-08 | Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privilege Abuse (CAPEC-12... |
| [CVE-2026-31017](https://nvd.nist.gov/vuln/detail/CVE-2026-31017) | 9.1 | CRITICAL | CWE-918 | No | 0.0% | 6.37 | 2026-04-08 | A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frapp... |
| [CVE-2026-30080](https://nvd.nist.gov/vuln/detail/CVE-2026-30080) | 7.5 | HIGH | CWE-294 | No | 0.0% | 5.25 | 2026-04-08 | OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported int... |
| [CVE-2026-30075](https://nvd.nist.gov/vuln/detail/CVE-2026-30075) | 7.5 | HIGH | CWE-120 | No | 0.1% | 5.25 | 2026-04-08 | OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentic... |
| [CVE-2026-2377](https://nvd.nist.gov/vuln/detail/CVE-2026-2377) | 6.5 | MEDIUM | CWE-918 | No | 0.0% | 4.55 | 2026-04-08 | A flaw was found in mirror-registry. Authenticated users can exploit the log export feature by providing a specially cra... |
| [CVE-2025-57175](https://nvd.nist.gov/vuln/detail/CVE-2025-57175) | 6.4 | MEDIUM | CWE-259 | No | 0.0% | 4.48 | 2026-04-08 | Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10_6_2-18707-ea552dc00b devices have a static root password. |
| [CVE-2025-14243](https://nvd.nist.gov/vuln/detail/CVE-2025-14243) | 5.3 | MEDIUM | CWE-209 | No | 0.1% | 3.71 | 2026-04-08 | A flaw was found in the OpenShift Mirror Registry. This vulnerability allows an unauthenticated, remote attacker to enum... |
| [CVE-2023-46945](https://nvd.nist.gov/vuln/detail/CVE-2023-46945) | 9.1 | CRITICAL | CWE-918 | No | 0.0% | 6.37 | 2026-04-08 | QD 20230821 is vulnerable to Server-side request forgery (SSRF) via a crafted request |
| [CVE-2026-33753](https://nvd.nist.gov/vuln/detail/CVE-2026-33753) | 6.2 | MEDIUM | CWE-295 | No | 0.0% | 4.34 | 2026-04-08 | rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to 1.0.6, an... |
| [CVE-2026-33229](https://nvd.nist.gov/vuln/detail/CVE-2026-33229) | 8.6 | HIGH | CWE-862 | No | 0.2% | 6.02 | 2026-04-08 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8... |
| [CVE-2026-31040](https://nvd.nist.gov/vuln/detail/CVE-2026-31040) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-04-08 | A vulnerability was identified in stata-mcp prior to v1.13.0 where insufficient validation of user-supplied Stata do-fil... |
| [CVE-2026-39865](https://nvd.nist.gov/vuln/detail/CVE-2026-39865) | 5.9 | MEDIUM | CWE-400 | No | 0.0% | 4.13 | 2026-04-08 | Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios... |
| [CVE-2026-39410](https://nvd.nist.gov/vuln/detail/CVE-2026-39410) | 4.8 | MEDIUM | CWE-20 | No | 0.0% | 3.36 | 2026-04-08 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a discrepancy be... |
| [CVE-2026-39409](https://nvd.nist.gov/vuln/detail/CVE-2026-39409) | 6.3 | MEDIUM | CWE-180 | No | 0.1% | 4.41 | 2026-04-08 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, ipRestriction()... |
| [CVE-2026-39408](https://nvd.nist.gov/vuln/detail/CVE-2026-39408) | 5.9 | MEDIUM | CWE-22 | No | 0.0% | 4.13 | 2026-04-08 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal... |
| [CVE-2026-39407](https://nvd.nist.gov/vuln/detail/CVE-2026-39407) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-04-08 | Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling... |
| [CVE-2026-39406](https://nvd.nist.gov/vuln/detail/CVE-2026-39406) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-04-08 | @hono/node-server allows running the Hono application on Node.js. Prior to 1.19.13, a path handling inconsistency in ser... |
| [CVE-2026-39394](https://nvd.nist.gov/vuln/detail/CVE-2026-39394) | 8.1 | HIGH | CWE-93 | No | 0.0% | 5.67 | 2026-04-08 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-39393](https://nvd.nist.gov/vuln/detail/CVE-2026-39393) | 8.1 | HIGH | CWE-306 | No | 0.0% | 5.67 | 2026-04-08 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-39392](https://nvd.nist.gov/vuln/detail/CVE-2026-39392) | 5.5 | MEDIUM | CWE-79 | No | 0.0% | 3.85 | 2026-04-08 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-39391](https://nvd.nist.gov/vuln/detail/CVE-2026-39391) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-08 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-39390](https://nvd.nist.gov/vuln/detail/CVE-2026-39390) | 5.5 | MEDIUM | CWE-79 | No | 0.0% | 3.85 | 2026-04-08 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-39389](https://nvd.nist.gov/vuln/detail/CVE-2026-39389) | 6.7 | MEDIUM | CWE-285 | No | 0.0% | 4.69 | 2026-04-08 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-35023](https://nvd.nist.gov/vuln/detail/CVE-2026-35023) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-04-08 | Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the previ... |
| [CVE-2026-2509](https://nvd.nist.gov/vuln/detail/CVE-2026-2509) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Page Builder: Pagelayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Button widget's Cu... |
| [CVE-2025-58713](https://nvd.nist.gov/vuln/detail/CVE-2025-58713) | 6.4 | MEDIUM | CWE-276 | No | 0.0% | 4.48 | 2026-04-08 | A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems f... |
| [CVE-2025-57854](https://nvd.nist.gov/vuln/detail/CVE-2025-57854) | 6.4 | MEDIUM | CWE-276 | No | 0.0% | 4.48 | 2026-04-08 | A container privilege escalation flaw was found in certain OpenShift Update Service (OSUS) images. This issue stems from... |
| [CVE-2025-57853](https://nvd.nist.gov/vuln/detail/CVE-2025-57853) | 6.4 | MEDIUM | CWE-276 | No | 0.0% | 4.48 | 2026-04-08 | A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd fi... |
| [CVE-2025-57851](https://nvd.nist.gov/vuln/detail/CVE-2025-57851) | 6.4 | MEDIUM | CWE-276 | No | 0.0% | 4.48 | 2026-04-08 | A container privilege escalation flaw was found in certain Multicluster Engine for Kubernetes images. This issue stems f... |
| [CVE-2025-57847](https://nvd.nist.gov/vuln/detail/CVE-2025-57847) | 6.4 | MEDIUM | CWE-276 | No | 0.0% | 4.48 | 2026-04-08 | A container privilege escalation flaw was found in certain Ansible Automation Platform images. This issue arises from th... |
| [CVE-2025-14816](https://nvd.nist.gov/vuln/detail/CVE-2025-14816) | 9.3 | CRITICAL | CWE-317 | No | 0.0% | 6.51 | 2026-04-08 | Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and pr... |
| [CVE-2025-14815](https://nvd.nist.gov/vuln/detail/CVE-2025-14815) | 9.3 | CRITICAL | CWE-312 | No | 0.0% | 6.51 | 2026-04-08 | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mi... |
| [CVE-2026-5302](https://nvd.nist.gov/vuln/detail/CVE-2026-5302) | 6.3 | MEDIUM | CWE-942 | No | 0.1% | 4.41 | 2026-04-08 | CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and se... |
| [CVE-2026-5301](https://nvd.nist.gov/vuln/detail/CVE-2026-5301) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-04-08 | Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the serv... |
| [CVE-2026-5300](https://nvd.nist.gov/vuln/detail/CVE-2026-5300) | 5.9 | MEDIUM | CWE-306 | No | 0.0% | 4.13 | 2026-04-08 | Unauthenticated functionality in  CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modif... |
| [CVE-2026-4402](https://nvd.nist.gov/vuln/detail/CVE-2026-4402) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-08 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r... |
| [CVE-2026-28261](https://nvd.nist.gov/vuln/detail/CVE-2026-28261) | 7.8 | HIGH | CWE-532 | No | 0.0% | 5.46 | 2026-04-08 | Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0... |
| [CVE-2026-27102](https://nvd.nist.gov/vuln/detail/CVE-2026-27102) | 6.6 | MEDIUM | CWE-266 | No | 0.0% | 4.62 | 2026-04-08 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect p... |
| [CVE-2026-24511](https://nvd.nist.gov/vuln/detail/CVE-2026-24511) | 4.4 | MEDIUM | CWE-209 | No | 0.0% | 3.08 | 2026-04-08 | Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation o... |
| [CVE-2026-5208](https://nvd.nist.gov/vuln/detail/CVE-2026-5208) | 8.2 | HIGH | CWE-78 | No | 0.1% | 5.74 | 2026-04-08 | Command injection in alerts in CoolerControl/coolercontrold <4.0.0 allows authenticated attackers to execute arbitrary c... |
| [CVE-2026-3396](https://nvd.nist.gov/vuln/detail/CVE-2026-3396) | 7.5 | HIGH | CWE-89 | No | 18.9% | 5.82 | 2026-04-08 | WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter... |
| [CVE-2026-3243](https://nvd.nist.gov/vuln/detail/CVE-2026-3243) | 8.8 | HIGH | CWE-22 | No | 0.2% | 6.17 | 2026-04-08 | The Advanced Members for ACF plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path... |
| [CVE-2026-2481](https://nvd.nist.gov/vuln/detail/CVE-2026-2481) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site... |
| [CVE-2026-28264](https://nvd.nist.gov/vuln/detail/CVE-2026-28264) | 3.3 | LOW | CWE-732 | No | 0.0% | 2.31 | 2026-04-08 | Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Re... |
| [CVE-2026-1865](https://nvd.nist.gov/vuln/detail/CVE-2026-1865) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-04-08 | The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom U... |
| [CVE-2026-1673](https://nvd.nist.gov/vuln/detail/CVE-2026-1673) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-04-08 | The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnera... |
| [CVE-2026-1672](https://nvd.nist.gov/vuln/detail/CVE-2026-1672) | 6.5 | MEDIUM | CWE-352 | No | 0.0% | 4.55 | 2026-04-08 | The BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net plugin for WordPress is vulnera... |
| [CVE-2026-4303](https://nvd.nist.gov/vuln/detail/CVE-2026-4303) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The WP Visitor Statistics (Real Time Traffic) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... |
| [CVE-2026-4300](https://nvd.nist.gov/vuln/detail/CVE-2026-4300) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Robo Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Loading Label' setting in al... |
| [CVE-2026-4073](https://nvd.nist.gov/vuln/detail/CVE-2026-4073) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The pdfl.io plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pdflio' shortcode in all versions... |
| [CVE-2026-4025](https://nvd.nist.gov/vuln/detail/CVE-2026-4025) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attr... |
| [CVE-2026-39716](https://nvd.nist.gov/vuln/detail/CVE-2026-39716) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in CKThemes Flipmart flipmart allows Exploiting Incorrectly Configured Access Contro... |
| [CVE-2026-39715](https://nvd.nist.gov/vuln/detail/CVE-2026-39715) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows E... |
| [CVE-2026-39714](https://nvd.nist.gov/vuln/detail/CVE-2026-39714) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in G5Theme G5Plus April g5plus-april allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-39713](https://nvd.nist.gov/vuln/detail/CVE-2026-39713) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in mailercloud Mailercloud &#8211; Integrate webforms and synchronize website contac... |
| [CVE-2026-39712](https://nvd.nist.gov/vuln/detail/CVE-2026-39712) | 5.3 | MEDIUM | CWE-80 | No | 0.1% | 3.71 | 2026-04-08 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in tagDiv tagDiv Composer td... |
| [CVE-2026-39711](https://nvd.nist.gov/vuln/detail/CVE-2026-39711) | 5.3 | MEDIUM | CWE-201 | No | 0.0% | 3.71 | 2026-04-08 | Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 \| Extensions rt18-extensions allo... |
| [CVE-2026-39710](https://nvd.nist.gov/vuln/detail/CVE-2026-39710) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in stmcan RT-Theme 18 \| Extensions rt18-extensions allows Cross Site Re... |
| [CVE-2026-39709](https://nvd.nist.gov/vuln/detail/CVE-2026-39709) | 5.3 | MEDIUM | CWE-201 | No | 0.0% | 3.71 | 2026-04-08 | Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retriev... |
| [CVE-2026-39708](https://nvd.nist.gov/vuln/detail/CVE-2026-39708) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uicore UiCore Elem... |
| [CVE-2026-39707](https://nvd.nist.gov/vuln/detail/CVE-2026-39707) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in ZealousWeb Accept PayPal Payments using Contact Form 7 contact-form-7-paypal-exte... |
| [CVE-2026-39706](https://nvd.nist.gov/vuln/detail/CVE-2026-39706) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Netro Systems Make My Trivia trivialy allows Exploiting Incorrectly Configured Ac... |
| [CVE-2026-39705](https://nvd.nist.gov/vuln/detail/CVE-2026-39705) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Mulika Team MIPL WC Multisite Sync mipl-wc-multisite-sync allows Exploiting Incor... |
| [CVE-2026-39704](https://nvd.nist.gov/vuln/detail/CVE-2026-39704) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing &#8211; Pro precious-m... |
| [CVE-2026-39703](https://nvd.nist.gov/vuln/detail/CVE-2026-39703) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpbits WPBITS Addo... |
| [CVE-2026-39702](https://nvd.nist.gov/vuln/detail/CVE-2026-39702) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wealcoder Animatio... |
| [CVE-2026-39701](https://nvd.nist.gov/vuln/detail/CVE-2026-39701) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control S... |
| [CVE-2026-39700](https://nvd.nist.gov/vuln/detail/CVE-2026-39700) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in WPXPO WowOptin optin allows Exploiting Incorrectly Configured Access Control Secu... |
| [CVE-2026-39699](https://nvd.nist.gov/vuln/detail/CVE-2026-39699) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting... |
| [CVE-2026-39698](https://nvd.nist.gov/vuln/detail/CVE-2026-39698) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploi... |
| [CVE-2026-39697](https://nvd.nist.gov/vuln/detail/CVE-2026-39697) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in HBSS Technologies MAIO &#8211; The new AI GEO / SEO tool maio-the-new-ai-geo-seo-... |
| [CVE-2026-39696](https://nvd.nist.gov/vuln/detail/CVE-2026-39696) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elfsight Elfsight... |
| [CVE-2026-39695](https://nvd.nist.gov/vuln/detail/CVE-2026-39695) | 5.4 | MEDIUM | CWE-918 | No | 0.0% | 3.78 | 2026-04-08 | Server-Side Request Forgery (SSRF) vulnerability in podigee Podigee podigee allows Server Side Request Forgery.This issu... |
| [CVE-2026-39694](https://nvd.nist.gov/vuln/detail/CVE-2026-39694) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploit... |
| [CVE-2026-39693](https://nvd.nist.gov/vuln/detail/CVE-2026-39693) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fesomia FSM Custom... |
| [CVE-2026-39692](https://nvd.nist.gov/vuln/detail/CVE-2026-39692) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Comp... |
| [CVE-2026-39691](https://nvd.nist.gov/vuln/detail/CVE-2026-39691) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in AdAstraCrypto Cryptocurrency Donation Box – Bitcoin & Crypto Donations cryptocurr... |
| [CVE-2026-39690](https://nvd.nist.gov/vuln/detail/CVE-2026-39690) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Paul Bearne Author Avatars List/Block author-avatars allows Exploiting Incorrectl... |
| [CVE-2026-39689](https://nvd.nist.gov/vuln/detail/CVE-2026-39689) | 0.0 | NONE | CWE-862 | No | 0.0% | 0.00 | 2026-04-08 | Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Config... |
| [CVE-2026-39688](https://nvd.nist.gov/vuln/detail/CVE-2026-39688) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Glowlogix WP Frontend Profile wp-front-end-profile allows Exploiting Incorrectly... |
| [CVE-2026-39687](https://nvd.nist.gov/vuln/detail/CVE-2026-39687) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiti... |
| [CVE-2026-39686](https://nvd.nist.gov/vuln/detail/CVE-2026-39686) | 0.0 | NONE | CWE-497 | No | 0.0% | 0.00 | 2026-04-08 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in bannersky BSK PDF Manager bs... |
| [CVE-2026-39685](https://nvd.nist.gov/vuln/detail/CVE-2026-39685) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in lvaudore The Moneytizer the-moneytizer allows Exploiting Incorrectly Configured A... |
| [CVE-2026-39684](https://nvd.nist.gov/vuln/detail/CVE-2026-39684) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-04-08 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-39683](https://nvd.nist.gov/vuln/detail/CVE-2026-39683) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chief Gnome Garden... |
| [CVE-2026-39682](https://nvd.nist.gov/vuln/detail/CVE-2026-39682) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Arjan Pronk linkPizza-Manager linkpizza-manager allows Exploiting Incorrectly Con... |
| [CVE-2026-39681](https://nvd.nist.gov/vuln/detail/CVE-2026-39681) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-04-08 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-39680](https://nvd.nist.gov/vuln/detail/CVE-2026-39680) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in MWP Development Diet Calorie Calculator diet-calorie-calculator allows Exploiting... |
| [CVE-2026-39679](https://nvd.nist.gov/vuln/detail/CVE-2026-39679) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-04-08 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-39678](https://nvd.nist.gov/vuln/detail/CVE-2026-39678) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in DOTonPAPER Pinpoint Booking System booking-system allows Exploiting Incorrectly C... |
| [CVE-2026-39677](https://nvd.nist.gov/vuln/detail/CVE-2026-39677) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-04-08 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-39676](https://nvd.nist.gov/vuln/detail/CVE-2026-39676) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configur... |
| [CVE-2026-39675](https://nvd.nist.gov/vuln/detail/CVE-2026-39675) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in webmuehle Court Reservation court-reservation allows Exploiting Incorrectly Confi... |
| [CVE-2026-39674](https://nvd.nist.gov/vuln/detail/CVE-2026-39674) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Goo... |
| [CVE-2026-39673](https://nvd.nist.gov/vuln/detail/CVE-2026-39673) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in shrikantkale iZooto izooto-web-push allows Exploiting Incorrectly Configured Acce... |
| [CVE-2026-39672](https://nvd.nist.gov/vuln/detail/CVE-2026-39672) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Ex... |
| [CVE-2026-39671](https://nvd.nist.gov/vuln/detail/CVE-2026-39671) | 7.1 | HIGH | CWE-352 | No | 0.0% | 4.97 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fe... |
| [CVE-2026-39670](https://nvd.nist.gov/vuln/detail/CVE-2026-39670) | 6.0 | MEDIUM | CWE-918 | No | 0.0% | 4.20 | 2026-04-08 | Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Re... |
| [CVE-2026-39669](https://nvd.nist.gov/vuln/detail/CVE-2026-39669) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Con... |
| [CVE-2026-39668](https://nvd.nist.gov/vuln/detail/CVE-2026-39668) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Expl... |
| [CVE-2026-39667](https://nvd.nist.gov/vuln/detail/CVE-2026-39667) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Kor... |
| [CVE-2026-39666](https://nvd.nist.gov/vuln/detail/CVE-2026-39666) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Ba... |
| [CVE-2026-39665](https://nvd.nist.gov/vuln/detail/CVE-2026-39665) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vladimir Prelovac... |
| [CVE-2026-39664](https://nvd.nist.gov/vuln/detail/CVE-2026-39664) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in leadrebel Leadrebel leadrebel allows Exploiting Incorrectly Configured Access Con... |
| [CVE-2026-39663](https://nvd.nist.gov/vuln/detail/CVE-2026-39663) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in themetechmount TrueBooker truebooker-appointment-booking allows Exploiting Incorr... |
| [CVE-2026-39662](https://nvd.nist.gov/vuln/detail/CVE-2026-39662) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-fo... |
| [CVE-2026-39660](https://nvd.nist.gov/vuln/detail/CVE-2026-39660) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured... |
| [CVE-2026-39659](https://nvd.nist.gov/vuln/detail/CVE-2026-39659) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Ultimate Member Ultimate Member ultimate-member allows Exploiting Incorrectly Con... |
| [CVE-2026-39658](https://nvd.nist.gov/vuln/detail/CVE-2026-39658) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Coding Panda Panda Pods Repeater Field panda-pods-repeater-field allows Exploitin... |
| [CVE-2026-39657](https://nvd.nist.gov/vuln/detail/CVE-2026-39657) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in leadlovers leadlovers forms leadlovers-forms allows Exploiting Incorrectly Config... |
| [CVE-2026-39656](https://nvd.nist.gov/vuln/detail/CVE-2026-39656) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Razorpay Razorpay for WooCommerce woo-razorpay allows Exploiting Incorrectly Conf... |
| [CVE-2026-39654](https://nvd.nist.gov/vuln/detail/CVE-2026-39654) | 0.0 | NONE | CWE-79 | No | 0.0% | 0.00 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Si... |
| [CVE-2026-39653](https://nvd.nist.gov/vuln/detail/CVE-2026-39653) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-08 | Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api... |
| [CVE-2026-39652](https://nvd.nist.gov/vuln/detail/CVE-2026-39652) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in igms iGMS Direct Booking igms-direct-booking allows Exploiting Incorrectly Config... |
| [CVE-2026-39651](https://nvd.nist.gov/vuln/detail/CVE-2026-39651) | 6.3 | MEDIUM | CWE-862 | No | 0.0% | 4.41 | 2026-04-08 | Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configure... |
| [CVE-2026-39650](https://nvd.nist.gov/vuln/detail/CVE-2026-39650) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Unitech Web UnitechPay unitechpay-paiements-mobile-money allows Exploiting Incorr... |
| [CVE-2026-39649](https://nvd.nist.gov/vuln/detail/CVE-2026-39649) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in themebeez Royale News royale-news allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-39648](https://nvd.nist.gov/vuln/detail/CVE-2026-39648) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in themebeez Cream Blog cream-blog allows Exploiting Incorrectly Configured Access C... |
| [CVE-2026-39647](https://nvd.nist.gov/vuln/detail/CVE-2026-39647) | 5.4 | MEDIUM | CWE-918 | No | 0.0% | 3.78 | 2026-04-08 | Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-mus... |
| [CVE-2026-39646](https://nvd.nist.gov/vuln/detail/CVE-2026-39646) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bozdoz Leaflet Map... |
| [CVE-2026-39645](https://nvd.nist.gov/vuln/detail/CVE-2026-39645) | 5.4 | MEDIUM | CWE-918 | No | 0.0% | 3.78 | 2026-04-08 | Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommer... |
| [CVE-2026-39644](https://nvd.nist.gov/vuln/detail/CVE-2026-39644) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Config... |
| [CVE-2026-39643](https://nvd.nist.gov/vuln/detail/CVE-2026-39643) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Payment Plugins Payment Plugins for PayPal WooCommerce pymntpl-paypal-woocommerce... |
| [CVE-2026-39641](https://nvd.nist.gov/vuln/detail/CVE-2026-39641) | 6.5 | MEDIUM | CWE-352 | No | 0.0% | 4.55 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This... |
| [CVE-2026-39640](https://nvd.nist.gov/vuln/detail/CVE-2026-39640) | 9.6 | CRITICAL | CWE-352 | No | 0.0% | 6.72 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This iss... |
| [CVE-2026-39639](https://nvd.nist.gov/vuln/detail/CVE-2026-39639) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-04-08 | Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorre... |
| [CVE-2026-39638](https://nvd.nist.gov/vuln/detail/CVE-2026-39638) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qub... |
| [CVE-2026-39637](https://nvd.nist.gov/vuln/detail/CVE-2026-39637) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in SpabRice Mogi mogi allows Exploiting Incorrectly Configured Access Control Securi... |
| [CVE-2026-39636](https://nvd.nist.gov/vuln/detail/CVE-2026-39636) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in livemesh Livemesh... |
| [CVE-2026-39635](https://nvd.nist.gov/vuln/detail/CVE-2026-39635) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Magazine grandmagazine allows Cross Site Request For... |
| [CVE-2026-39634](https://nvd.nist.gov/vuln/detail/CVE-2026-39634) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request F... |
| [CVE-2026-39633](https://nvd.nist.gov/vuln/detail/CVE-2026-39633) | 6.5 | MEDIUM | CWE-352 | No | 0.0% | 4.55 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request... |
| [CVE-2026-39632](https://nvd.nist.gov/vuln/detail/CVE-2026-39632) | 6.5 | MEDIUM | CWE-352 | No | 0.0% | 4.55 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.Thi... |
| [CVE-2026-39631](https://nvd.nist.gov/vuln/detail/CVE-2026-39631) | 4.9 | MEDIUM | CWE-862 | No | 0.0% | 3.43 | 2026-04-08 | Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Confi... |
| [CVE-2026-39630](https://nvd.nist.gov/vuln/detail/CVE-2026-39630) | 6.4 | MEDIUM | CWE-918 | No | 0.0% | 4.48 | 2026-04-08 | Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Fo... |
| [CVE-2026-39629](https://nvd.nist.gov/vuln/detail/CVE-2026-39629) | 5.3 | MEDIUM | CWE-80 | No | 0.1% | 3.71 | 2026-04-08 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Uminex uminex... |
| [CVE-2026-39628](https://nvd.nist.gov/vuln/detail/CVE-2026-39628) | 5.3 | MEDIUM | CWE-80 | No | 0.1% | 3.71 | 2026-04-08 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket duk... |
| [CVE-2026-39627](https://nvd.nist.gov/vuln/detail/CVE-2026-39627) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-08 | Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Securit... |
| [CVE-2026-39626](https://nvd.nist.gov/vuln/detail/CVE-2026-39626) | 5.3 | MEDIUM | CWE-80 | No | 0.1% | 3.71 | 2026-04-08 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armani... |
| [CVE-2026-39625](https://nvd.nist.gov/vuln/detail/CVE-2026-39625) | 5.3 | MEDIUM | CWE-80 | No | 0.1% | 3.71 | 2026-04-08 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes TechOne techon... |
| [CVE-2026-39624](https://nvd.nist.gov/vuln/detail/CVE-2026-39624) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Contro... |
| [CVE-2026-39623](https://nvd.nist.gov/vuln/detail/CVE-2026-39623) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-04-08 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-39622](https://nvd.nist.gov/vuln/detail/CVE-2026-39622) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in acmethemes Education Base education-base allows Exploiting Incorrectly Configured... |
| [CVE-2026-39621](https://nvd.nist.gov/vuln/detail/CVE-2026-39621) | 8.8 | HIGH | CWE-352 | No | 0.0% | 6.16 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web... |
| [CVE-2026-39620](https://nvd.nist.gov/vuln/detail/CVE-2026-39620) | 9.6 | CRITICAL | CWE-352 | No | 0.0% | 6.72 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to... |
| [CVE-2026-39619](https://nvd.nist.gov/vuln/detail/CVE-2026-39619) | 9.6 | CRITICAL | CWE-352 | No | 0.0% | 6.72 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web... |
| [CVE-2026-39618](https://nvd.nist.gov/vuln/detail/CVE-2026-39618) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This iss... |
| [CVE-2026-39617](https://nvd.nist.gov/vuln/detail/CVE-2026-39617) | 9.6 | CRITICAL | CWE-352 | No | 0.0% | 6.72 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in priyanshumittal Bluestreet bluestreet allows Cross Site Request Forge... |
| [CVE-2026-39616](https://nvd.nist.gov/vuln/detail/CVE-2026-39616) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-04-08 | Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments all... |
| [CVE-2026-39615](https://nvd.nist.gov/vuln/detail/CVE-2026-39615) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download... |
| [CVE-2026-39614](https://nvd.nist.gov/vuln/detail/CVE-2026-39614) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-04-08 | Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly... |
| [CVE-2026-39613](https://nvd.nist.gov/vuln/detail/CVE-2026-39613) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-04-08 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-39612](https://nvd.nist.gov/vuln/detail/CVE-2026-39612) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Cont... |
| [CVE-2026-39611](https://nvd.nist.gov/vuln/detail/CVE-2026-39611) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-04-08 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-39610](https://nvd.nist.gov/vuln/detail/CVE-2026-39610) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Pankaj Kumar WpXmas-Snow wpxmas-snow allows Exploiting Incorrectly Configured Acc... |
| [CVE-2026-39609](https://nvd.nist.gov/vuln/detail/CVE-2026-39609) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-39608](https://nvd.nist.gov/vuln/detail/CVE-2026-39608) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in iPOSPays iPOSpays Gateways WC ipospays-gateways-wc allows Exploiting Incorrectly... |
| [CVE-2026-39607](https://nvd.nist.gov/vuln/detail/CVE-2026-39607) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-04-08 | Missing Authorization vulnerability in Wpbens Filter Plus filter-plus allows Exploiting Incorrectly Configured Access Co... |
| [CVE-2026-39606](https://nvd.nist.gov/vuln/detail/CVE-2026-39606) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access... |
| [CVE-2026-39605](https://nvd.nist.gov/vuln/detail/CVE-2026-39605) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Confi... |
| [CVE-2026-39604](https://nvd.nist.gov/vuln/detail/CVE-2026-39604) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zookatron MyBookTa... |
| [CVE-2026-39603](https://nvd.nist.gov/vuln/detail/CVE-2026-39603) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-04-08 | Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Photography grandphotography allows Cross Site Reque... |
| [CVE-2026-39602](https://nvd.nist.gov/vuln/detail/CVE-2026-39602) | 0.0 | NONE | CWE-862 | No | 0.0% | 0.00 | 2026-04-08 | Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured... |
| [CVE-2026-39592](https://nvd.nist.gov/vuln/detail/CVE-2026-39592) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-08 | Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrec... |
| [CVE-2026-39588](https://nvd.nist.gov/vuln/detail/CVE-2026-39588) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allo... |
| [CVE-2026-39586](https://nvd.nist.gov/vuln/detail/CVE-2026-39586) | 5.3 | MEDIUM | CWE-201 | No | 0.0% | 3.71 | 2026-04-08 | Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows... |
| [CVE-2026-39585](https://nvd.nist.gov/vuln/detail/CVE-2026-39585) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Contr... |
| [CVE-2026-39575](https://nvd.nist.gov/vuln/detail/CVE-2026-39575) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ronald Huereca Cus... |
| [CVE-2026-39572](https://nvd.nist.gov/vuln/detail/CVE-2026-39572) | 4.0 | MEDIUM | CWE-497 | No | 0.0% | 2.80 | 2026-04-08 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Bo... |
| [CVE-2026-39571](https://nvd.nist.gov/vuln/detail/CVE-2026-39571) | 5.3 | MEDIUM | CWE-497 | No | 0.0% | 3.71 | 2026-04-08 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio... |
| [CVE-2026-39570](https://nvd.nist.gov/vuln/detail/CVE-2026-39570) | 5.3 | MEDIUM | CWE-201 | No | 0.0% | 3.71 | 2026-04-08 | Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-l... |
| [CVE-2026-39569](https://nvd.nist.gov/vuln/detail/CVE-2026-39569) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-04-08 | Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorr... |
| [CVE-2026-39566](https://nvd.nist.gov/vuln/detail/CVE-2026-39566) | 4.0 | MEDIUM | CWE-497 | No | 0.0% | 2.80 | 2026-04-08 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress... |
| [CVE-2026-39565](https://nvd.nist.gov/vuln/detail/CVE-2026-39565) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-08 | Missing Authorization vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Exploiting Incorrectly Conf... |
| [CVE-2026-39564](https://nvd.nist.gov/vuln/detail/CVE-2026-39564) | 5.3 | MEDIUM | CWE-201 | No | 0.0% | 3.71 | 2026-04-08 | Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-... |
| [CVE-2026-39563](https://nvd.nist.gov/vuln/detail/CVE-2026-39563) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured... |
| [CVE-2026-39562](https://nvd.nist.gov/vuln/detail/CVE-2026-39562) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting In... |
| [CVE-2026-39561](https://nvd.nist.gov/vuln/detail/CVE-2026-39561) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Cont... |
| [CVE-2026-39544](https://nvd.nist.gov/vuln/detail/CVE-2026-39544) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-04-08 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-39543](https://nvd.nist.gov/vuln/detail/CVE-2026-39543) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control... |
| [CVE-2026-39542](https://nvd.nist.gov/vuln/detail/CVE-2026-39542) | 5.3 | MEDIUM | CWE-201 | No | 0.0% | 3.71 | 2026-04-08 | Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woo... |
| [CVE-2026-39541](https://nvd.nist.gov/vuln/detail/CVE-2026-39541) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Hydra Boo... |
| [CVE-2026-39538](https://nvd.nist.gov/vuln/detail/CVE-2026-39538) | 7.5 | HIGH | CWE-98 | No | 0.1% | 5.25 | 2026-04-08 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in... |
| [CVE-2026-39536](https://nvd.nist.gov/vuln/detail/CVE-2026-39536) | 5.3 | MEDIUM | CWE-497 | No | 0.0% | 3.71 | 2026-04-08 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Chill RSVP and Event Mana... |
| [CVE-2026-39535](https://nvd.nist.gov/vuln/detail/CVE-2026-39535) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in fullworks Display Eventbrite Events widget-for-eventbrite-api allows Exploiting I... |
| [CVE-2026-39528](https://nvd.nist.gov/vuln/detail/CVE-2026-39528) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configu... |
| [CVE-2026-39526](https://nvd.nist.gov/vuln/detail/CVE-2026-39526) | 5.4 | MEDIUM | CWE-639 | No | 0.0% | 3.78 | 2026-04-08 | Authorization Bypass Through User-Controlled Key vulnerability in wpstream WpStream wpstream allows Exploiting Incorrect... |
| [CVE-2026-39521](https://nvd.nist.gov/vuln/detail/CVE-2026-39521) | 4.9 | MEDIUM | CWE-918 | No | 0.0% | 3.43 | 2026-04-08 | Server-Side Request Forgery (SSRF) vulnerability in Nelio Software Nelio Content nelio-content allows Server Side Reques... |
| [CVE-2026-39520](https://nvd.nist.gov/vuln/detail/CVE-2026-39520) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in weDevs weDocs wedocs allows Exploiting Incorrectly Configured Access Control Secu... |
| [CVE-2026-39517](https://nvd.nist.gov/vuln/detail/CVE-2026-39517) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Blog Fil... |
| [CVE-2026-39516](https://nvd.nist.gov/vuln/detail/CVE-2026-39516) | 5.3 | MEDIUM | CWE-497 | No | 0.0% | 3.71 | 2026-04-08 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-p... |
| [CVE-2026-39510](https://nvd.nist.gov/vuln/detail/CVE-2026-39510) | 2.7 | LOW | CWE-639 | No | 0.0% | 1.89 | 2026-04-08 | Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-ti... |
| [CVE-2026-39509](https://nvd.nist.gov/vuln/detail/CVE-2026-39509) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Con... |
| [CVE-2026-39508](https://nvd.nist.gov/vuln/detail/CVE-2026-39508) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Adva... |
| [CVE-2026-39506](https://nvd.nist.gov/vuln/detail/CVE-2026-39506) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-08 | Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured... |
| [CVE-2026-39505](https://nvd.nist.gov/vuln/detail/CVE-2026-39505) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Explo... |
| [CVE-2026-39504](https://nvd.nist.gov/vuln/detail/CVE-2026-39504) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-04-08 | Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured... |
| [CVE-2026-39501](https://nvd.nist.gov/vuln/detail/CVE-2026-39501) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | Missing Authorization vulnerability in RealMag777 FOX woocommerce-currency-switcher allows Exploiting Incorrectly Config... |
| [CVE-2026-39500](https://nvd.nist.gov/vuln/detail/CVE-2026-39500) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat themesf... |
| [CVE-2026-39497](https://nvd.nist.gov/vuln/detail/CVE-2026-39497) | 7.6 | HIGH | CWE-89 | No | 0.0% | 5.32 | 2026-04-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 FOX woo... |
| [CVE-2026-39496](https://nvd.nist.gov/vuln/detail/CVE-2026-39496) | 7.6 | HIGH | CWE-89 | No | 0.0% | 5.32 | 2026-04-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayMai... |
| [CVE-2026-39495](https://nvd.nist.gov/vuln/detail/CVE-2026-39495) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-04-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NSquared Simply Sc... |
| [CVE-2026-39488](https://nvd.nist.gov/vuln/detail/CVE-2026-39488) | 6.3 | MEDIUM | CWE-862 | No | 0.0% | 4.41 | 2026-04-08 | Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Contro... |
| [CVE-2026-39487](https://nvd.nist.gov/vuln/detail/CVE-2026-39487) | 7.6 | HIGH | CWE-89 | No | 0.0% | 5.32 | 2026-04-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ameliabooking Amel... |
| [CVE-2026-39486](https://nvd.nist.gov/vuln/detail/CVE-2026-39486) | 0.0 | NONE | CWE-89 | No | 0.0% | 0.00 | 2026-04-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Chill Download... |
| [CVE-2026-39485](https://nvd.nist.gov/vuln/detail/CVE-2026-39485) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-08 | Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Con... |
| [CVE-2026-39484](https://nvd.nist.gov/vuln/detail/CVE-2026-39484) | 4.7 | MEDIUM | CWE-601 | No | 0.0% | 3.29 | 2026-04-08 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phis... |
| [CVE-2026-39483](https://nvd.nist.gov/vuln/detail/CVE-2026-39483) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hidekazu Ishikawa... |
| [CVE-2026-39482](https://nvd.nist.gov/vuln/detail/CVE-2026-39482) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Post... |
| [CVE-2026-39479](https://nvd.nist.gov/vuln/detail/CVE-2026-39479) | 7.6 | HIGH | CWE-89 | No | 0.0% | 5.32 | 2026-04-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force O... |
| [CVE-2026-39477](https://nvd.nist.gov/vuln/detail/CVE-2026-39477) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-08 | Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Acc... |
| [CVE-2026-39476](https://nvd.nist.gov/vuln/detail/CVE-2026-39476) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-08 | Missing Authorization vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Exploiting Incorrectly Configu... |
| [CVE-2026-39475](https://nvd.nist.gov/vuln/detail/CVE-2026-39475) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-04-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User F... |
| [CVE-2026-39473](https://nvd.nist.gov/vuln/detail/CVE-2026-39473) | 5.3 | MEDIUM | CWE-201 | No | 0.0% | 3.71 | 2026-04-08 | Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows R... |
| [CVE-2026-39469](https://nvd.nist.gov/vuln/detail/CVE-2026-39469) | 4.3 | MEDIUM | CWE-497 | No | 0.0% | 3.01 | 2026-04-08 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagela... |
| [CVE-2026-39466](https://nvd.nist.gov/vuln/detail/CVE-2026-39466) | 7.6 | HIGH | CWE-89 | No | 0.0% | 5.32 | 2026-04-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMU DEV - Your Al... |
| [CVE-2026-39464](https://nvd.nist.gov/vuln/detail/CVE-2026-39464) | 5.5 | MEDIUM | CWE-918 | No | 0.0% | 3.85 | 2026-04-08 | Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by... |
| [CVE-2026-33088](https://nvd.nist.gov/vuln/detail/CVE-2026-33088) | 6.9 | MEDIUM | CWE-89 | No | 0.0% | 4.83 | 2026-04-08 | Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute a... |
| [CVE-2026-25776](https://nvd.nist.gov/vuln/detail/CVE-2026-25776) | 9.3 | CRITICAL | CWE-94 | No | 0.1% | 6.51 | 2026-04-08 | Movable Type provided by Six Apart Ltd. contains a code injection vulnerability which may allow an attacker to execute a... |
| [CVE-2026-1396](https://nvd.nist.gov/vuln/detail/CVE-2026-1396) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Magic Conversation For Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'magi... |
| [CVE-2026-4655](https://nvd.nist.gov/vuln/detail/CVE-2026-4655) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG Imag... |
| [CVE-2026-4654](https://nvd.nist.gov/vuln/detail/CVE-2026-4654) | 5.3 | MEDIUM | CWE-639 | No | 0.0% | 3.71 | 2026-04-08 | The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object R... |
| [CVE-2026-4483](https://nvd.nist.gov/vuln/detail/CVE-2026-4483) | 7.0 | HIGH | CWE-782 | No | 0.1% | 4.90 | 2026-04-08 | An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for... |
| [CVE-2026-4330](https://nvd.nist.gov/vuln/detail/CVE-2026-4330) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-04-08 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through u... |
| [CVE-2026-5508](https://nvd.nist.gov/vuln/detail/CVE-2026-5508) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The WowPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wowpress` shortcode in... |
| [CVE-2026-5506](https://nvd.nist.gov/vuln/detail/CVE-2026-5506) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Wavr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wave` shortcode in all vers... |
| [CVE-2026-5169](https://nvd.nist.gov/vuln/detail/CVE-2026-5169) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-04-08 | The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Heade... |
| [CVE-2026-5167](https://nvd.nist.gov/vuln/detail/CVE-2026-5167) | 5.3 | MEDIUM | CWE-639 | No | 0.1% | 3.71 | 2026-04-08 | The Masteriyo LMS – Online Course Builder for eLearning, LMS & Education plugin for WordPress is vulnerable to Authoriza... |
| [CVE-2026-4871](https://nvd.nist.gov/vuln/detail/CVE-2026-4871) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Sports Club Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before' and 'after... |
| [CVE-2026-4808](https://nvd.nist.gov/vuln/detail/CVE-2026-4808) | 7.2 | HIGH | CWE-434 | No | 0.3% | 5.05 | 2026-04-08 | The Gerador de Certificados – DevApps plugin for WordPress is vulnerable to arbitrary file uploads due to missing file t... |
| [CVE-2026-4338](https://nvd.nist.gov/vuln/detail/CVE-2026-4338) | 7.5 | HIGH | NVD-CWE-noinfo | No | 0.1% | 5.25 | 2026-04-08 | The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated us... |
| [CVE-2026-4141](https://nvd.nist.gov/vuln/detail/CVE-2026-4141) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-04-08 | The Quran Translations plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and inclu... |
| [CVE-2026-3781](https://nvd.nist.gov/vuln/detail/CVE-2026-3781) | 5.4 | MEDIUM | CWE-89 | No | 0.0% | 3.78 | 2026-04-08 | The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' parameter in all version... |
| [CVE-2026-3618](https://nvd.nist.gov/vuln/detail/CVE-2026-3618) | 6.4 | MEDIUM | CWE-79 | No | 0.1% | 4.48 | 2026-04-08 | The Columns by BestWebSoft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attr... |
| [CVE-2026-3594](https://nvd.nist.gov/vuln/detail/CVE-2026-3594) | 5.3 | MEDIUM | CWE-200 | No | 0.1% | 3.71 | 2026-04-08 | The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to,... |
| [CVE-2026-3535](https://nvd.nist.gov/vuln/detail/CVE-2026-3535) | 9.8 | CRITICAL | CWE-434 | No | 0.3% | 6.87 | 2026-04-08 | The DSGVO Google Web Fonts GDPR plugin for WordPress is vulnerable to arbitrary file upload due to missing file type val... |
| [CVE-2026-3480](https://nvd.nist.gov/vuln/detail/CVE-2026-3480) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-04-08 | The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14.... |
| [CVE-2026-3477](https://nvd.nist.gov/vuln/detail/CVE-2026-3477) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | The PZ Frontend Manager plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including... |
| [CVE-2026-3142](https://nvd.nist.gov/vuln/detail/CVE-2026-3142) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting... |
| [CVE-2026-2838](https://nvd.nist.gov/vuln/detail/CVE-2026-2838) | 4.4 | MEDIUM | CWE-79 | No | 0.0% | 3.08 | 2026-04-08 | The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘woowho... |
| [CVE-2025-1794](https://nvd.nist.gov/vuln/detail/CVE-2025-1794) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-08 | The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded SVG files in all vers... |
| [CVE-2026-3311](https://nvd.nist.gov/vuln/detail/CVE-2026-3311) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for Wor... |
| [CVE-2026-33273](https://nvd.nist.gov/vuln/detail/CVE-2026-33273) | 5.1 | MEDIUM | CWE-434 | No | 0.0% | 3.57 | 2026-04-08 | Unrestricted upload of file with dangerous type issue exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability... |
| [CVE-2026-27787](https://nvd.nist.gov/vuln/detail/CVE-2026-27787) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-08 | Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitr... |
| [CVE-2026-24913](https://nvd.nist.gov/vuln/detail/CVE-2026-24913) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-04-08 | SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information... |
| [CVE-2026-4785](https://nvd.nist.gov/vuln/detail/CVE-2026-4785) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-S... |
| [CVE-2026-4341](https://nvd.nist.gov/vuln/detail/CVE-2026-4341) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Prime Slider – Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'follo... |
| [CVE-2026-4333](https://nvd.nist.gov/vuln/detail/CVE-2026-4333) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' a... |
| [CVE-2026-4299](https://nvd.nist.gov/vuln/detail/CVE-2026-4299) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-08 | The MainWP Child Reports plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including... |
| [CVE-2026-4003](https://nvd.nist.gov/vuln/detail/CVE-2026-4003) | 9.8 | CRITICAL | CWE-862 | No | 0.5% | 6.88 | 2026-04-08 | The Users manager – PN plugin for WordPress is vulnerable to Privilege Escalation via Arbitrary User Meta Update in all... |
| [CVE-2026-3646](https://nvd.nist.gov/vuln/detail/CVE-2026-3646) | 5.3 | MEDIUM | CWE-862 | No | 0.2% | 3.72 | 2026-04-08 | The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to Missing Authorization via the plugin... |
| [CVE-2026-3600](https://nvd.nist.gov/vuln/detail/CVE-2026-3600) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Investi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'investi-announcements-accordion'... |
| [CVE-2026-3513](https://nvd.nist.gov/vuln/detail/CVE-2026-3513) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... |
| [CVE-2026-3239](https://nvd.nist.gov/vuln/detail/CVE-2026-3239) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonial_v... |
| [CVE-2026-4379](https://nvd.nist.gov/vuln/detail/CVE-2026-4379) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The LightPress Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `group` attribute in t... |
| [CVE-2026-2988](https://nvd.nist.gov/vuln/detail/CVE-2026-2988) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-08 | The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podca... |
| [CVE-2026-5726](https://nvd.nist.gov/vuln/detail/CVE-2026-5726) | 7.8 | HIGH | CWE-121 | No | 0.0% | 5.46 | 2026-04-08 | ASDA-Soft Stack-based Buffer Overflow Vulnerability |
| [CVE-2026-1163](https://nvd.nist.gov/vuln/detail/CVE-2026-1163) | 4.1 | MEDIUM | CWE-613 | No | 0.0% | 2.87 | 2026-04-08 | An insufficient session expiration vulnerability exists in the latest version of parisneo/lollms. The application fails... |
| [CVE-2026-3499](https://nvd.nist.gov/vuln/detail/CVE-2026-3499) | 8.8 | HIGH | CWE-352 | No | 0.0% | 6.16 | 2026-04-08 | The Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin for WordPress is vulnerable to C... |
| [CVE-2026-3296](https://nvd.nist.gov/vuln/detail/CVE-2026-3296) | 9.8 | CRITICAL | CWE-502 | No | 0.0% | 6.86 | 2026-04-08 | The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3... |
| [CVE-2026-33810](https://nvd.nist.gov/vuln/detail/CVE-2026-33810) | 7.5 | HIGH | N/A | No | 0.0% | 5.25 | 2026-04-08 | When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to w... |
| [CVE-2026-32289](https://nvd.nist.gov/vuln/detail/CVE-2026-32289) | 6.1 | MEDIUM | N/A | No | 0.0% | 4.27 | 2026-04-08 | Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escapi... |
| [CVE-2026-32288](https://nvd.nist.gov/vuln/detail/CVE-2026-32288) | 5.5 | MEDIUM | N/A | No | 0.0% | 3.85 | 2026-04-08 | tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large numb... |
| [CVE-2026-32283](https://nvd.nist.gov/vuln/detail/CVE-2026-32283) | 7.5 | HIGH | N/A | No | 0.0% | 5.25 | 2026-04-08 | If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection c... |
| [CVE-2026-32282](https://nvd.nist.gov/vuln/detail/CVE-2026-32282) | 6.4 | MEDIUM | N/A | No | 0.0% | 4.48 | 2026-04-08 | On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can ope... |
| [CVE-2026-32281](https://nvd.nist.gov/vuln/detail/CVE-2026-32281) | 7.5 | HIGH | N/A | No | 0.0% | 5.25 | 2026-04-08 | Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a ve... |
| [CVE-2026-32280](https://nvd.nist.gov/vuln/detail/CVE-2026-32280) | 7.5 | HIGH | CWE-770 | No | 0.0% | 5.25 | 2026-04-08 | During chain building, the amount of work that is done is not correctly limited when a large number of intermediate cert... |
| [CVE-2026-27144](https://nvd.nist.gov/vuln/detail/CVE-2026-27144) | 7.1 | HIGH | N/A | No | 0.0% | 4.97 | 2026-04-08 | The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented... |
| [CVE-2026-27143](https://nvd.nist.gov/vuln/detail/CVE-2026-27143) | 9.8 | CRITICAL | N/A | No | 0.0% | 6.86 | 2026-04-08 | Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the comp... |
| [CVE-2026-27140](https://nvd.nist.gov/vuln/detail/CVE-2026-27140) | 8.8 | HIGH | N/A | No | 0.0% | 6.16 | 2026-04-08 | SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at... |
| [CVE-2025-14732](https://nvd.nist.gov/vuln/detail/CVE-2025-14732) | 6.4 | MEDIUM | CWE-87 | No | 0.0% | 4.48 | 2026-04-08 | The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Sc... |
| [CVE-2026-4788](https://nvd.nist.gov/vuln/detail/CVE-2026-4788) | 8.4 | HIGH | CWE-532 | No | 0.0% | 5.88 | 2026-04-08 | IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a loc... |
| [CVE-2026-3357](https://nvd.nist.gov/vuln/detail/CVE-2026-3357) | 8.8 | HIGH | CWE-502 | No | 0.3% | 6.17 | 2026-04-08 | IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the sys... |
| [CVE-2026-1346](https://nvd.nist.gov/vuln/detail/CVE-2026-1346) | 9.3 | CRITICAL | CWE-250 | No | 0.0% | 6.51 | 2026-04-08 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1... |
| [CVE-2026-1343](https://nvd.nist.gov/vuln/detail/CVE-2026-1343) | 7.2 | HIGH | CWE-918 | No | 0.1% | 5.04 | 2026-04-08 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1... |
| [CVE-2026-4406](https://nvd.nist.gov/vuln/detail/CVE-2026-4406) | 4.7 | MEDIUM | CWE-79 | No | 0.1% | 3.29 | 2026-04-08 | The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form_ids` parameter in t... |
| [CVE-2026-4401](https://nvd.nist.gov/vuln/detail/CVE-2026-4401) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-04-08 | The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the `actions_handler()` and `bu... |
| [CVE-2026-4394](https://nvd.nist.gov/vuln/detail/CVE-2026-4394) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-04-08 | The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Ty... |
| [CVE-2026-2263](https://nvd.nist.gov/vuln/detail/CVE-2026-2263) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-04-08 | The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized modific... |
| [CVE-2026-1342](https://nvd.nist.gov/vuln/detail/CVE-2026-1342) | 8.5 | HIGH | CWE-829 | No | 0.0% | 5.95 | 2026-04-08 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1... |
| [CVE-2026-4656](https://nvd.nist.gov/vuln/detail/CVE-2026-4656) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-07 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-39936](https://nvd.nist.gov/vuln/detail/CVE-2026-39936) | 6.9 | MEDIUM | CWE-79 | No | 0.1% | 4.83 | 2026-04-07 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foun... |
| [CVE-2026-39935](https://nvd.nist.gov/vuln/detail/CVE-2026-39935) | 6.9 | MEDIUM | CWE-79 | No | 0.1% | 4.83 | 2026-04-07 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foun... |
| [CVE-2025-20628](https://nvd.nist.gov/vuln/detail/CVE-2025-20628) | 6.9 | MEDIUM | CWE-1220 | No | 0.1% | 4.83 | 2026-04-07 | An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) w... |
| [CVE-2026-4065](https://nvd.nist.gov/vuln/detail/CVE-2026-4065) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-04-07 | The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing cap... |
| [CVE-2026-39937](https://nvd.nist.gov/vuln/detail/CVE-2026-39937) | 8.8 | HIGH | CWE-212 | No | 0.1% | 6.16 | 2026-04-07 | Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki... |
| [CVE-2026-39934](https://nvd.nist.gov/vuln/detail/CVE-2026-39934) | 6.9 | MEDIUM | CWE-835 | No | 0.1% | 4.83 | 2026-04-07 | Loop with unreachable exit condition ('infinite loop') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExper... |
| [CVE-2026-39933](https://nvd.nist.gov/vuln/detail/CVE-2026-39933) | 6.9 | MEDIUM | CWE-79 | No | 0.1% | 4.83 | 2026-04-07 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in The Wikimedia Foun... |
| [CVE-2026-39847](https://nvd.nist.gov/vuln/detail/CVE-2026-39847) | 9.1 | CRITICAL | CWE-22 | No | 0.1% | 6.37 | 2026-04-07 | Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handle... |
| [CVE-2026-39846](https://nvd.nist.gov/vuln/detail/CVE-2026-39846) | 9.0 | CRITICAL | CWE-79 | No | 0.1% | 6.30 | 2026-04-07 | SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger re... |
| [CVE-2026-35568](https://nvd.nist.gov/vuln/detail/CVE-2026-35568) | 7.6 | HIGH | CWE-346 | No | 0.0% | 5.32 | 2026-04-07 | MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk conta... |
| [CVE-2026-35406](https://nvd.nist.gov/vuln/detail/CVE-2026-35406) | 6.2 | MEDIUM | CWE-400 | No | 0.0% | 4.34 | 2026-04-07 | Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS que... |
| [CVE-2026-34781](https://nvd.nist.gov/vuln/detail/CVE-2026-34781) | 2.8 | LOW | CWE-476 | No | 0.0% | 1.96 | 2026-04-07 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5,... |
| [CVE-2026-34765](https://nvd.nist.gov/vuln/detail/CVE-2026-34765) | 6.0 | MEDIUM | CWE-668 | No | 0.1% | 4.20 | 2026-04-07 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5,... |
| [CVE-2026-34582](https://nvd.nist.gov/vuln/detail/CVE-2026-34582) | 8.7 | HIGH | CWE-841 | No | 0.0% | 6.09 | 2026-04-07 | Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records... |
| [CVE-2026-34580](https://nvd.nist.gov/vuln/detail/CVE-2026-34580) | 9.3 | CRITICAL | CWE-295 | No | 0.0% | 6.51 | 2026-04-07 | Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name;... |
| [CVE-2026-34371](https://nvd.nist.gov/vuln/detail/CVE-2026-34371) | 6.3 | MEDIUM | CWE-22 | No | 0.0% | 4.41 | 2026-04-07 | LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e... |
| [CVE-2026-34079](https://nvd.nist.gov/vuln/detail/CVE-2026-34079) | 8.7 | HIGH | CWE-22 | No | 0.1% | 6.09 | 2026-04-07 | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes out... |
| [CVE-2026-34078](https://nvd.nist.gov/vuln/detail/CVE-2026-34078) | 9.3 | CRITICAL | CWE-61 | No | 0.2% | 6.52 | 2026-04-07 | Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths... |
| [CVE-2026-39401](https://nvd.nist.gov/vuln/detail/CVE-2026-39401) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-07 | Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processe... |
| [CVE-2026-39400](https://nvd.nist.gov/vuln/detail/CVE-2026-39400) | 5.3 | MEDIUM | CWE-79 | No | 0.1% | 3.71 | 2026-04-07 | Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user... |
| [CVE-2026-39397](https://nvd.nist.gov/vuln/detail/CVE-2026-39397) | 9.4 | CRITICAL | CWE-862 | No | 0.1% | 6.58 | 2026-04-07 | @delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior to 0.6.23, all /api/... |
| [CVE-2026-35533](https://nvd.nist.gov/vuln/detail/CVE-2026-35533) | 7.7 | HIGH | CWE-284 | No | 0.0% | 5.39 | 2026-04-07 | mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-contro... |
| [CVE-2026-34080](https://nvd.nist.gov/vuln/detail/CVE-2026-34080) | 6.8 | MEDIUM | CWE-1289 | No | 0.0% | 4.76 | 2026-04-07 | xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassin... |
| [CVE-2026-34045](https://nvd.nist.gov/vuln/detail/CVE-2026-34045) | 8.2 | HIGH | CWE-209 | No | 0.1% | 5.74 | 2026-04-07 | Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP... |
| [CVE-2026-33439](https://nvd.nist.gov/vuln/detail/CVE-2026-33439) | 9.3 | CRITICAL | CWE-502 | No | 0.1% | 6.51 | 2026-04-07 | Open Access Management (OpenAM) is an access management solution. Prior to 16.0.6, OpenIdentityPlatform OpenAM is vulner... |
| [CVE-2026-32712](https://nvd.nist.gov/vuln/detail/CVE-2026-32712) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-07 | Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to... |
| [CVE-2026-29181](https://nvd.nist.gov/vuln/detail/CVE-2026-29181) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-04-07 | OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extractio... |
| [CVE-2026-27949](https://nvd.nist.gov/vuln/detail/CVE-2026-27949) | 2.0 | LOW | CWE-200 | No | 0.0% | 1.40 | 2026-04-07 | Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentica... |
| [CVE-2026-5741](https://nvd.nist.gov/vuln/detail/CVE-2026-5741) | 6.9 | MEDIUM | CWE-77 | No | 2.2% | 4.90 | 2026-04-07 | A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_con... |
| [CVE-2026-5739](https://nvd.nist.gov/vuln/detail/CVE-2026-5739) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-04-07 | A security flaw has been discovered in PowerJob 5.1.0/5.1.1/5.1.2. The affected element is the function GroovyEvaluator.... |
| [CVE-2026-3566](https://nvd.nist.gov/vuln/detail/CVE-2026-3566) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-07 | Rejected reason: After further discussion, the issue was determined to not meet the criteria for CVE assignment. |
| [CVE-2026-39841](https://nvd.nist.gov/vuln/detail/CVE-2026-39841) | 6.3 | MEDIUM | CWE-80 | No | 0.1% | 4.41 | 2026-04-07 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Medi... |
| [CVE-2026-39840](https://nvd.nist.gov/vuln/detail/CVE-2026-39840) | 5.1 | MEDIUM | CWE-79 | No | 0.1% | 3.57 | 2026-04-07 | Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Wikimedia Foundati... |
| [CVE-2026-39839](https://nvd.nist.gov/vuln/detail/CVE-2026-39839) | 6.3 | MEDIUM | CWE-80 | No | 0.0% | 4.41 | 2026-04-07 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in Wikimedia Foundation Medi... |
| [CVE-2026-39837](https://nvd.nist.gov/vuln/detail/CVE-2026-39837) | 6.3 | MEDIUM | CWE-80 | No | 0.1% | 4.41 | 2026-04-07 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Car... |
| [CVE-2026-39395](https://nvd.nist.gov/vuln/detail/CVE-2026-39395) | 4.3 | MEDIUM | CWE-754 | No | 0.0% | 3.01 | 2026-04-07 | Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-... |
| [CVE-2026-39382](https://nvd.nist.gov/vuln/detail/CVE-2026-39382) | 9.3 | CRITICAL | CWE-78 | No | 0.1% | 6.51 | 2026-04-07 | dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to... |
| [CVE-2026-39381](https://nvd.nist.gov/vuln/detail/CVE-2026-39381) | 5.3 | MEDIUM | CWE-863 | No | 0.0% | 3.71 | 2026-04-07 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-a... |
| [CVE-2026-39380](https://nvd.nist.gov/vuln/detail/CVE-2026-39380) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-07 | Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to... |
| [CVE-2026-39376](https://nvd.nist.gov/vuln/detail/CVE-2026-39376) | 7.5 | HIGH | CWE-674 | No | 0.1% | 5.25 | 2026-04-07 | FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse() fetches a URL that returns... |
| [CVE-2026-39374](https://nvd.nist.gov/vuln/detail/CVE-2026-39374) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-04-07 | Plane is an an open-source project management tool. Prior to 1.3.0, the IssueBulkUpdateDateEndpoint allows a project mem... |
| [CVE-2026-39373](https://nvd.nist.gov/vuln/detail/CVE-2026-39373) | 5.3 | MEDIUM | CWE-409 | No | 0.0% | 3.71 | 2026-04-07 | JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attac... |
| [CVE-2026-39371](https://nvd.nist.gov/vuln/detail/CVE-2026-39371) | 8.1 | HIGH | CWE-352 | No | 0.0% | 5.67 | 2026-04-07 | RedwoodSDK is a server-first React framework. From 1.0.0-beta.50 to 1.0.5, erver functions exported from "use server" fi... |
| [CVE-2026-39370](https://nvd.nist.gov/vuln/detail/CVE-2026-39370) | 7.1 | HIGH | CWE-918 | No | 0.0% | 4.97 | 2026-04-07 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoder.json.php still allows at... |
| [CVE-2026-39369](https://nvd.nist.gov/vuln/detail/CVE-2026-39369) | 7.6 | HIGH | CWE-22 | No | 0.1% | 5.32 | 2026-04-07 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, objects/aVideoEncoderReceiveImage.json.php all... |
| [CVE-2026-39368](https://nvd.nist.gov/vuln/detail/CVE-2026-39368) | 6.5 | MEDIUM | CWE-918 | No | 0.0% | 4.55 | 2026-04-07 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the Live restream log callback flow accepted a... |
| [CVE-2026-39367](https://nvd.nist.gov/vuln/detail/CVE-2026-39367) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-07 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG (Electronic Program Guide) featur... |
| [CVE-2026-39366](https://nvd.nist.gov/vuln/detail/CVE-2026-39366) | 6.5 | MEDIUM | CWE-345 | No | 0.0% | 4.55 | 2026-04-07 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/... |
| [CVE-2026-39365](https://nvd.nist.gov/vuln/detail/CVE-2026-39365) | 6.3 | MEDIUM | CWE-22 | No | 4.1% | 4.53 | 2026-04-07 | Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s hand... |
| [CVE-2026-39364](https://nvd.nist.gov/vuln/detail/CVE-2026-39364) | 8.2 | HIGH | CWE-180 | No | 2.6% | 5.82 | 2026-04-07 | Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files... |
| [CVE-2026-39363](https://nvd.nist.gov/vuln/detail/CVE-2026-39363) | 8.2 | HIGH | CWE-200 | No | 0.1% | 5.74 | 2026-04-07 | Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, if it is possible to... |
| [CVE-2026-39361](https://nvd.nist.gov/vuln/detail/CVE-2026-39361) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-04-07 | OpenObserve is a cloud-native observability platform. In 0.70.3 and earlier, the validate_enrichment_url function in src... |
| [CVE-2026-39356](https://nvd.nist.gov/vuln/detail/CVE-2026-39356) | 7.5 | HIGH | CWE-89 | No | 0.0% | 5.25 | 2026-04-07 | Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identif... |
| [CVE-2026-39322](https://nvd.nist.gov/vuln/detail/CVE-2026-39322) | 9.2 | CRITICAL | CWE-287 | No | 0.0% | 6.44 | 2026-04-07 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates... |
| [CVE-2026-32864](https://nvd.nist.gov/vuln/detail/CVE-2026-32864) | 8.5 | HIGH | CWE-125 | No | 0.0% | 5.95 | 2026-04-07 | There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.... |
| [CVE-2026-32863](https://nvd.nist.gov/vuln/detail/CVE-2026-32863) | 8.5 | HIGH | CWE-125 | No | 0.0% | 5.95 | 2026-04-07 | There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in... |
| [CVE-2026-32862](https://nvd.nist.gov/vuln/detail/CVE-2026-32862) | 8.5 | HIGH | CWE-787 | No | 0.0% | 5.95 | 2026-04-07 | There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabV... |
| [CVE-2026-32861](https://nvd.nist.gov/vuln/detail/CVE-2026-32861) | 8.5 | HIGH | CWE-787 | No | 0.0% | 5.95 | 2026-04-07 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI Lab... |
| [CVE-2026-32860](https://nvd.nist.gov/vuln/detail/CVE-2026-32860) | 8.5 | HIGH | CWE-787 | No | 0.0% | 5.95 | 2026-04-07 | There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVI... |
| [CVE-2025-69515](https://nvd.nist.gov/vuln/detail/CVE-2025-69515) | 9.1 | CRITICAL | CWE-941 | No | 0.1% | 6.37 | 2026-04-07 | An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system int... |
| [CVE-2025-56015](https://nvd.nist.gov/vuln/detail/CVE-2025-56015) | 7.5 | HIGH | CWE-284 | No | 0.0% | 5.25 | 2026-04-07 | In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint. |
| [CVE-2025-14859](https://nvd.nist.gov/vuln/detail/CVE-2025-14859) | 7.0 | HIGH | CWE-327 | No | 0.0% | 4.90 | 2026-04-07 | The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmwa... |
| [CVE-2025-14858](https://nvd.nist.gov/vuln/detail/CVE-2025-14858) | 5.1 | MEDIUM | CWE-226 | No | 0.0% | 3.57 | 2026-04-07 | The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability... |
| [CVE-2025-14857](https://nvd.nist.gov/vuln/detail/CVE-2025-14857) | 5.4 | MEDIUM | CWE-123 | No | 0.0% | 3.78 | 2026-04-07 | An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware... |
| [CVE-2026-5736](https://nvd.nist.gov/vuln/detail/CVE-2026-5736) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-07 | A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-serve... |
| [CVE-2026-39360](https://nvd.nist.gov/vuln/detail/CVE-2026-39360) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-07 | RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization... |
| [CVE-2026-39355](https://nvd.nist.gov/vuln/detail/CVE-2026-39355) | 9.9 | CRITICAL | CWE-862 | No | 0.0% | 6.93 | 2026-04-07 | Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the geneal... |
| [CVE-2026-39354](https://nvd.nist.gov/vuln/detail/CVE-2026-39354) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-04-07 | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoo... |
| [CVE-2026-39351](https://nvd.nist.gov/vuln/detail/CVE-2026-39351) | 6.9 | MEDIUM | CWE-862 | No | 0.0% | 4.83 | 2026-04-07 | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype acce... |
| [CVE-2026-39349](https://nvd.nist.gov/vuln/detail/CVE-2026-39349) | 2.1 | LOW | CWE-326 | No | 0.0% | 1.47 | 2026-04-07 | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts cer... |
| [CVE-2026-39348](https://nvd.nist.gov/vuln/detail/CVE-2026-39348) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-07 | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source omits author... |
| [CVE-2026-39347](https://nvd.nist.gov/vuln/detail/CVE-2026-39347) | 5.1 | MEDIUM | CWE-285 | No | 0.0% | 3.57 | 2026-04-07 | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts chan... |
| [CVE-2026-39346](https://nvd.nist.gov/vuln/detail/CVE-2026-39346) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-04-07 | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed auth... |
| [CVE-2026-39345](https://nvd.nist.gov/vuln/detail/CVE-2026-39345) | 4.6 | MEDIUM | CWE-22 | No | 0.1% | 3.22 | 2026-04-07 | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source fails to res... |
| [CVE-2026-22711](https://nvd.nist.gov/vuln/detail/CVE-2026-22711) | 6.9 | MEDIUM | CWE-87 | No | 0.1% | 4.83 | 2026-04-07 | Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension... |
| [CVE-2025-71058](https://nvd.nist.gov/vuln/detail/CVE-2025-71058) | 9.1 | CRITICAL | CWE-94 | No | 0.2% | 6.37 | 2026-04-07 | Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originate... |
| [CVE-2026-39344](https://nvd.nist.gov/vuln/detail/CVE-2026-39344) | 8.1 | HIGH | CWE-79 | No | 0.0% | 5.67 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting (XSS) vu... |
| [CVE-2026-39343](https://nvd.nist.gov/vuln/detail/CVE-2026-39343) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEv... |
| [CVE-2026-39342](https://nvd.nist.gov/vuln/detail/CVE-2026-39342) | 9.4 | CRITICAL | CWE-89 | No | 0.0% | 6.58 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with th... |
| [CVE-2026-39341](https://nvd.nist.gov/vuln/detail/CVE-2026-39341) | 8.1 | HIGH | CWE-89 | No | 0.0% | 5.67 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL in... |
| [CVE-2026-39340](https://nvd.nist.gov/vuln/detail/CVE-2026-39340) | 8.1 | HIGH | CWE-89 | No | 0.0% | 5.67 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTy... |
| [CVE-2026-39339](https://nvd.nist.gov/vuln/detail/CVE-2026-39339) | 9.1 | CRITICAL | CWE-284 | No | 0.1% | 6.37 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a  critical authentication bypass vulnerability in... |
| [CVE-2026-39338](https://nvd.nist.gov/vuln/detail/CVE-2026-39338) | 8.6 | HIGH | CWE-79 | No | 0.0% | 6.02 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerabili... |
| [CVE-2026-39337](https://nvd.nist.gov/vuln/detail/CVE-2026-39337) | 10.0 | CRITICAL | CWE-94 | No | 0.3% | 7.01 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution... |
| [CVE-2026-39336](https://nvd.nist.gov/vuln/detail/CVE-2026-39336) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting issue affects the Di... |
| [CVE-2026-39335](https://nvd.nist.gov/vuln/detail/CVE-2026-39335) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and fa... |
| [CVE-2026-39334](https://nvd.nist.gov/vuln/detail/CVE-2026-39334) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the en... |
| [CVE-2026-39333](https://nvd.nist.gov/vuln/detail/CVE-2026-39333) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-suppl... |
| [CVE-2026-39332](https://nvd.nist.gov/vuln/detail/CVE-2026-39332) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a reflected Cross-Site Scripting (XSS) vulnerabili... |
| [CVE-2026-39331](https://nvd.nist.gov/vuln/detail/CVE-2026-39331) | 8.1 | HIGH | CWE-639 | No | 0.0% | 5.67 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family re... |
| [CVE-2026-39330](https://nvd.nist.gov/vuln/detail/CVE-2026-39330) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the en... |
| [CVE-2026-39329](https://nvd.nist.gov/vuln/detail/CVE-2026-39329) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /... |
| [CVE-2026-39328](https://nvd.nist.gov/vuln/detail/CVE-2026-39328) | 8.9 | HIGH | CWE-79 | No | 0.0% | 6.23 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists... |
| [CVE-2026-39327](https://nvd.nist.gov/vuln/detail/CVE-2026-39327) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the en... |
| [CVE-2026-39326](https://nvd.nist.gov/vuln/detail/CVE-2026-39326) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the en... |
| [CVE-2026-39325](https://nvd.nist.gov/vuln/detail/CVE-2026-39325) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the en... |
| [CVE-2026-39324](https://nvd.nist.gov/vuln/detail/CVE-2026-39324) | 9.3 | CRITICAL | CWE-287 | No | 0.0% | 6.51 | 2026-04-07 | Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorre... |
| [CVE-2026-39323](https://nvd.nist.gov/vuln/detail/CVE-2026-39323) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-07 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason: This candidate is a... |
| [CVE-2026-39321](https://nvd.nist.gov/vuln/detail/CVE-2026-39321) | 6.3 | MEDIUM | CWE-208 | No | 0.0% | 4.41 | 2026-04-07 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-a... |
| [CVE-2026-39319](https://nvd.nist.gov/vuln/detail/CVE-2026-39319) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was fou... |
| [CVE-2026-39318](https://nvd.nist.gov/vuln/detail/CVE-2026-39318) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-07 | ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection vulnerability in the... |
| [CVE-2026-39317](https://nvd.nist.gov/vuln/detail/CVE-2026-39317) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-07 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39334. Reason: This candidate is a... |
| [CVE-2026-35576](https://nvd.nist.gov/vuln/detail/CVE-2026-35576) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting (XSS) vulnerability... |
| [CVE-2026-35575](https://nvd.nist.gov/vuln/detail/CVE-2026-35575) | 8.0 | HIGH | CWE-79 | No | 0.0% | 5.60 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting (Stored XSS) vulnera... |
| [CVE-2026-35573](https://nvd.nist.gov/vuln/detail/CVE-2026-35573) | 9.1 | CRITICAL | CWE-22 | No | 0.3% | 6.38 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's back... |
| [CVE-2026-35572](https://nvd.nist.gov/vuln/detail/CVE-2026-35572) | 7.0 | HIGH | CWE-918 | No | 0.0% | 4.90 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS r... |
| [CVE-2026-31272](https://nvd.nist.gov/vuln/detail/CVE-2026-31272) | 9.8 | CRITICAL | CWE-284 | No | 0.1% | 6.86 | 2026-04-07 | MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/... |
| [CVE-2026-31271](https://nvd.nist.gov/vuln/detail/CVE-2026-31271) | 9.8 | CRITICAL | CWE-288 | No | 0.1% | 6.86 | 2026-04-07 | megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The inser... |
| [CVE-2026-24175](https://nvd.nist.gov/vuln/detail/CVE-2026-24175) | 7.5 | HIGH | CWE-248 | No | 0.0% | 5.25 | 2026-04-07 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malfor... |
| [CVE-2026-24174](https://nvd.nist.gov/vuln/detail/CVE-2026-24174) | 7.5 | HIGH | CWE-681 | No | 0.0% | 5.25 | 2026-04-07 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malfor... |
| [CVE-2026-24173](https://nvd.nist.gov/vuln/detail/CVE-2026-24173) | 7.5 | HIGH | CWE-190 | No | 0.0% | 5.25 | 2026-04-07 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malfor... |
| [CVE-2026-24156](https://nvd.nist.gov/vuln/detail/CVE-2026-24156) | 7.3 | HIGH | CWE-502 | No | 0.1% | 5.11 | 2026-04-07 | NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exp... |
| [CVE-2026-24147](https://nvd.nist.gov/vuln/detail/CVE-2026-24147) | 4.8 | MEDIUM | CWE-22 | No | 0.1% | 3.36 | 2026-04-07 | NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disc... |
| [CVE-2026-24146](https://nvd.nist.gov/vuln/detail/CVE-2026-24146) | 7.5 | HIGH | CWE-789 | No | 0.0% | 5.25 | 2026-04-07 | NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of output... |
| [CVE-2026-22682](https://nvd.nist.gov/vuln/detail/CVE-2026-22682) | 8.4 | HIGH | CWE-863 | No | 0.0% | 5.88 | 2026-04-07 | OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inco... |
| [CVE-2026-22680](https://nvd.nist.gov/vuln/detail/CVE-2026-22680) | 6.9 | MEDIUM | CWE-862 | No | 0.1% | 4.83 | 2026-04-07 | OpenViking versions prior to 0.3.3 contain a missing authorization vulnerability in the task polling endpoints that allo... |
| [CVE-2026-4631](https://nvd.nist.gov/vuln/detail/CVE-2026-4631) | 9.8 | CRITICAL | CWE-78 | No | 0.1% | 6.86 | 2026-04-07 | Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client wit... |
| [CVE-2026-39384](https://nvd.nist.gov/vuln/detail/CVE-2026-39384) | 7.6 | HIGH | CWE-639 | No | 0.0% | 5.32 | 2026-04-07 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, FreeScout does not... |
| [CVE-2026-39316](https://nvd.nist.gov/vuln/detail/CVE-2026-39316) | 4.0 | MEDIUM | CWE-416 | No | 0.0% | 2.80 | 2026-04-07 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16... |
| [CVE-2026-39314](https://nvd.nist.gov/vuln/detail/CVE-2026-39314) | 4.0 | MEDIUM | CWE-191 | No | 0.0% | 2.80 | 2026-04-07 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16... |
| [CVE-2026-39312](https://nvd.nist.gov/vuln/detail/CVE-2026-39312) | 7.5 | HIGH | CWE-789 | No | 0.2% | 5.26 | 2026-04-07 | SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authenticatio... |
| [CVE-2026-39308](https://nvd.nist.gov/vuln/detail/CVE-2026-39308) | 7.1 | HIGH | CWE-22 | No | 0.1% | 4.97 | 2026-04-07 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry publish endpoint writes uploaded... |
| [CVE-2026-39307](https://nvd.nist.gov/vuln/detail/CVE-2026-39307) | 8.1 | HIGH | CWE-22 | No | 0.0% | 5.67 | 2026-04-07 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to... |
| [CVE-2026-39306](https://nvd.nist.gov/vuln/detail/CVE-2026-39306) | 7.3 | HIGH | CWE-22 | No | 0.0% | 5.11 | 2026-04-07 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-contr... |
| [CVE-2026-39305](https://nvd.nist.gov/vuln/detail/CVE-2026-39305) | 9.0 | CRITICAL | CWE-22 | No | 0.0% | 6.30 | 2026-04-07 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, the Action Orchestrator feature contains a Path Traversal vul... |
| [CVE-2026-35615](https://nvd.nist.gov/vuln/detail/CVE-2026-35615) | 9.2 | CRITICAL | CWE-22 | No | 0.1% | 6.44 | 2026-04-07 | PraisonAI is a multi-agent teams system. Prior to 1.5.113, _validate_path() calls os.path.normpath() first, which collap... |
| [CVE-2026-35614](https://nvd.nist.gov/vuln/detail/CVE-2026-35614) | 9.3 | CRITICAL | CWE-89 | No | 0.0% | 6.51 | 2026-04-07 | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_upda... |
| [CVE-2026-35613](https://nvd.nist.gov/vuln/detail/CVE-2026-35613) | 5.1 | MEDIUM | CWE-22 | No | 0.0% | 3.57 | 2026-04-07 | coursevault-preview is a utility for previewing course material files from a configured directory. coursevault-preview v... |
| [CVE-2026-35611](https://nvd.nist.gov/vuln/detail/CVE-2026-35611) | 7.5 | HIGH | CWE-1333 | No | 0.1% | 5.25 | 2026-04-07 | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3... |
| [CVE-2026-35610](https://nvd.nist.gov/vuln/detail/CVE-2026-35610) | 8.8 | HIGH | CWE-285 | No | 0.0% | 6.16 | 2026-04-07 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, passwor... |
| [CVE-2026-35608](https://nvd.nist.gov/vuln/detail/CVE-2026-35608) | 5.3 | MEDIUM | CWE-79 | No | 0.1% | 3.71 | 2026-04-07 | QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file prev... |
| [CVE-2026-35607](https://nvd.nist.gov/vuln/detail/CVE-2026-35607) | 8.1 | HIGH | CWE-269 | No | 0.1% | 5.67 | 2026-04-07 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-35606](https://nvd.nist.gov/vuln/detail/CVE-2026-35606) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-07 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-35605](https://nvd.nist.gov/vuln/detail/CVE-2026-35605) | 6.3 | MEDIUM | CWE-22 | No | 0.1% | 4.41 | 2026-04-07 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-35604](https://nvd.nist.gov/vuln/detail/CVE-2026-35604) | 8.2 | HIGH | CWE-863 | No | 0.1% | 5.74 | 2026-04-07 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-35592](https://nvd.nist.gov/vuln/detail/CVE-2026-35592) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-04-07 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the _safe_extractall() func... |
| [CVE-2026-35586](https://nvd.nist.gov/vuln/detail/CVE-2026-35586) | 6.8 | MEDIUM | CWE-863 | No | 0.0% | 4.76 | 2026-04-07 | pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMIN_ONLY_CORE_OPTIONS... |
| [CVE-2026-35585](https://nvd.nist.gov/vuln/detail/CVE-2026-35585) | 7.5 | HIGH | CWE-78 | No | 1.1% | 5.28 | 2026-04-07 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-35584](https://nvd.nist.gov/vuln/detail/CVE-2026-35584) | 6.9 | MEDIUM | CWE-306 | No | 0.1% | 4.83 | 2026-04-07 | FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /t... |
| [CVE-2026-35583](https://nvd.nist.gov/vuln/detail/CVE-2026-35583) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-04-07 | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint (/api/configuration... |
| [CVE-2026-35581](https://nvd.nist.gov/vuln/detail/CVE-2026-35581) | 7.2 | HIGH | CWE-78 | No | 0.1% | 5.04 | 2026-04-07 | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the Executrix utility class constructed shell comm... |
| [CVE-2026-35580](https://nvd.nist.gov/vuln/detail/CVE-2026-35580) | 9.1 | CRITICAL | CWE-77 | No | 0.0% | 6.37 | 2026-04-07 | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell inje... |
| [CVE-2026-35578](https://nvd.nist.gov/vuln/detail/CVE-2026-35578) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-07 | Rejected reason: This CVE is a duplicate of another CVE.** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE... |
| [CVE-2026-35574](https://nvd.nist.gov/vuln/detail/CVE-2026-35574) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting (XSS) vulnerability... |
| [CVE-2026-35523](https://nvd.nist.gov/vuln/detail/CVE-2026-35523) | 7.5 | HIGH | CWE-306 | No | 0.1% | 5.25 | 2026-04-07 | Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authe... |
| [CVE-2026-23696](https://nvd.nist.gov/vuln/detail/CVE-2026-23696) | 9.4 | CRITICAL | CWE-89 | No | 0.1% | 6.58 | 2026-04-07 | Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership manag... |
| [CVE-2026-22683](https://nvd.nist.gov/vuln/detail/CVE-2026-22683) | 8.7 | HIGH | CWE-862 | No | 0.3% | 6.10 | 2026-04-07 | Windmill versions 1.56.0 through 1.614.0 contain a missing authorization vulnerability that allows users with the Operat... |
| [CVE-2025-70844](https://nvd.nist.gov/vuln/detail/CVE-2025-70844) | 6.1 | MEDIUM | CWE-94 | No | 0.0% | 4.27 | 2026-04-07 | yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Acco... |
| [CVE-2025-14944](https://nvd.nist.gov/vuln/detail/CVE-2025-14944) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-07 | The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2... |
| [CVE-2025-14821](https://nvd.nist.gov/vuln/detail/CVE-2025-14821) | 7.8 | HIGH | CWE-427 | No | 0.0% | 5.46 | 2026-04-07 | A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH (Secur... |
| [CVE-2024-36058](https://nvd.nist.gov/vuln/detail/CVE-2024-36058) | 9.8 | CRITICAL | CWE-89 | No | 0.1% | 6.86 | 2026-04-07 | The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fail... |
| [CVE-2026-5745](https://nvd.nist.gov/vuln/detail/CVE-2026-5745) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-04-07 | A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically w... |
| [CVE-2026-5359](https://nvd.nist.gov/vuln/detail/CVE-2026-5359) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-07 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All r... |
| [CVE-2026-4931](https://nvd.nist.gov/vuln/detail/CVE-2026-4931) | 6.8 | MEDIUM | CWE-681 | No | 0.0% | 4.76 | 2026-04-07 | Smart contract Marginal v1 performs unsafe downcast, allowing attackers to settle a large debt position for a negligible... |
| [CVE-2026-35571](https://nvd.nist.gov/vuln/detail/CVE-2026-35571) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-07 | Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configu... |
| [CVE-2026-35567](https://nvd.nist.gov/vuln/detail/CVE-2026-35567) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-07 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39327. Reason: This candidate is a... |
| [CVE-2026-35566](https://nvd.nist.gov/vuln/detail/CVE-2026-35566) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-07 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39319. Reason: This candidate is a... |
| [CVE-2026-35534](https://nvd.nist.gov/vuln/detail/CVE-2026-35534) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-04-07 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists... |
| [CVE-2026-35526](https://nvd.nist.gov/vuln/detail/CVE-2026-35526) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-04-07 | Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription... |
| [CVE-2026-35521](https://nvd.nist.gov/vuln/detail/CVE-2026-35521) | 8.8 | HIGH | CWE-78 | No | 0.3% | 6.17 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to b... |
| [CVE-2026-35520](https://nvd.nist.gov/vuln/detail/CVE-2026-35520) | 8.8 | HIGH | CWE-78 | No | 0.2% | 6.17 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to b... |
| [CVE-2026-35519](https://nvd.nist.gov/vuln/detail/CVE-2026-35519) | 8.8 | HIGH | CWE-78 | No | 0.2% | 6.17 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to b... |
| [CVE-2026-35518](https://nvd.nist.gov/vuln/detail/CVE-2026-35518) | 8.8 | HIGH | CWE-78 | No | 0.2% | 6.17 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to b... |
| [CVE-2026-35517](https://nvd.nist.gov/vuln/detail/CVE-2026-35517) | 8.8 | HIGH | CWE-78 | No | 0.2% | 6.17 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to b... |
| [CVE-2026-35516](https://nvd.nist.gov/vuln/detail/CVE-2026-35516) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-04-07 | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand:... |
| [CVE-2026-35515](https://nvd.nist.gov/vuln/detail/CVE-2026-35515) | 6.3 | MEDIUM | CWE-74 | No | 0.0% | 4.41 | 2026-04-07 | Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream._transform() int... |
| [CVE-2026-35492](https://nvd.nist.gov/vuln/detail/CVE-2026-35492) | 6.5 | MEDIUM | CWE-22 | No | 0.0% | 4.55 | 2026-04-07 | Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vul... |
| [CVE-2026-35491](https://nvd.nist.gov/vuln/detail/CVE-2026-35491) | 6.1 | MEDIUM | CWE-863 | No | 0.0% | 4.27 | 2026-04-07 | FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to b... |
| [CVE-2026-35490](https://nvd.nist.gov/vuln/detail/CVE-2026-35490) | 9.8 | CRITICAL | CWE-863 | No | 0.0% | 6.86 | 2026-04-07 | changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required... |
| [CVE-2026-35489](https://nvd.nist.gov/vuln/detail/CVE-2026-35489) | 7.3 | HIGH | CWE-639 | No | 0.1% | 5.11 | 2026-04-07 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the... |
| [CVE-2026-35488](https://nvd.nist.gov/vuln/detail/CVE-2026-35488) | 8.1 | HIGH | CWE-749 | No | 0.0% | 5.67 | 2026-04-07 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Rec... |
| [CVE-2026-35487](https://nvd.nist.gov/vuln/detail/CVE-2026-35487) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-04-07 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticate... |
| [CVE-2026-35486](https://nvd.nist.gov/vuln/detail/CVE-2026-35486) | 7.5 | HIGH | CWE-918 | No | 0.0% | 5.25 | 2026-04-07 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and... |
| [CVE-2026-33816](https://nvd.nist.gov/vuln/detail/CVE-2026-33816) | 9.8 | CRITICAL | NVD-CWE-noinfo | No | 0.1% | 6.86 | 2026-04-07 | Memory-safety vulnerability in github.com/jackc/pgx/v5. |
| [CVE-2026-33815](https://nvd.nist.gov/vuln/detail/CVE-2026-33815) | 9.8 | CRITICAL | NVD-CWE-noinfo | No | 0.1% | 6.86 | 2026-04-07 | Memory-safety vulnerability in github.com/jackc/pgx/v5. |
| [CVE-2026-30460](https://nvd.nist.gov/vuln/detail/CVE-2026-30460) | 8.8 | HIGH | NVD-CWE-noinfo | No | 0.1% | 6.16 | 2026-04-07 | Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in t... |
| [CVE-2026-1079](https://nvd.nist.gov/vuln/detail/CVE-2026-1079) | 6.0 | MEDIUM | CWE-284 | No | 0.1% | 4.20 | 2026-04-07 | A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Auto... |
| [CVE-2026-1078](https://nvd.nist.gov/vuln/detail/CVE-2026-1078) | 7.2 | HIGH | CWE-284 | No | 0.1% | 5.04 | 2026-04-07 | An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R2... |
| [CVE-2025-52908](https://nvd.nist.gov/vuln/detail/CVE-2025-52908) | 9.8 | CRITICAL | CWE-120 | No | 0.0% | 6.86 | 2026-04-07 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 13... |
| [CVE-2025-24819](https://nvd.nist.gov/vuln/detail/CVE-2025-24819) | 5.7 | MEDIUM | CWE-23 | No | 0.0% | 3.99 | 2026-04-07 | Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter... |
| [CVE-2025-24818](https://nvd.nist.gov/vuln/detail/CVE-2025-24818) | 8.0 | HIGH | CWE-77 | No | 0.1% | 5.60 | 2026-04-07 | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special eleme... |
| [CVE-2025-24817](https://nvd.nist.gov/vuln/detail/CVE-2025-24817) | 8.0 | HIGH | CWE-78 | No | 0.1% | 5.60 | 2026-04-07 | Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special eleme... |
| [CVE-2024-36057](https://nvd.nist.gov/vuln/detail/CVE-2024-36057) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-04-07 | Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code ex... |
| [CVE-2026-5384](https://nvd.nist.gov/vuln/detail/CVE-2026-5384) | 5.8 | MEDIUM | CWE-863 | No | 0.0% | 4.06 | 2026-04-07 | An issue that could allow a credential to be updated and used for a task from outside of the authorized organization sco... |
| [CVE-2026-5383](https://nvd.nist.gov/vuln/detail/CVE-2026-5383) | 4.4 | MEDIUM | CWE-863 | No | 0.0% | 3.08 | 2026-04-07 | An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved.... |
| [CVE-2026-5381](https://nvd.nist.gov/vuln/detail/CVE-2026-5381) | 2.2 | LOW | CWE-863 | No | 0.0% | 1.54 | 2026-04-07 | An issue that could expose task information outside of the authorized organization scope has been resolved. This is an i... |
| [CVE-2026-5379](https://nvd.nist.gov/vuln/detail/CVE-2026-5379) | 3.0 | LOW | CWE-863 | No | 0.0% | 2.10 | 2026-04-07 | An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope h... |
| [CVE-2026-5378](https://nvd.nist.gov/vuln/detail/CVE-2026-5378) | 5.8 | MEDIUM | CWE-863 | No | 0.0% | 4.06 | 2026-04-07 | An issue that allowed administrators to create and update users outside of their authorized organization scope has been... |
| [CVE-2026-5376](https://nvd.nist.gov/vuln/detail/CVE-2026-5376) | 5.9 | MEDIUM | CWE-613 | No | 0.0% | 4.13 | 2026-04-07 | An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolve... |
| [CVE-2026-5375](https://nvd.nist.gov/vuln/detail/CVE-2026-5375) | 2.7 | LOW | CWE-200 | No | 0.0% | 1.89 | 2026-04-07 | An issue that could allow a user with access to a credential to view sensitive fields through an API response has been r... |
| [CVE-2026-5374](https://nvd.nist.gov/vuln/detail/CVE-2026-5374) | 5.8 | MEDIUM | CWE-863 | No | 0.0% | 4.06 | 2026-04-07 | An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization... |
| [CVE-2026-5373](https://nvd.nist.gov/vuln/detail/CVE-2026-5373) | 8.1 | HIGH | CWE-269 | No | 0.0% | 5.67 | 2026-04-07 | An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is... |
| [CVE-2026-5372](https://nvd.nist.gov/vuln/detail/CVE-2026-5372) | 6.4 | MEDIUM | CWE-89 | No | 0.0% | 4.48 | 2026-04-07 | An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This... |
| [CVE-2026-4740](https://nvd.nist.gov/vuln/detail/CVE-2026-4740) | 8.2 | HIGH | CWE-295 | No | 0.0% | 5.74 | 2026-04-07 | A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM).... |
| [CVE-2026-35485](https://nvd.nist.gov/vuln/detail/CVE-2026-35485) | 7.5 | HIGH | CWE-22 | No | 0.5% | 5.26 | 2026-04-07 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticate... |
| [CVE-2026-35484](https://nvd.nist.gov/vuln/detail/CVE-2026-35484) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-04-07 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticate... |
| [CVE-2026-35483](https://nvd.nist.gov/vuln/detail/CVE-2026-35483) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-04-07 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticate... |
| [CVE-2026-35481](https://nvd.nist.gov/vuln/detail/CVE-2026-35481) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-07 | Rejected reason: Further research determined the issue does not satisfy the assignment rules. |
| [CVE-2026-35480](https://nvd.nist.gov/vuln/detail/CVE-2026-35480) | 6.2 | MEDIUM | CWE-770 | No | 0.0% | 4.34 | 2026-04-07 | go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec... |
| [CVE-2026-35464](https://nvd.nist.gov/vuln/detail/CVE-2026-35464) | 7.5 | HIGH | CWE-502 | No | 0.1% | 5.25 | 2026-04-07 | pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTI... |
| [CVE-2026-35463](https://nvd.nist.gov/vuln/detail/CVE-2026-35463) | 8.8 | HIGH | CWE-78 | No | 0.3% | 6.17 | 2026-04-07 | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTION... |
| [CVE-2026-35462](https://nvd.nist.gov/vuln/detail/CVE-2026-35462) | 4.3 | MEDIUM | CWE-613 | No | 0.0% | 3.01 | 2026-04-07 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are... |
| [CVE-2026-35461](https://nvd.nist.gov/vuln/detail/CVE-2026-35461) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-04-07 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows aut... |
| [CVE-2026-35460](https://nvd.nist.gov/vuln/detail/CVE-2026-35460) | 4.3 | MEDIUM | CWE-79 | No | 0.0% | 3.01 | 2026-04-07 | Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Pa... |
| [CVE-2026-35458](https://nvd.nist.gov/vuln/detail/CVE-2026-35458) | 8.7 | HIGH | CWE-1333 | No | 0.1% | 6.09 | 2026-04-07 | Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile us... |
| [CVE-2026-35457](https://nvd.nist.gov/vuln/detail/CVE-2026-35457) | 8.2 | HIGH | CWE-770 | No | 0.1% | 5.74 | 2026-04-07 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous... |
| [CVE-2026-35405](https://nvd.nist.gov/vuln/detail/CVE-2026-35405) | 7.5 | HIGH | CWE-770 | No | 0.1% | 5.25 | 2026-04-07 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezv... |
| [CVE-2026-30079](https://nvd.nist.gov/vuln/detail/CVE-2026-30079) | 9.8 | CRITICAL | CWE-288 | No | 0.1% | 6.86 | 2026-04-07 | In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration proced... |
| [CVE-2026-24660](https://nvd.nist.gov/vuln/detail/CVE-2026-24660) | 8.1 | HIGH | CWE-190 | No | 0.1% | 5.67 | 2026-04-07 | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A spec... |
| [CVE-2026-24450](https://nvd.nist.gov/vuln/detail/CVE-2026-24450) | 8.1 | HIGH | CWE-190 | No | 0.1% | 5.67 | 2026-04-07 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A s... |
| [CVE-2026-21413](https://nvd.nist.gov/vuln/detail/CVE-2026-21413) | 9.8 | CRITICAL | CWE-129 | No | 0.1% | 6.86 | 2026-04-07 | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 a... |
| [CVE-2026-20911](https://nvd.nist.gov/vuln/detail/CVE-2026-20911) | 9.8 | CRITICAL | CWE-131 | No | 0.1% | 6.86 | 2026-04-07 | A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and C... |
| [CVE-2026-20889](https://nvd.nist.gov/vuln/detail/CVE-2026-20889) | 9.8 | CRITICAL | CWE-190 | No | 0.1% | 6.86 | 2026-04-07 | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A spec... |
| [CVE-2026-20884](https://nvd.nist.gov/vuln/detail/CVE-2026-20884) | 8.1 | HIGH | CWE-190 | No | 0.1% | 5.67 | 2026-04-07 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially... |
| [CVE-2025-62818](https://nvd.nist.gov/vuln/detail/CVE-2025-62818) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-04-07 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 128... |
| [CVE-2025-52909](https://nvd.nist.gov/vuln/detail/CVE-2025-52909) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-04-07 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 13... |
| [CVE-2026-5627](https://nvd.nist.gov/vuln/detail/CVE-2026-5627) | 9.1 | CRITICAL | CWE-29 | No | 0.0% | 6.37 | 2026-04-07 | A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `Agen... |
| [CVE-2026-5735](https://nvd.nist.gov/vuln/detail/CVE-2026-5735) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-04-07 | Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corr... |
| [CVE-2026-5734](https://nvd.nist.gov/vuln/detail/CVE-2026-5734) | 9.8 | CRITICAL | CWE-787 | No | 0.1% | 6.86 | 2026-04-07 | Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Som... |
| [CVE-2026-5733](https://nvd.nist.gov/vuln/detail/CVE-2026-5733) | 8.8 | HIGH | CWE-119 | No | 0.0% | 6.16 | 2026-04-07 | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thu... |
| [CVE-2026-5732](https://nvd.nist.gov/vuln/detail/CVE-2026-5732) | 8.8 | HIGH | CWE-190 | No | 0.0% | 6.16 | 2026-04-07 | Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox... |
| [CVE-2026-5731](https://nvd.nist.gov/vuln/detail/CVE-2026-5731) | 9.8 | CRITICAL | CWE-119 | No | 0.1% | 6.86 | 2026-04-07 | Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Th... |
| [CVE-2026-3466](https://nvd.nist.gov/vuln/detail/CVE-2026-3466) | 8.5 | HIGH | CWE-79 | No | 0.0% | 5.95 | 2026-04-07 | Insufficient sanitization of dashboard dashlet title links in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkm... |
| [CVE-2026-23818](https://nvd.nist.gov/vuln/detail/CVE-2026-23818) | 8.8 | HIGH | CWE-601 | No | 0.0% | 6.16 | 2026-04-07 | A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Pre... |
| [CVE-2026-22679](https://nvd.nist.gov/vuln/detail/CVE-2026-22679) | 9.3 | CRITICAL | CWE-306 | No | 0.4% | 6.52 | 2026-04-07 | Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability... |
| [CVE-2026-22666](https://nvd.nist.gov/vuln/detail/CVE-2026-22666) | 8.6 | HIGH | CWE-95 | No | 0.2% | 6.02 | 2026-04-07 | Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated remote code execution vulnerability in the dol_eval_s... |
| [CVE-2025-39666](https://nvd.nist.gov/vuln/detail/CVE-2025-39666) | 9.3 | CRITICAL | CWE-426 | No | 0.0% | 6.51 | 2026-04-07 | Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Che... |
| [CVE-2021-4473](https://nvd.nist.gov/vuln/detail/CVE-2021-4473) | 9.3 | CRITICAL | CWE-78 | No | 0.8% | 6.53 | 2026-04-07 | Tianxin Internet Behavior Management System contains a command injection vulnerability in the Reporter component endpoin... |
| [CVE-2026-31842](https://nvd.nist.gov/vuln/detail/CVE-2026-31842) | 8.7 | HIGH | CWE-444 | No | 0.1% | 6.09 | 2026-04-07 | Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of t... |
| [CVE-2026-34904](https://nvd.nist.gov/vuln/detail/CVE-2026-34904) | 7.5 | HIGH | CWE-352 | No | 0.0% | 5.25 | 2026-04-07 | Cross-Site Request Forgery (CSRF) vulnerability in Analytify Simple Social Media Share Buttons allows Cross Site Request... |
| [CVE-2026-34903](https://nvd.nist.gov/vuln/detail/CVE-2026-34903) | 5.4 | MEDIUM | CWE-862 | No | 0.0% | 3.78 | 2026-04-07 | Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Secur... |
| [CVE-2026-34899](https://nvd.nist.gov/vuln/detail/CVE-2026-34899) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-07 | Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiti... |
| [CVE-2026-34896](https://nvd.nist.gov/vuln/detail/CVE-2026-34896) | 7.5 | HIGH | CWE-352 | No | 0.0% | 5.25 | 2026-04-07 | Cross-Site Request Forgery (CSRF) vulnerability in Analytify Under Construction, Coming Soon & Maintenance Mode allows C... |
| [CVE-2026-3177](https://nvd.nist.gov/vuln/detail/CVE-2026-3177) | 5.3 | MEDIUM | CWE-345 | No | 0.0% | 3.71 | 2026-04-07 | The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vul... |
| [CVE-2026-5465](https://nvd.nist.gov/vuln/detail/CVE-2026-5465) | 8.8 | HIGH | CWE-639 | No | 0.1% | 6.16 | 2026-04-07 | The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object R... |
| [CVE-2026-4079](https://nvd.nist.gov/vuln/detail/CVE-2026-4079) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-04-07 | The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queri... |
| [CVE-2026-1900](https://nvd.nist.gov/vuln/detail/CVE-2026-1900) | 6.5 | MEDIUM | CWE-306 | No | 0.0% | 4.55 | 2026-04-07 | The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated... |
| [CVE-2026-1114](https://nvd.nist.gov/vuln/detail/CVE-2026-1114) | 9.8 | CRITICAL | CWE-284 | No | 0.1% | 6.86 | 2026-04-07 | In parisneo/lollms version 2.1.0, the application's session management is vulnerable to improper access control due to t... |
| [CVE-2025-15611](https://nvd.nist.gov/vuln/detail/CVE-2025-15611) | 5.4 | MEDIUM | CWE-918 | No | 0.0% | 3.78 | 2026-04-07 | The Popup Box  WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function be... |
| [CVE-2026-1839](https://nvd.nist.gov/vuln/detail/CVE-2026-1839) | 6.5 | MEDIUM | CWE-502 | No | 0.0% | 4.55 | 2026-04-07 | A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code... |
| [CVE-2025-65116](https://nvd.nist.gov/vuln/detail/CVE-2025-65116) | 5.5 | MEDIUM | CWE-763 | No | 0.0% | 3.85 | 2026-04-07 | Buffer Overflow Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operati... |
| [CVE-2025-65115](https://nvd.nist.gov/vuln/detail/CVE-2025-65115) | 8.8 | HIGH | CWE-73 | No | 0.1% | 6.16 | 2026-04-07 | Remote Code Execution Vulnerability in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - O... |
| [CVE-2026-0740](https://nvd.nist.gov/vuln/detail/CVE-2026-0740) | 9.8 | CRITICAL | CWE-434 | No | 0.1% | 6.86 | 2026-04-07 | The Ninja Forms - File Uploads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type val... |
| [CVE-2026-20446](https://nvd.nist.gov/vuln/detail/CVE-2026-20446) | 4.3 | MEDIUM | CWE-787 | No | 0.0% | 3.01 | 2026-04-07 | In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of serv... |
| [CVE-2026-20433](https://nvd.nist.gov/vuln/detail/CVE-2026-20433) | 8.8 | HIGH | CWE-787 | No | 0.1% | 6.16 | 2026-04-07 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of... |
| [CVE-2026-20432](https://nvd.nist.gov/vuln/detail/CVE-2026-20432) | 8.0 | HIGH | CWE-787 | No | 0.1% | 5.60 | 2026-04-07 | In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of... |
| [CVE-2026-20431](https://nvd.nist.gov/vuln/detail/CVE-2026-20431) | 6.5 | MEDIUM | CWE-770 | No | 0.1% | 4.55 | 2026-04-07 | In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE ha... |
| [CVE-2026-5719](https://nvd.nist.gov/vuln/detail/CVE-2026-5719) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-07 | A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /... |
| [CVE-2025-13044](https://nvd.nist.gov/vuln/detail/CVE-2025-13044) | 6.2 | MEDIUM | CWE-340 | No | 0.0% | 4.34 | 2026-04-07 | IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite ar... |
| [CVE-2026-5705](https://nvd.nist.gov/vuln/detail/CVE-2026-5705) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-07 | A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown f... |
| [CVE-2026-5692](https://nvd.nist.gov/vuln/detail/CVE-2026-5692) | 6.9 | MEDIUM | CWE-77 | No | 4.9% | 4.98 | 2026-04-07 | A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the fil... |
| [CVE-2026-5691](https://nvd.nist.gov/vuln/detail/CVE-2026-5691) | 6.9 | MEDIUM | CWE-77 | No | 4.9% | 4.98 | 2026-04-06 | A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setFirewallType of th... |
| [CVE-2026-5690](https://nvd.nist.gov/vuln/detail/CVE-2026-5690) | 6.9 | MEDIUM | CWE-77 | No | 4.9% | 4.98 | 2026-04-06 | A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the... |
| [CVE-2026-5689](https://nvd.nist.gov/vuln/detail/CVE-2026-5689) | 6.9 | MEDIUM | CWE-77 | No | 4.9% | 4.98 | 2026-04-06 | A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of... |
| [CVE-2026-5688](https://nvd.nist.gov/vuln/detail/CVE-2026-5688) | 6.9 | MEDIUM | CWE-77 | No | 4.9% | 4.98 | 2026-04-06 | A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg... |
| [CVE-2026-5687](https://nvd.nist.gov/vuln/detail/CVE-2026-5687) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the f... |
| [CVE-2026-5686](https://nvd.nist.gov/vuln/detail/CVE-2026-5686) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic... |
| [CVE-2026-5685](https://nvd.nist.gov/vuln/detail/CVE-2026-5685) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/... |
| [CVE-2026-5684](https://nvd.nist.gov/vuln/detail/CVE-2026-5684) | 8.6 | HIGH | CWE-119 | No | 0.1% | 6.02 | 2026-04-06 | A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilt... |
| [CVE-2026-35475](https://nvd.nist.gov/vuln/detail/CVE-2026-35475) | 5.1 | MEDIUM | CWE-601 | No | 0.0% | 3.57 | 2026-04-06 | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $_GET... |
| [CVE-2026-35474](https://nvd.nist.gov/vuln/detail/CVE-2026-35474) | 5.1 | MEDIUM | CWE-601 | No | 0.0% | 3.57 | 2026-04-06 | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The re... |
| [CVE-2026-35473](https://nvd.nist.gov/vuln/detail/CVE-2026-35473) | 5.1 | MEDIUM | CWE-601 | No | 0.0% | 3.57 | 2026-04-06 | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the... |
| [CVE-2026-35471](https://nvd.nist.gov/vuln/detail/CVE-2026-35471) | 9.8 | CRITICAL | CWE-22 | No | 0.1% | 6.86 | 2026-04-06 | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after path traversal chec... |
| [CVE-2026-35454](https://nvd.nist.gov/vuln/detail/CVE-2026-35454) | 8.7 | HIGH | CWE-22 | No | 0.1% | 6.09 | 2026-04-06 | The Code Extension Marketplace is an open-source alternative to the VS Code Marketplace. Prior to 2.4.2, Zip Slip vulner... |
| [CVE-2026-35452](https://nvd.nist.gov/vuln/detail/CVE-2026-35452) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-04-06 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/CloneSite/client.log.php endpoint s... |
| [CVE-2026-35450](https://nvd.nist.gov/vuln/detail/CVE-2026-35450) | 5.3 | MEDIUM | CWE-306 | No | 0.0% | 3.71 | 2026-04-06 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the plugin/API/check.ffmpeg.json.php endpoint... |
| [CVE-2026-35449](https://nvd.nist.gov/vuln/detail/CVE-2026-35449) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-04-06 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the install/test.php diagnostic script has its... |
| [CVE-2026-35448](https://nvd.nist.gov/vuln/detail/CVE-2026-35448) | 3.7 | LOW | CWE-862 | No | 0.0% | 2.59 | 2026-04-06 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoin... |
| [CVE-2026-35444](https://nvd.nist.gov/vuln/detail/CVE-2026-35444) | 7.1 | HIGH | CWE-125 | No | 0.0% | 4.97 | 2026-04-06 | SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel... |
| [CVE-2026-35442](https://nvd.nist.gov/vuln/detail/CVE-2026-35442) | 8.1 | HIGH | CWE-200 | No | 0.0% | 5.67 | 2026-04-06 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions (... |
| [CVE-2026-35441](https://nvd.nist.gov/vuln/detail/CVE-2026-35441) | 6.5 | MEDIUM | CWE-400 | No | 0.0% | 4.55 | 2026-04-06 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus' GraphQL end... |
| [CVE-2026-35413](https://nvd.nist.gov/vuln/detail/CVE-2026-35413) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-04-06 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQL_INTROSPE... |
| [CVE-2026-35412](https://nvd.nist.gov/vuln/detail/CVE-2026-35412) | 7.1 | HIGH | CWE-863 | No | 0.0% | 4.97 | 2026-04-06 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus' TUS resumab... |
| [CVE-2026-35411](https://nvd.nist.gov/vuln/detail/CVE-2026-35411) | 4.3 | MEDIUM | CWE-601 | No | 0.0% | 3.01 | 2026-04-06 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerabl... |
| [CVE-2026-35410](https://nvd.nist.gov/vuln/detail/CVE-2026-35410) | 6.1 | MEDIUM | CWE-184 | No | 0.0% | 4.27 | 2026-04-06 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, an open redirect vuln... |
| [CVE-2026-35409](https://nvd.nist.gov/vuln/detail/CVE-2026-35409) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-04-06 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request... |
| [CVE-2026-35408](https://nvd.nist.gov/vuln/detail/CVE-2026-35408) | 8.7 | HIGH | CWE-346 | No | 0.0% | 6.09 | 2026-04-06 | Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sig... |
| [CVE-2026-35404](https://nvd.nist.gov/vuln/detail/CVE-2026-35404) | 4.7 | MEDIUM | CWE-601 | No | 0.0% | 3.29 | 2026-04-06 | Open edX Platform enables the authoring and delivery of online learning at any scale. he view_survey endpoint accepts a... |
| [CVE-2026-22675](https://nvd.nist.gov/vuln/detail/CVE-2026-22675) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-06 | OCS Inventory NG Server version 2.12.3 and prior contain a stored cross-site scripting vulnerability that allows unauthe... |
| [CVE-2026-5683](https://nvd.nist.gov/vuln/detail/CVE-2026-5683) | 5.1 | MEDIUM | CWE-119 | No | 0.0% | 3.57 | 2026-04-06 | A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter o... |
| [CVE-2026-35472](https://nvd.nist.gov/vuln/detail/CVE-2026-35472) | 5.1 | MEDIUM | CWE-601 | No | 0.0% | 3.57 | 2026-04-06 | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the... |
| [CVE-2026-35399](https://nvd.nist.gov/vuln/detail/CVE-2026-35399) | 8.5 | HIGH | CWE-79 | No | 0.0% | 5.95 | 2026-04-06 | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inj... |
| [CVE-2026-35398](https://nvd.nist.gov/vuln/detail/CVE-2026-35398) | 5.1 | MEDIUM | CWE-601 | No | 0.0% | 3.57 | 2026-04-06 | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the... |
| [CVE-2026-35396](https://nvd.nist.gov/vuln/detail/CVE-2026-35396) | 5.1 | MEDIUM | CWE-601 | No | 0.0% | 3.57 | 2026-04-06 | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the... |
| [CVE-2026-35395](https://nvd.nist.gov/vuln/detail/CVE-2026-35395) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-06 | WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistencia... |
| [CVE-2026-35394](https://nvd.nist.gov/vuln/detail/CVE-2026-35394) | 8.3 | HIGH | CWE-939 | No | 0.1% | 5.81 | 2026-04-06 | Mobile Next is an MCP server for mobile development and automation. Prior to 0.0.50, the mobile_open_url tool in mobile-... |
| [CVE-2026-35393](https://nvd.nist.gov/vuln/detail/CVE-2026-35393) | 9.8 | CRITICAL | CWE-22 | No | 0.1% | 6.86 | 2026-04-06 | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. Thi... |
| [CVE-2026-35392](https://nvd.nist.gov/vuln/detail/CVE-2026-35392) | 9.8 | CRITICAL | CWE-22 | No | 0.1% | 6.86 | 2026-04-06 | goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT upload in httpserver/updown.go has no path sanitiz... |
| [CVE-2026-35391](https://nvd.nist.gov/vuln/detail/CVE-2026-35391) | 8.7 | HIGH | CWE-348 | No | 0.0% | 6.09 | 2026-04-06 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP() function in... |
| [CVE-2026-35390](https://nvd.nist.gov/vuln/detail/CVE-2026-35390) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-06 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy (proxy.ts)... |
| [CVE-2026-35389](https://nvd.nist.gov/vuln/detail/CVE-2026-35389) | 8.7 | HIGH | CWE-295 | No | 0.0% | 6.09 | 2026-04-06 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification... |
| [CVE-2026-35213](https://nvd.nist.gov/vuln/detail/CVE-2026-35213) | 8.7 | HIGH | CWE-1333 | No | 0.3% | 6.10 | 2026-04-06 | @hapi/content provided HTTP Content-* headers parsing. All versions of @hapi/content through 6.0.0 are vulnerable to Reg... |
| [CVE-2026-35208](https://nvd.nist.gov/vuln/detail/CVE-2026-35208) | 5.3 | MEDIUM | CWE-79 | No | 0.1% | 3.71 | 2026-04-06 | lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML in... |
| [CVE-2026-34972](https://nvd.nist.gov/vuln/detail/CVE-2026-34972) | 5.0 | MEDIUM | CWE-863 | No | 0.0% | 3.50 | 2026-04-06 | OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Z... |
| [CVE-2025-54601](https://nvd.nist.gov/vuln/detail/CVE-2025-54601) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-06 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 12... |
| [CVE-2026-5682](https://nvd.nist.gov/vuln/detail/CVE-2026-5682) | 6.3 | MEDIUM | CWE-310 | No | 0.0% | 4.41 | 2026-04-06 | A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of t... |
| [CVE-2026-5681](https://nvd.nist.gov/vuln/detail/CVE-2026-5681) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file... |
| [CVE-2026-5679](https://nvd.nist.gov/vuln/detail/CVE-2026-5679) | 5.1 | MEDIUM | CWE-77 | No | 1.4% | 3.61 | 2026-04-06 | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the functi... |
| [CVE-2026-35459](https://nvd.nist.gov/vuln/detail/CVE-2026-35459) | 9.3 | CRITICAL | CWE-918 | No | 0.0% | 6.51 | 2026-04-06 | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, pyLoad has a server-s... |
| [CVE-2026-35203](https://nvd.nist.gov/vuln/detail/CVE-2026-35203) | 7.5 | HIGH | CWE-125 | No | 0.1% | 5.25 | 2026-04-06 | ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fie... |
| [CVE-2026-35201](https://nvd.nist.gov/vuln/detail/CVE-2026-35201) | 5.9 | MEDIUM | CWE-125 | No | 0.1% | 4.13 | 2026-04-06 | Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed l... |
| [CVE-2026-35200](https://nvd.nist.gov/vuln/detail/CVE-2026-35200) | 2.1 | LOW | CWE-436 | No | 0.0% | 1.47 | 2026-04-06 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73... |
| [CVE-2026-35199](https://nvd.nist.gov/vuln/detail/CVE-2026-35199) | 6.1 | MEDIUM | CWE-122 | No | 0.1% | 4.27 | 2026-04-06 | SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymC... |
| [CVE-2026-35197](https://nvd.nist.gov/vuln/detail/CVE-2026-35197) | 6.6 | MEDIUM | CWE-94 | No | 0.0% | 4.62 | 2026-04-06 | dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would... |
| [CVE-2026-35187](https://nvd.nist.gov/vuln/detail/CVE-2026-35187) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-04-06 | pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API fu... |
| [CVE-2026-35185](https://nvd.nist.gov/vuln/detail/CVE-2026-35185) | 8.7 | HIGH | CWE-284 | No | 0.1% | 6.09 | 2026-04-06 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is pub... |
| [CVE-2026-35184](https://nvd.nist.gov/vuln/detail/CVE-2026-35184) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-04-06 | EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/template... |
| [CVE-2026-35183](https://nvd.nist.gov/vuln/detail/CVE-2026-35183) | 7.1 | HIGH | CWE-639 | No | 0.0% | 4.97 | 2026-04-06 | Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the... |
| [CVE-2026-35182](https://nvd.nist.gov/vuln/detail/CVE-2026-35182) | 8.8 | HIGH | CWE-862 | No | 0.0% | 6.16 | 2026-04-06 | Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update... |
| [CVE-2026-35181](https://nvd.nist.gov/vuln/detail/CVE-2026-35181) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-04-06 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the player skin configuration endpoint at admi... |
| [CVE-2026-35180](https://nvd.nist.gov/vuln/detail/CVE-2026-35180) | 4.3 | MEDIUM | CWE-352 | No | 0.0% | 3.01 | 2026-04-06 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/custo... |
| [CVE-2026-35179](https://nvd.nist.gov/vuln/detail/CVE-2026-35179) | 5.3 | MEDIUM | CWE-862 | No | 0.1% | 3.71 | 2026-04-06 | WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publ... |
| [CVE-2026-35178](https://nvd.nist.gov/vuln/detail/CVE-2026-35178) | 9.3 | CRITICAL | CWE-94 | No | 0.7% | 6.53 | 2026-04-06 | Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Fo... |
| [CVE-2026-35176](https://nvd.nist.gov/vuln/detail/CVE-2026-35176) | 7.1 | HIGH | CWE-125 | No | 0.0% | 4.97 | 2026-04-06 | openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exist... |
| [CVE-2026-35172](https://nvd.nist.gov/vuln/detail/CVE-2026-35172) | 7.5 | HIGH | CWE-284 | No | 0.0% | 5.25 | 2026-04-06 | Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore... |
| [CVE-2026-35170](https://nvd.nist.gov/vuln/detail/CVE-2026-35170) | 7.1 | HIGH | CWE-125 | No | 0.0% | 4.97 | 2026-04-06 | openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlier, a heap-buffer-overflow read vulnerability exist... |
| [CVE-2026-35022](https://nvd.nist.gov/vuln/detail/CVE-2026-35022) | 9.3 | CRITICAL | CWE-78 | No | 0.3% | 6.52 | 2026-04-06 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in authentication helper ex... |
| [CVE-2026-35021](https://nvd.nist.gov/vuln/detail/CVE-2026-35021) | 8.4 | HIGH | CWE-78 | No | 0.0% | 5.88 | 2026-04-06 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the prompt editor invoca... |
| [CVE-2026-35020](https://nvd.nist.gov/vuln/detail/CVE-2026-35020) | 8.6 | HIGH | CWE-78 | No | 0.1% | 6.02 | 2026-04-06 | Anthropic Claude Code CLI and Claude Agent SDK contain an OS command injection vulnerability in the command lookup helpe... |
| [CVE-2025-57834](https://nvd.nist.gov/vuln/detail/CVE-2025-57834) | 7.5 | HIGH | CWE-20 | No | 0.1% | 5.25 | 2026-04-06 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 12... |
| [CVE-2025-54602](https://nvd.nist.gov/vuln/detail/CVE-2025-54602) | 7.0 | HIGH | CWE-362 | No | 0.0% | 4.90 | 2026-04-06 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 12... |
| [CVE-2025-54328](https://nvd.nist.gov/vuln/detail/CVE-2025-54328) | 10.0 | CRITICAL | CWE-121 | No | 0.1% | 7.00 | 2026-04-06 | An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 21... |
| [CVE-2026-5678](https://nvd.nist.gov/vuln/detail/CVE-2026-5678) | 6.9 | MEDIUM | CWE-77 | No | 4.9% | 4.98 | 2026-04-06 | A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setSchedul... |
| [CVE-2026-5677](https://nvd.nist.gov/vuln/detail/CVE-2026-5677) | 6.9 | MEDIUM | CWE-77 | No | 4.9% | 4.98 | 2026-04-06 | A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function CsteSystem of the... |
| [CVE-2026-5676](https://nvd.nist.gov/vuln/detail/CVE-2026-5676) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-04-06 | A vulnerability was identified in Totolink A8000R 5.9c.681_B20180413. This issue affects the function setLanguageCfg of... |
| [CVE-2026-33817](https://nvd.nist.gov/vuln/detail/CVE-2026-33817) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-06 | Rejected reason: CVE confirmed to be a false positive |
| [CVE-2026-0049](https://nvd.nist.gov/vuln/detail/CVE-2026-0049) | 6.2 | MEDIUM | CWE-400 | No | 0.0% | 4.34 | 2026-04-06 | In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhausti... |
| [CVE-2025-58349](https://nvd.nist.gov/vuln/detail/CVE-2025-58349) | 9.1 | CRITICAL | CWE-400 | No | 0.1% | 6.37 | 2026-04-06 | An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 210... |
| [CVE-2025-54324](https://nvd.nist.gov/vuln/detail/CVE-2025-54324) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-04-06 | An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 21... |
| [CVE-2025-48651](https://nvd.nist.gov/vuln/detail/CVE-2025-48651) | 5.5 | MEDIUM | NVD-CWE-noinfo | No | 0.0% | 3.85 | 2026-04-06 | In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to impr... |
| [CVE-2026-5675](https://nvd.nist.gov/vuln/detail/CVE-2026-5675) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /... |
| [CVE-2026-5672](https://nvd.nist.gov/vuln/detail/CVE-2026-5672) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-06 | A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown f... |
| [CVE-2026-5671](https://nvd.nist.gov/vuln/detail/CVE-2026-5671) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-06 | A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Im... |
| [CVE-2026-35470](https://nvd.nist.gov/vuln/detail/CVE-2026-35470) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-06 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_... |
| [CVE-2026-35209](https://nvd.nist.gov/vuln/detail/CVE-2026-35209) | 7.5 | HIGH | CWE-1321 | No | 0.0% | 5.25 | 2026-04-06 | defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pa... |
| [CVE-2026-35177](https://nvd.nist.gov/vuln/detail/CVE-2026-35177) | 4.1 | MEDIUM | CWE-22 | No | 0.0% | 2.87 | 2026-04-06 | Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allo... |
| [CVE-2026-35175](https://nvd.nist.gov/vuln/detail/CVE-2026-35175) | 7.2 | HIGH | CWE-862 | No | 0.1% | 5.04 | 2026-04-06 | Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugi... |
| [CVE-2026-35174](https://nvd.nist.gov/vuln/detail/CVE-2026-35174) | 9.1 | CRITICAL | CWE-22 | No | 0.5% | 6.38 | 2026-04-06 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the admin... |
| [CVE-2026-35173](https://nvd.nist.gov/vuln/detail/CVE-2026-35173) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-04-06 | Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post... |
| [CVE-2026-35171](https://nvd.nist.gov/vuln/detail/CVE-2026-35171) | 9.8 | CRITICAL | CWE-94 | No | 0.4% | 6.87 | 2026-04-06 | Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path t... |
| [CVE-2026-35166](https://nvd.nist.gov/vuln/detail/CVE-2026-35166) | 5.3 | MEDIUM | CWE-79 | No | 0.1% | 3.71 | 2026-04-06 | Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML re... |
| [CVE-2026-35164](https://nvd.nist.gov/vuln/detail/CVE-2026-35164) | 8.8 | HIGH | CWE-434 | No | 0.3% | 6.17 | 2026-04-06 | Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload... |
| [CVE-2026-35052](https://nvd.nist.gov/vuln/detail/CVE-2026-35052) | 5.3 | MEDIUM | CWE-79 | No | 0.6% | 3.73 | 2026-04-06 | D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to 3... |
| [CVE-2026-35050](https://nvd.nist.gov/vuln/detail/CVE-2026-35050) | 9.1 | CRITICAL | CWE-22 | No | 0.1% | 6.37 | 2026-04-06 | text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save... |
| [CVE-2026-35047](https://nvd.nist.gov/vuln/detail/CVE-2026-35047) | 9.3 | CRITICAL | CWE-434 | No | 0.3% | 6.52 | 2026-04-06 | Brave CMS is an open-source CMS. Prior to 2.0.6, an Unrestricted File Upload vulnerability in the CKEditor endpoint allo... |
| [CVE-2026-35046](https://nvd.nist.gov/vuln/detail/CVE-2026-35046) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-06 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tan... |
| [CVE-2026-35045](https://nvd.nist.gov/vuln/detail/CVE-2026-35045) | 8.1 | HIGH | CWE-639 | No | 0.0% | 5.67 | 2026-04-06 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the... |
| [CVE-2026-35044](https://nvd.nist.gov/vuln/detail/CVE-2026-35044) | 8.8 | HIGH | CWE-1336 | No | 0.0% | 6.16 | 2026-04-06 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.... |
| [CVE-2026-35043](https://nvd.nist.gov/vuln/detail/CVE-2026-35043) | 7.8 | HIGH | CWE-78 | No | 0.1% | 5.46 | 2026-04-06 | BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.... |
| [CVE-2026-30613](https://nvd.nist.gov/vuln/detail/CVE-2026-30613) | 4.6 | MEDIUM | CWE-200 | No | 0.0% | 3.22 | 2026-04-06 | An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Ver... |
| [CVE-2025-61166](https://nvd.nist.gov/vuln/detail/CVE-2025-61166) | 6.1 | MEDIUM | CWE-601 | No | 0.0% | 4.27 | 2026-04-06 | An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted... |
| [CVE-2025-59440](https://nvd.nist.gov/vuln/detail/CVE-2025-59440) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-04-06 | An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2... |
| [CVE-2025-57835](https://nvd.nist.gov/vuln/detail/CVE-2025-57835) | 7.5 | HIGH | CWE-20 | No | 0.1% | 5.25 | 2026-04-06 | An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 21... |
| [CVE-2026-5670](https://nvd.nist.gov/vuln/detail/CVE-2026-5670) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-04-06 | A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This is... |
| [CVE-2026-5669](https://nvd.nist.gov/vuln/detail/CVE-2026-5669) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-06 | A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Th... |
| [CVE-2026-5668](https://nvd.nist.gov/vuln/detail/CVE-2026-5668) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-06 | A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affect... |
| [CVE-2026-35042](https://nvd.nist.gov/vuln/detail/CVE-2026-35042) | 7.5 | HIGH | CWE-345 | No | 0.0% | 5.25 | 2026-04-06 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit (C... |
| [CVE-2026-35039](https://nvd.nist.gov/vuln/detail/CVE-2026-35039) | 9.1 | CRITICAL | CWE-345 | No | 0.0% | 6.37 | 2026-04-06 | fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuil... |
| [CVE-2026-35037](https://nvd.nist.gov/vuln/detail/CVE-2026-35037) | 7.2 | HIGH | CWE-918 | No | 0.0% | 5.04 | 2026-04-06 | Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/... |
| [CVE-2026-35036](https://nvd.nist.gov/vuln/detail/CVE-2026-35036) | 7.5 | HIGH | CWE-918 | No | 0.0% | 5.25 | 2026-04-06 | Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link... |
| [CVE-2026-35035](https://nvd.nist.gov/vuln/detail/CVE-2026-35035) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-04-06 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-35030](https://nvd.nist.gov/vuln/detail/CVE-2026-35030) | 9.4 | CRITICAL | CWE-287 | No | 0.1% | 6.58 | 2026-04-06 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authenti... |
| [CVE-2026-35029](https://nvd.nist.gov/vuln/detail/CVE-2026-35029) | 8.7 | HIGH | CWE-863 | No | 0.2% | 6.10 | 2026-04-06 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/updat... |
| [CVE-2026-34992](https://nvd.nist.gov/vuln/detail/CVE-2026-34992) | 7.1 | HIGH | CWE-311 | No | 0.0% | 4.97 | 2026-04-06 | Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encrypt... |
| [CVE-2026-34989](https://nvd.nist.gov/vuln/detail/CVE-2026-34989) | 9.4 | CRITICAL | CWE-79 | No | 0.1% | 6.58 | 2026-04-06 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34986](https://nvd.nist.gov/vuln/detail/CVE-2026-34986) | 7.5 | HIGH | CWE-248 | No | 0.0% | 5.25 | 2026-04-06 | Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including sup... |
| [CVE-2026-34981](https://nvd.nist.gov/vuln/detail/CVE-2026-34981) | 5.8 | MEDIUM | CWE-918 | No | 0.0% | 4.06 | 2026-04-06 | The whisperX API is a tool for enhancing and analyzing audio content. From 0.3.1 to 0.5.0, FileService.download_from_url... |
| [CVE-2026-34977](https://nvd.nist.gov/vuln/detail/CVE-2026-34977) | 9.3 | CRITICAL | CWE-78 | No | 0.1% | 6.51 | 2026-04-06 | Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an op... |
| [CVE-2026-34976](https://nvd.nist.gov/vuln/detail/CVE-2026-34976) | 10.0 | CRITICAL | CWE-862 | No | 0.0% | 7.00 | 2026-04-06 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from... |
| [CVE-2026-34975](https://nvd.nist.gov/vuln/detail/CVE-2026-34975) | 8.5 | HIGH | CWE-93 | No | 0.0% | 5.95 | 2026-04-06 | Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability wa... |
| [CVE-2026-34841](https://nvd.nist.gov/vuln/detail/CVE-2026-34841) | 9.8 | CRITICAL | CWE-494 | No | 0.0% | 6.86 | 2026-04-06 | Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack... |
| [CVE-2026-34783](https://nvd.nist.gov/vuln/detail/CVE-2026-34783) | 8.1 | HIGH | CWE-22 | No | 0.1% | 5.67 | 2026-04-06 | Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferr... |
| [CVE-2026-31313](https://nvd.nist.gov/vuln/detail/CVE-2026-31313) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-06 | An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allo... |
| [CVE-2026-5704](https://nvd.nist.gov/vuln/detail/CVE-2026-5704) | 5.0 | MEDIUM | CWE-434 | No | 0.0% | 3.50 | 2026-04-06 | A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to... |
| [CVE-2026-5666](https://nvd.nist.gov/vuln/detail/CVE-2026-5666) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-06 | A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionalit... |
| [CVE-2026-5665](https://nvd.nist.gov/vuln/detail/CVE-2026-5665) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-06 | A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an... |
| [CVE-2026-34982](https://nvd.nist.gov/vuln/detail/CVE-2026-34982) | 8.2 | HIGH | CWE-78 | No | 0.0% | 5.74 | 2026-04-06 | Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbi... |
| [CVE-2026-34969](https://nvd.nist.gov/vuln/detail/CVE-2026-34969) | 2.3 | LOW | CWE-200 | No | 0.1% | 1.61 | 2026-04-06 | Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback f... |
| [CVE-2026-34951](https://nvd.nist.gov/vuln/detail/CVE-2026-34951) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-06 | Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Fo... |
| [CVE-2026-34950](https://nvd.nist.gov/vuln/detail/CVE-2026-34950) | 9.1 | CRITICAL | CWE-327 | No | 0.0% | 6.37 | 2026-04-06 | fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-... |
| [CVE-2026-34940](https://nvd.nist.gov/vuln/detail/CVE-2026-34940) | 0.0 | NONE | CWE-78 | No | 0.1% | 0.00 | 2026-04-06 | KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/... |
| [CVE-2026-34764](https://nvd.nist.gov/vuln/detail/CVE-2026-34764) | 2.3 | LOW | CWE-416 | No | 0.0% | 1.61 | 2026-04-06 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alph... |
| [CVE-2026-34756](https://nvd.nist.gov/vuln/detail/CVE-2026-34756) | 6.5 | MEDIUM | CWE-770 | No | 0.0% | 4.55 | 2026-04-06 | vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Servi... |
| [CVE-2026-34755](https://nvd.nist.gov/vuln/detail/CVE-2026-34755) | 6.5 | MEDIUM | CWE-770 | No | 0.0% | 4.55 | 2026-04-06 | vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.... |
| [CVE-2026-34589](https://nvd.nist.gov/vuln/detail/CVE-2026-34589) | 8.4 | HIGH | CWE-190 | No | 0.0% | 5.88 | 2026-04-06 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the... |
| [CVE-2026-34588](https://nvd.nist.gov/vuln/detail/CVE-2026-34588) | 8.6 | HIGH | CWE-125 | No | 0.0% | 6.02 | 2026-04-06 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the... |
| [CVE-2026-34444](https://nvd.nist.gov/vuln/detail/CVE-2026-34444) | 7.9 | HIGH | CWE-284 | No | 0.1% | 5.53 | 2026-04-06 | Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently ap... |
| [CVE-2026-34402](https://nvd.nist.gov/vuln/detail/CVE-2026-34402) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-06 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a... |
| [CVE-2026-34380](https://nvd.nist.gov/vuln/detail/CVE-2026-34380) | 5.9 | MEDIUM | CWE-190 | No | 0.0% | 4.13 | 2026-04-06 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the... |
| [CVE-2026-34379](https://nvd.nist.gov/vuln/detail/CVE-2026-34379) | 7.1 | HIGH | CWE-704 | No | 0.1% | 4.97 | 2026-04-06 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the... |
| [CVE-2026-34378](https://nvd.nist.gov/vuln/detail/CVE-2026-34378) | 6.5 | MEDIUM | CWE-190 | No | 0.0% | 4.55 | 2026-04-06 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the... |
| [CVE-2026-34217](https://nvd.nist.gov/vuln/detail/CVE-2026-34217) | 6.9 | MEDIUM | CWE-668 | No | 0.1% | 4.83 | 2026-04-06 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sand... |
| [CVE-2026-34211](https://nvd.nist.gov/vuln/detail/CVE-2026-34211) | 6.9 | MEDIUM | CWE-674 | No | 0.1% | 4.83 | 2026-04-06 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion... |
| [CVE-2026-34208](https://nvd.nist.gov/vuln/detail/CVE-2026-34208) | 10.0 | CRITICAL | CWE-693 | No | 0.2% | 7.01 | 2026-04-06 | SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for... |
| [CVE-2026-34148](https://nvd.nist.gov/vuln/detail/CVE-2026-34148) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-04-06 | Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8,... |
| [CVE-2026-33752](https://nvd.nist.gov/vuln/detail/CVE-2026-33752) | 8.6 | HIGH | CWE-918 | No | 0.0% | 6.02 | 2026-04-06 | curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges,... |
| [CVE-2026-33727](https://nvd.nist.gov/vuln/detail/CVE-2026-33727) | 6.4 | MEDIUM | CWE-269 | No | 0.0% | 4.48 | 2026-04-06 | Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privil... |
| [CVE-2026-33405](https://nvd.nist.gov/vuln/detail/CVE-2026-33405) | 3.1 | LOW | CWE-79 | No | 0.0% | 2.17 | 2026-04-06 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking applic... |
| [CVE-2026-31354](https://nvd.nist.gov/vuln/detail/CVE-2026-31354) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-06 | Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 a... |
| [CVE-2026-31353](https://nvd.nist.gov/vuln/detail/CVE-2026-31353) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-06 | An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attac... |
| [CVE-2026-31352](https://nvd.nist.gov/vuln/detail/CVE-2026-31352) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-06 | An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allow... |
| [CVE-2026-31351](https://nvd.nist.gov/vuln/detail/CVE-2026-31351) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-06 | An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allo... |
| [CVE-2026-31350](https://nvd.nist.gov/vuln/detail/CVE-2026-31350) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-06 | An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitra... |
| [CVE-2026-21382](https://nvd.nist.gov/vuln/detail/CVE-2026-21382) | 7.8 | HIGH | CWE-120 | No | 0.0% | 5.46 | 2026-04-06 | Memory Corruption when handling power management requests with improperly sized input/output buffers. |
| [CVE-2026-21381](https://nvd.nist.gov/vuln/detail/CVE-2026-21381) | 7.6 | HIGH | CWE-126 | No | 0.0% | 5.32 | 2026-04-06 | Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood aware... |
| [CVE-2026-21380](https://nvd.nist.gov/vuln/detail/CVE-2026-21380) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-06 | Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory. |
| [CVE-2026-21378](https://nvd.nist.gov/vuln/detail/CVE-2026-21378) | 7.8 | HIGH | CWE-126 | No | 0.0% | 5.46 | 2026-04-06 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor... |
| [CVE-2026-21376](https://nvd.nist.gov/vuln/detail/CVE-2026-21376) | 7.8 | HIGH | CWE-126 | No | 0.0% | 5.46 | 2026-04-06 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor... |
| [CVE-2026-21375](https://nvd.nist.gov/vuln/detail/CVE-2026-21375) | 7.8 | HIGH | CWE-126 | No | 0.0% | 5.46 | 2026-04-06 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. |
| [CVE-2026-21374](https://nvd.nist.gov/vuln/detail/CVE-2026-21374) | 7.8 | HIGH | CWE-126 | No | 0.0% | 5.46 | 2026-04-06 | Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validatio... |
| [CVE-2026-21373](https://nvd.nist.gov/vuln/detail/CVE-2026-21373) | 7.8 | HIGH | CWE-126 | No | 0.0% | 5.46 | 2026-04-06 | Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. |
| [CVE-2026-21372](https://nvd.nist.gov/vuln/detail/CVE-2026-21372) | 7.8 | HIGH | CWE-122 | No | 0.0% | 5.46 | 2026-04-06 | Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations. |
| [CVE-2026-21371](https://nvd.nist.gov/vuln/detail/CVE-2026-21371) | 7.8 | HIGH | CWE-126 | No | 0.0% | 5.46 | 2026-04-06 | Memory Corruption when retrieving output buffer with insufficient size validation. |
| [CVE-2026-21367](https://nvd.nist.gov/vuln/detail/CVE-2026-21367) | 7.6 | HIGH | CWE-126 | No | 0.0% | 5.32 | 2026-04-06 | Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. |
| [CVE-2025-47400](https://nvd.nist.gov/vuln/detail/CVE-2025-47400) | 7.1 | HIGH | CWE-126 | No | 0.0% | 4.97 | 2026-04-06 | Cryptographic issue while copying data to a destination buffer without validating its size. |
| [CVE-2025-47392](https://nvd.nist.gov/vuln/detail/CVE-2025-47392) | 8.8 | HIGH | CWE-190 | No | 0.0% | 6.16 | 2026-04-06 | Memory corruption when decoding corrupted satellite data files with invalid signature offsets. |
| [CVE-2025-47391](https://nvd.nist.gov/vuln/detail/CVE-2025-47391) | 7.8 | HIGH | CWE-121 | No | 0.0% | 5.46 | 2026-04-06 | Memory corruption while processing a frame request from user. |
| [CVE-2025-47390](https://nvd.nist.gov/vuln/detail/CVE-2025-47390) | 7.8 | HIGH | CWE-126 | No | 0.0% | 5.46 | 2026-04-06 | Memory corruption while preprocessing IOCTL request in JPEG driver. |
| [CVE-2025-47389](https://nvd.nist.gov/vuln/detail/CVE-2025-47389) | 7.8 | HIGH | CWE-120 | No | 0.0% | 5.46 | 2026-04-06 | Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. |
| [CVE-2025-47374](https://nvd.nist.gov/vuln/detail/CVE-2025-47374) | 6.5 | MEDIUM | CWE-416 | No | 0.0% | 4.55 | 2026-04-06 | Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling. |
| [CVE-2024-14032](https://nvd.nist.gov/vuln/detail/CVE-2024-14032) | 8.5 | HIGH | CWE-862 | No | 0.0% | 5.95 | 2026-04-06 | Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that... |
| [CVE-2026-5664](https://nvd.nist.gov/vuln/detail/CVE-2026-5664) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-06 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-30078. Reason: This candidate is a... |
| [CVE-2026-5663](https://nvd.nist.gov/vuln/detail/CVE-2026-5663) | 6.9 | MEDIUM | CWE-77 | No | 1.8% | 4.88 | 2026-04-06 | A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEn... |
| [CVE-2026-5661](https://nvd.nist.gov/vuln/detail/CVE-2026-5661) | 5.5 | MEDIUM | CWE-404 | No | 0.1% | 3.85 | 2026-04-06 | A vulnerability was identified in Free5GC 4.2.0. This affects an unknown function of the component NGSetupRequest Handle... |
| [CVE-2026-34897](https://nvd.nist.gov/vuln/detail/CVE-2026-34897) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-06 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Lingren Medi... |
| [CVE-2026-34885](https://nvd.nist.gov/vuln/detail/CVE-2026-34885) | 8.5 | HIGH | CWE-89 | No | 5.7% | 6.12 | 2026-04-06 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Lingren Medi... |
| [CVE-2026-33540](https://nvd.nist.gov/vuln/detail/CVE-2026-33540) | 7.5 | HIGH | CWE-918 | No | 0.0% | 5.25 | 2026-04-06 | Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mod... |
| [CVE-2026-33510](https://nvd.nist.gov/vuln/detail/CVE-2026-33510) | 8.8 | HIGH | CWE-87 | No | 0.0% | 6.16 | 2026-04-06 | Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been disco... |
| [CVE-2026-33406](https://nvd.nist.gov/vuln/detail/CVE-2026-33406) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-06 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking applic... |
| [CVE-2026-33404](https://nvd.nist.gov/vuln/detail/CVE-2026-33404) | 3.4 | LOW | CWE-79 | No | 0.0% | 2.38 | 2026-04-06 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking applic... |
| [CVE-2026-33403](https://nvd.nist.gov/vuln/detail/CVE-2026-33403) | 6.1 | MEDIUM | CWE-79 | No | 0.1% | 4.27 | 2026-04-06 | Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking applic... |
| [CVE-2026-32602](https://nvd.nist.gov/vuln/detail/CVE-2026-32602) | 4.2 | MEDIUM | CWE-367 | No | 0.0% | 2.94 | 2026-04-06 | Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint (/api/trpc/user.register) is vulnera... |
| [CVE-2026-31153](https://nvd.nist.gov/vuln/detail/CVE-2026-31153) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-06 | A stored cross-site scripting (XSS) vulnerability in Bynder v0.1.394 allows attackers to execute arbitrary web scripts o... |
| [CVE-2026-31151](https://nvd.nist.gov/vuln/detail/CVE-2026-31151) | 9.8 | CRITICAL | CWE-288 | No | 0.1% | 6.86 | 2026-04-06 | An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the appl... |
| [CVE-2026-31150](https://nvd.nist.gov/vuln/detail/CVE-2026-31150) | 4.3 | MEDIUM | CWE-284 | No | 0.0% | 3.01 | 2026-04-06 | Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to... |
| [CVE-2026-31067](https://nvd.nist.gov/vuln/detail/CVE-2026-31067) | 6.8 | MEDIUM | CWE-78 | No | 0.1% | 4.76 | 2026-04-06 | A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7... |
| [CVE-2026-31066](https://nvd.nist.gov/vuln/detail/CVE-2026-31066) | 4.5 | MEDIUM | CWE-120 | No | 0.0% | 3.15 | 2026-04-06 | UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of th... |
| [CVE-2026-31065](https://nvd.nist.gov/vuln/detail/CVE-2026-31065) | 4.5 | MEDIUM | CWE-120 | No | 0.0% | 3.15 | 2026-04-06 | UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formC... |
| [CVE-2026-31063](https://nvd.nist.gov/vuln/detail/CVE-2026-31063) | 4.5 | MEDIUM | CWE-120 | No | 0.0% | 3.15 | 2026-04-06 | UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the form... |
| [CVE-2026-31062](https://nvd.nist.gov/vuln/detail/CVE-2026-31062) | 4.5 | MEDIUM | CWE-120 | No | 0.0% | 3.15 | 2026-04-06 | UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtp... |
| [CVE-2026-31061](https://nvd.nist.gov/vuln/detail/CVE-2026-31061) | 4.5 | MEDIUM | CWE-120 | No | 0.0% | 3.15 | 2026-04-06 | UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the... |
| [CVE-2026-31060](https://nvd.nist.gov/vuln/detail/CVE-2026-31060) | 4.5 | MEDIUM | CWE-120 | No | 0.0% | 3.15 | 2026-04-06 | UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the form... |
| [CVE-2026-31059](https://nvd.nist.gov/vuln/detail/CVE-2026-31059) | 9.8 | CRITICAL | CWE-77 | No | 0.6% | 6.88 | 2026-04-06 | A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-18... |
| [CVE-2026-31058](https://nvd.nist.gov/vuln/detail/CVE-2026-31058) | 4.5 | MEDIUM | CWE-120 | No | 0.0% | 3.15 | 2026-04-06 | UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of... |
| [CVE-2026-31053](https://nvd.nist.gov/vuln/detail/CVE-2026-31053) | 6.2 | MEDIUM | CWE-415 | No | 0.0% | 4.34 | 2026-04-06 | A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing m... |
| [CVE-2026-29047](https://nvd.nist.gov/vuln/detail/CVE-2026-29047) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-04-06 | GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user... |
| [CVE-2026-26263](https://nvd.nist.gov/vuln/detail/CVE-2026-26263) | 8.1 | HIGH | CWE-89 | No | 0.0% | 5.67 | 2026-04-06 | GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based bli... |
| [CVE-2026-26027](https://nvd.nist.gov/vuln/detail/CVE-2026-26027) | 7.5 | HIGH | CWE-79 | No | 0.0% | 5.25 | 2026-04-06 | GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store... |
| [CVE-2026-26026](https://nvd.nist.gov/vuln/detail/CVE-2026-26026) | 9.1 | CRITICAL | CWE-94 | No | 0.1% | 6.37 | 2026-04-06 | GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, template injection by an administ... |
| [CVE-2026-25932](https://nvd.nist.gov/vuln/detail/CVE-2026-25932) | 7.2 | HIGH | CWE-79 | No | 0.0% | 5.04 | 2026-04-06 | GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user c... |
| [CVE-2026-5660](https://nvd.nist.gov/vuln/detail/CVE-2026-5660) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown fu... |
| [CVE-2026-5659](https://nvd.nist.gov/vuln/detail/CVE-2026-5659) | 5.3 | MEDIUM | CWE-20 | No | 0.0% | 3.71 | 2026-04-06 | A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie._... |
| [CVE-2026-30078](https://nvd.nist.gov/vuln/detail/CVE-2026-30078) | 7.5 | HIGH | CWE-20 | No | 0.1% | 5.25 | 2026-04-06 | OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. Fo... |
| [CVE-2026-3524](https://nvd.nist.gov/vuln/detail/CVE-2026-3524) | 8.8 | HIGH | CWE-862 | No | 0.0% | 6.16 | 2026-04-06 | Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in Serv... |
| [CVE-2026-5650](https://nvd.nist.gov/vuln/detail/CVE-2026-5650) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-06 | A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function... |
| [CVE-2026-5649](https://nvd.nist.gov/vuln/detail/CVE-2026-5649) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unk... |
| [CVE-2026-5648](https://nvd.nist.gov/vuln/detail/CVE-2026-5648) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-06 | A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /u... |
| [CVE-2026-5647](https://nvd.nist.gov/vuln/detail/CVE-2026-5647) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-06 | A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/adm... |
| [CVE-2026-5646](https://nvd.nist.gov/vuln/detail/CVE-2026-5646) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-06 | A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown f... |
| [CVE-2026-5645](https://nvd.nist.gov/vuln/detail/CVE-2026-5645) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-06 | A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown func... |
| [CVE-2026-5673](https://nvd.nist.gov/vuln/detail/CVE-2026-5673) | 5.6 | MEDIUM | CWE-125 | No | 0.0% | 3.92 | 2026-04-06 | A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Inter... |
| [CVE-2026-5644](https://nvd.nist.gov/vuln/detail/CVE-2026-5644) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-06 | A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3... |
| [CVE-2026-5643](https://nvd.nist.gov/vuln/detail/CVE-2026-5643) | 4.8 | MEDIUM | CWE-79 | No | 0.0% | 3.36 | 2026-04-06 | A vulnerability was identified in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Th... |
| [CVE-2026-5642](https://nvd.nist.gov/vuln/detail/CVE-2026-5642) | 6.9 | MEDIUM | CWE-266 | No | 0.1% | 4.83 | 2026-04-06 | A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Th... |
| [CVE-2026-5641](https://nvd.nist.gov/vuln/detail/CVE-2026-5641) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function... |
| [CVE-2026-5640](https://nvd.nist.gov/vuln/detail/CVE-2026-5640) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown func... |
| [CVE-2026-5639](https://nvd.nist.gov/vuln/detail/CVE-2026-5639) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /adm... |
| [CVE-2026-5638](https://nvd.nist.gov/vuln/detail/CVE-2026-5638) | 5.5 | MEDIUM | CWE-22 | No | 0.1% | 3.85 | 2026-04-06 | A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Perform... |
| [CVE-2026-5637](https://nvd.nist.gov/vuln/detail/CVE-2026-5637) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-06 | A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown co... |
| [CVE-2026-37977](https://nvd.nist.gov/vuln/detail/CVE-2026-37977) | 3.7 | LOW | CWE-346 | No | 0.0% | 2.59 | 2026-04-06 | A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vuln... |
| [CVE-2026-5636](https://nvd.nist.gov/vuln/detail/CVE-2026-5636) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the fil... |
| [CVE-2026-5635](https://nvd.nist.gov/vuln/detail/CVE-2026-5635) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unk... |
| [CVE-2026-5634](https://nvd.nist.gov/vuln/detail/CVE-2026-5634) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-06 | A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown fun... |
| [CVE-2026-5633](https://nvd.nist.gov/vuln/detail/CVE-2026-5633) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-04-06 | A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the compone... |
| [CVE-2026-5632](https://nvd.nist.gov/vuln/detail/CVE-2026-5632) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-04-06 | A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component H... |
| [CVE-2026-5631](https://nvd.nist.gov/vuln/detail/CVE-2026-5631) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-04-06 | A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract_command_data... |
| [CVE-2026-5630](https://nvd.nist.gov/vuln/detail/CVE-2026-5630) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-06 | A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file... |
| [CVE-2026-5629](https://nvd.nist.gov/vuln/detail/CVE-2026-5629) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file... |
| [CVE-2026-5628](https://nvd.nist.gov/vuln/detail/CVE-2026-5628) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of... |
| [CVE-2026-5625](https://nvd.nist.gov/vuln/detail/CVE-2026-5625) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-06 | A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of... |
| [CVE-2026-5624](https://nvd.nist.gov/vuln/detail/CVE-2026-5624) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-04-06 | A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php... |
| [CVE-2026-5623](https://nvd.nist.gov/vuln/detail/CVE-2026-5623) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-06 | A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/f... |
| [CVE-2026-5621](https://nvd.nist.gov/vuln/detail/CVE-2026-5621) | 4.8 | MEDIUM | CWE-77 | No | 0.5% | 3.37 | 2026-04-06 | A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown function... |
| [CVE-2026-5620](https://nvd.nist.gov/vuln/detail/CVE-2026-5620) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of th... |
| [CVE-2026-5619](https://nvd.nist.gov/vuln/detail/CVE-2026-5619) | 4.8 | MEDIUM | CWE-77 | No | 0.5% | 3.37 | 2026-04-06 | A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file... |
| [CVE-2026-5618](https://nvd.nist.gov/vuln/detail/CVE-2026-5618) | 6.3 | MEDIUM | CWE-918 | No | 0.1% | 4.41 | 2026-04-06 | A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake... |
| [CVE-2026-5616](https://nvd.nist.gov/vuln/detail/CVE-2026-5616) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-04-06 | A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the... |
| [CVE-2026-5615](https://nvd.nist.gov/vuln/detail/CVE-2026-5615) | 5.3 | MEDIUM | CWE-79 | No | 1.9% | 3.77 | 2026-04-06 | A weakness has been identified in givanz Vvvebjs up to 2.0.5. The affected element is an unknown function of the file up... |
| [CVE-2026-5614](https://nvd.nist.gov/vuln/detail/CVE-2026-5614) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /gof... |
| [CVE-2026-5613](https://nvd.nist.gov/vuln/detail/CVE-2026-5613) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A vulnerability was identified in Belkin F9K1015 1.00.10. This issue affects the function formReboot of the file /goform... |
| [CVE-2026-5612](https://nvd.nist.gov/vuln/detail/CVE-2026-5612) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the f... |
| [CVE-2026-5611](https://nvd.nist.gov/vuln/detail/CVE-2026-5611) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/f... |
| [CVE-2026-5610](https://nvd.nist.gov/vuln/detail/CVE-2026-5610) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file... |
| [CVE-2026-5609](https://nvd.nist.gov/vuln/detail/CVE-2026-5609) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A flaw has been found in Tenda i12 1.0.0.11(3862). Affected by this vulnerability is the function formwrlSSIDset of the... |
| [CVE-2026-5608](https://nvd.nist.gov/vuln/detail/CVE-2026-5608) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formW... |
| [CVE-2026-5607](https://nvd.nist.gov/vuln/detail/CVE-2026-5607) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-06 | A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallTool... |
| [CVE-2026-5606](https://nvd.nist.gov/vuln/detail/CVE-2026-5606) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-06 | A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown... |
| [CVE-2026-5605](https://nvd.nist.gov/vuln/detail/CVE-2026-5605) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-06 | A weakness has been identified in Tenda CH22 1.0.0.1. This affects the function formWrlExtraSet of the file /goform/WrlE... |
| [CVE-2026-5604](https://nvd.nist.gov/vuln/detail/CVE-2026-5604) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-05 | A security flaw has been discovered in Tenda CH22 1.0.0.1. The impacted element is the function formCertLocalPrecreate o... |
| [CVE-2026-5603](https://nvd.nist.gov/vuln/detail/CVE-2026-5603) | 4.8 | MEDIUM | CWE-77 | No | 0.1% | 3.36 | 2026-04-05 | A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMag... |
| [CVE-2026-5602](https://nvd.nist.gov/vuln/detail/CVE-2026-5602) | 4.8 | MEDIUM | CWE-77 | No | 0.1% | 3.36 | 2026-04-05 | A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/t... |
| [CVE-2026-5601](https://nvd.nist.gov/vuln/detail/CVE-2026-5601) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-05 | A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of... |
| [CVE-2026-5597](https://nvd.nist.gov/vuln/detail/CVE-2026-5597) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-04-05 | A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\t... |
| [CVE-2026-35679](https://nvd.nist.gov/vuln/detail/CVE-2026-35679) | 3.5 | LOW | CWE-358 | No | 0.0% | 2.45 | 2026-04-05 | Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could... |
| [CVE-2026-5596](https://nvd.nist.gov/vuln/detail/CVE-2026-5596) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the... |
| [CVE-2019-25704](https://nvd.nist.gov/vuln/detail/CVE-2019-25704) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-05 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec... |
| [CVE-2019-25702](https://nvd.nist.gov/vuln/detail/CVE-2019-25702) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-05 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec... |
| [CVE-2019-25700](https://nvd.nist.gov/vuln/detail/CVE-2019-25700) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-05 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec... |
| [CVE-2019-25698](https://nvd.nist.gov/vuln/detail/CVE-2019-25698) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-05 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec... |
| [CVE-2019-25696](https://nvd.nist.gov/vuln/detail/CVE-2019-25696) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-05 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec... |
| [CVE-2019-25694](https://nvd.nist.gov/vuln/detail/CVE-2019-25694) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-05 | Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database... |
| [CVE-2019-25692](https://nvd.nist.gov/vuln/detail/CVE-2019-25692) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-05 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec... |
| [CVE-2019-25690](https://nvd.nist.gov/vuln/detail/CVE-2019-25690) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-05 | Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injec... |
| [CVE-2019-25688](https://nvd.nist.gov/vuln/detail/CVE-2019-25688) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-05 | Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database... |
| [CVE-2019-25687](https://nvd.nist.gov/vuln/detail/CVE-2019-25687) | 9.3 | CRITICAL | CWE-22 | No | 0.4% | 6.52 | 2026-04-05 | Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticate... |
| [CVE-2019-25686](https://nvd.nist.gov/vuln/detail/CVE-2019-25686) | 8.7 | HIGH | CWE-306 | No | 0.2% | 6.09 | 2026-04-05 | Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attack... |
| [CVE-2019-25685](https://nvd.nist.gov/vuln/detail/CVE-2019-25685) | 8.7 | HIGH | CWE-22 | No | 0.2% | 6.10 | 2026-04-05 | phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by e... |
| [CVE-2019-25684](https://nvd.nist.gov/vuln/detail/CVE-2019-25684) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-05 | OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database qu... |
| [CVE-2019-25683](https://nvd.nist.gov/vuln/detail/CVE-2019-25683) | 6.9 | MEDIUM | CWE-532 | No | 0.0% | 4.83 | 2026-04-05 | FileZilla 3.40.0 contains a denial of service vulnerability in the local search functionality that allows local attacker... |
| [CVE-2019-25682](https://nvd.nist.gov/vuln/detail/CVE-2019-25682) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-04-05 | CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administra... |
| [CVE-2019-25681](https://nvd.nist.gov/vuln/detail/CVE-2019-25681) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-04-05 | Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attacker... |
| [CVE-2019-25680](https://nvd.nist.gov/vuln/detail/CVE-2019-25680) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-05 | Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to exec... |
| [CVE-2019-25679](https://nvd.nist.gov/vuln/detail/CVE-2019-25679) | 8.5 | HIGH | CWE-787 | No | 0.0% | 5.95 | 2026-04-05 | RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Ec... |
| [CVE-2019-25678](https://nvd.nist.gov/vuln/detail/CVE-2019-25678) | 8.8 | HIGH | CWE-306 | No | 0.1% | 6.16 | 2026-04-05 | C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated a... |
| [CVE-2019-25677](https://nvd.nist.gov/vuln/detail/CVE-2019-25677) | 6.9 | MEDIUM | CWE-379 | No | 0.0% | 4.83 | 2026-04-05 | WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a... |
| [CVE-2019-25676](https://nvd.nist.gov/vuln/detail/CVE-2019-25676) | 8.8 | HIGH | CWE-79 | No | 0.1% | 6.16 | 2026-04-05 | Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attac... |
| [CVE-2019-25675](https://nvd.nist.gov/vuln/detail/CVE-2019-25675) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-04-05 | eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator... |
| [CVE-2019-25674](https://nvd.nist.gov/vuln/detail/CVE-2019-25674) | 8.8 | HIGH | CWE-89 | No | 0.2% | 6.17 | 2026-04-05 | CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries... |
| [CVE-2019-25673](https://nvd.nist.gov/vuln/detail/CVE-2019-25673) | 8.7 | HIGH | CWE-434 | No | 0.1% | 6.09 | 2026-04-05 | UniSharp Laravel File Manager v2.0.0-alpha7 and v2.0 contain an arbitrary file upload vulnerability that allows authenti... |
| [CVE-2019-25672](https://nvd.nist.gov/vuln/detail/CVE-2019-25672) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-05 | PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database quer... |
| [CVE-2019-25671](https://nvd.nist.gov/vuln/detail/CVE-2019-25671) | 8.7 | HIGH | CWE-22 | No | 0.4% | 6.10 | 2026-04-05 | VA MAX 8.3.4 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary com... |
| [CVE-2019-25670](https://nvd.nist.gov/vuln/detail/CVE-2019-25670) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-04-05 | River Past Video Cleaner 7.6.3 contains a structured exception handler buffer overflow vulnerability that allows local a... |
| [CVE-2019-25669](https://nvd.nist.gov/vuln/detail/CVE-2019-25669) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-05 | qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL c... |
| [CVE-2019-25668](https://nvd.nist.gov/vuln/detail/CVE-2019-25668) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-05 | News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate da... |
| [CVE-2019-25667](https://nvd.nist.gov/vuln/detail/CVE-2019-25667) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-04-05 | TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supp... |
| [CVE-2019-25666](https://nvd.nist.gov/vuln/detail/CVE-2019-25666) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-04-05 | SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows at... |
| [CVE-2019-25665](https://nvd.nist.gov/vuln/detail/CVE-2019-25665) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-04-05 | River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash t... |
| [CVE-2019-25664](https://nvd.nist.gov/vuln/detail/CVE-2019-25664) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-04-05 | SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView... |
| [CVE-2019-25663](https://nvd.nist.gov/vuln/detail/CVE-2019-25663) | 7.1 | HIGH | CWE-89 | No | 0.0% | 4.97 | 2026-04-05 | SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database querie... |
| [CVE-2019-25662](https://nvd.nist.gov/vuln/detail/CVE-2019-25662) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-05 | ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL... |
| [CVE-2019-25661](https://nvd.nist.gov/vuln/detail/CVE-2019-25661) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-04-05 | Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial... |
| [CVE-2019-25660](https://nvd.nist.gov/vuln/detail/CVE-2019-25660) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-04-05 | LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending... |
| [CVE-2019-25659](https://nvd.nist.gov/vuln/detail/CVE-2019-25659) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-04-05 | ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of... |
| [CVE-2019-25658](https://nvd.nist.gov/vuln/detail/CVE-2019-25658) | 6.8 | MEDIUM | CWE-787 | No | 0.0% | 4.76 | 2026-04-05 | a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the applica... |
| [CVE-2019-25657](https://nvd.nist.gov/vuln/detail/CVE-2019-25657) | 6.8 | MEDIUM | CWE-226 | No | 0.0% | 4.76 | 2026-04-05 | AnyBurn 4.3 x86 contains a denial of service vulnerability that allows local attackers to crash the application by suppl... |
| [CVE-2019-25656](https://nvd.nist.gov/vuln/detail/CVE-2019-25656) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-04-05 | R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to... |
| [CVE-2018-25256](https://nvd.nist.gov/vuln/detail/CVE-2018-25256) | 6.8 | MEDIUM | CWE-787 | No | 0.0% | 4.76 | 2026-04-05 | IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers t... |
| [CVE-2026-5595](https://nvd.nist.gov/vuln/detail/CVE-2026-5595) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-04-05 | A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the functio... |
| [CVE-2026-5594](https://nvd.nist.gov/vuln/detail/CVE-2026-5594) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agent... |
| [CVE-2026-5587](https://nvd.nist.gov/vuln/detail/CVE-2026-5587) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the... |
| [CVE-2026-5586](https://nvd.nist.gov/vuln/detail/CVE-2026-5586) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the c... |
| [CVE-2026-5585](https://nvd.nist.gov/vuln/detail/CVE-2026-5585) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-05 | A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/... |
| [CVE-2026-5584](https://nvd.nist.gov/vuln/detail/CVE-2026-5584) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-04-05 | A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file s... |
| [CVE-2026-5583](https://nvd.nist.gov/vuln/detail/CVE-2026-5583) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown par... |
| [CVE-2026-5580](https://nvd.nist.gov/vuln/detail/CVE-2026-5580) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineCla... |
| [CVE-2026-5579](https://nvd.nist.gov/vuln/detail/CVE-2026-5579) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file... |
| [CVE-2026-5578](https://nvd.nist.gov/vuln/detail/CVE-2026-5578) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /Online... |
| [CVE-2026-5577](https://nvd.nist.gov/vuln/detail/CVE-2026-5577) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-05 | A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an... |
| [CVE-2026-5576](https://nvd.nist.gov/vuln/detail/CVE-2026-5576) | 5.1 | MEDIUM | CWE-284 | No | 0.0% | 3.57 | 2026-04-05 | A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functi... |
| [CVE-2026-5575](https://nvd.nist.gov/vuln/detail/CVE-2026-5575) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-05 | A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an u... |
| [CVE-2026-5574](https://nvd.nist.gov/vuln/detail/CVE-2026-5574) | 6.9 | MEDIUM | CWE-862 | No | 0.0% | 4.83 | 2026-04-05 | A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function del... |
| [CVE-2026-5573](https://nvd.nist.gov/vuln/detail/CVE-2026-5573) | 6.9 | MEDIUM | CWE-284 | No | 0.1% | 4.83 | 2026-04-05 | A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the... |
| [CVE-2026-5572](https://nvd.nist.gov/vuln/detail/CVE-2026-5572) | 5.3 | MEDIUM | CWE-352 | No | 0.0% | 3.71 | 2026-04-05 | A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. P... |
| [CVE-2026-5571](https://nvd.nist.gov/vuln/detail/CVE-2026-5571) | 5.5 | MEDIUM | CWE-200 | No | 0.0% | 3.85 | 2026-04-05 | A vulnerability was identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The impacted element is an unknown funct... |
| [CVE-2026-5570](https://nvd.nist.gov/vuln/detail/CVE-2026-5570) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-04-05 | A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function ind... |
| [CVE-2026-5569](https://nvd.nist.gov/vuln/detail/CVE-2026-5569) | 6.9 | MEDIUM | CWE-266 | No | 0.1% | 4.83 | 2026-04-05 | A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /... |
| [CVE-2026-5568](https://nvd.nist.gov/vuln/detail/CVE-2026-5568) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-05 | A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component In... |
| [CVE-2026-5567](https://nvd.nist.gov/vuln/detail/CVE-2026-5567) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-05 | A flaw has been found in Tenda M3 1.0.0.10. This vulnerability affects the function setAdvPolicyData of the file /goform... |
| [CVE-2026-5566](https://nvd.nist.gov/vuln/detail/CVE-2026-5566) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-05 | A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file... |
| [CVE-2026-5565](https://nvd.nist.gov/vuln/detail/CVE-2026-5565) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-05 | A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some un... |
| [CVE-2026-5564](https://nvd.nist.gov/vuln/detail/CVE-2026-5564) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-05 | A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown... |
| [CVE-2026-5563](https://nvd.nist.gov/vuln/detail/CVE-2026-5563) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file... |
| [CVE-2026-5562](https://nvd.nist.gov/vuln/detail/CVE-2026-5562) | 6.9 | MEDIUM | CWE-74 | No | 0.1% | 4.83 | 2026-04-05 | A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /... |
| [CVE-2026-5561](https://nvd.nist.gov/vuln/detail/CVE-2026-5561) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an un... |
| [CVE-2026-5560](https://nvd.nist.gov/vuln/detail/CVE-2026-5560) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function... |
| [CVE-2026-5559](https://nvd.nist.gov/vuln/detail/CVE-2026-5559) | 5.3 | MEDIUM | CWE-791 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _... |
| [CVE-2026-5558](https://nvd.nist.gov/vuln/detail/CVE-2026-5558) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function... |
| [CVE-2026-5557](https://nvd.nist.gov/vuln/detail/CVE-2026-5557) | 5.3 | MEDIUM | CWE-287 | No | 0.1% | 3.71 | 2026-04-05 | A vulnerability was detected in badlogic pi-mono up to 0.58.4. This issue affects some unknown processing of the file pa... |
| [CVE-2026-5556](https://nvd.nist.gov/vuln/detail/CVE-2026-5556) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function dis... |
| [CVE-2026-5555](https://nvd.nist.gov/vuln/detail/CVE-2026-5555) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-05 | A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of t... |
| [CVE-2026-5554](https://nvd.nist.gov/vuln/detail/CVE-2026-5554) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-05 | A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is so... |
| [CVE-2026-5553](https://nvd.nist.gov/vuln/detail/CVE-2026-5553) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown... |
| [CVE-2026-5552](https://nvd.nist.gov/vuln/detail/CVE-2026-5552) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown process... |
| [CVE-2026-5551](https://nvd.nist.gov/vuln/detail/CVE-2026-5551) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-05 | A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknow... |
| [CVE-2026-5550](https://nvd.nist.gov/vuln/detail/CVE-2026-5550) | 8.7 | HIGH | CWE-119 | No | 0.0% | 6.09 | 2026-04-05 | A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of... |
| [CVE-2026-5548](https://nvd.nist.gov/vuln/detail/CVE-2026-5548) | 8.7 | HIGH | CWE-119 | No | 0.0% | 6.09 | 2026-04-05 | A vulnerability was found in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this vulnerability is the function fromSysT... |
| [CVE-2026-5547](https://nvd.nist.gov/vuln/detail/CVE-2026-5547) | 5.3 | MEDIUM | CWE-77 | No | 0.8% | 3.73 | 2026-04-05 | A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of t... |
| [CVE-2026-5546](https://nvd.nist.gov/vuln/detail/CVE-2026-5546) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-04-05 | A flaw has been found in Campcodes Complete Online Learning Management System 1.0. This impacts the function add_lesson... |
| [CVE-2026-5544](https://nvd.nist.gov/vuln/detail/CVE-2026-5544) | 7.4 | HIGH | CWE-119 | No | 0.0% | 5.18 | 2026-04-05 | A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown fu... |
| [CVE-2026-5543](https://nvd.nist.gov/vuln/detail/CVE-2026-5543) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected elem... |
| [CVE-2026-5542](https://nvd.nist.gov/vuln/detail/CVE-2026-5542) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /... |
| [CVE-2026-5541](https://nvd.nist.gov/vuln/detail/CVE-2026-5541) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the... |
| [CVE-2026-5540](https://nvd.nist.gov/vuln/detail/CVE-2026-5540) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-05 | A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of th... |
| [CVE-2026-5590](https://nvd.nist.gov/vuln/detail/CVE-2026-5590) | 6.4 | MEDIUM | CWE-476 | No | 0.0% | 4.48 | 2026-04-05 | A race condition during TCP connection teardown can cause tcp_recv() to operate on a connection that has already been re... |
| [CVE-2026-5539](https://nvd.nist.gov/vuln/detail/CVE-2026-5539) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-05 | A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember... |
| [CVE-2026-5538](https://nvd.nist.gov/vuln/detail/CVE-2026-5538) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was detected in QingdaoU OnlineJudge up to 1.6.1. Affected by this issue is the function service_url of... |
| [CVE-2026-5537](https://nvd.nist.gov/vuln/detail/CVE-2026-5537) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-05 | A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the functio... |
| [CVE-2026-5536](https://nvd.nist.gov/vuln/detail/CVE-2026-5536) | 6.9 | MEDIUM | CWE-20 | No | 0.0% | 4.83 | 2026-04-05 | A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_serv... |
| [CVE-2026-5535](https://nvd.nist.gov/vuln/detail/CVE-2026-5535) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-04-05 | A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtil... |
| [CVE-2026-5534](https://nvd.nist.gov/vuln/detail/CVE-2026-5534) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-05 | A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the fil... |
| [CVE-2026-5533](https://nvd.nist.gov/vuln/detail/CVE-2026-5533) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was determined in badlogic pi-mono 0.58.4. The impacted element is an unknown function of the file packa... |
| [CVE-2026-5532](https://nvd.nist.gov/vuln/detail/CVE-2026-5532) | 5.3 | MEDIUM | CWE-77 | No | 0.9% | 3.74 | 2026-04-05 | A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sand... |
| [CVE-2026-5531](https://nvd.nist.gov/vuln/detail/CVE-2026-5531) | 5.5 | MEDIUM | CWE-312 | No | 0.0% | 3.85 | 2026-04-05 | A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function o... |
| [CVE-2026-5530](https://nvd.nist.gov/vuln/detail/CVE-2026-5530) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-05 | A flaw has been found in Ollama up to 18.1. This issue affects some unknown processing of the file server/download.go of... |
| [CVE-2026-5529](https://nvd.nist.gov/vuln/detail/CVE-2026-5529) | 5.3 | MEDIUM | CWE-266 | No | 0.0% | 3.71 | 2026-04-05 | A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the... |
| [CVE-2026-5528](https://nvd.nist.gov/vuln/detail/CVE-2026-5528) | 5.3 | MEDIUM | CWE-77 | No | 0.3% | 3.72 | 2026-04-05 | A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown par... |
| [CVE-2026-5526](https://nvd.nist.gov/vuln/detail/CVE-2026-5526) | 6.9 | MEDIUM | CWE-266 | No | 0.1% | 4.83 | 2026-04-04 | A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerabil... |
| [CVE-2018-25246](https://nvd.nist.gov/vuln/detail/CVE-2018-25246) | 8.7 | HIGH | CWE-306 | No | 0.1% | 6.09 | 2026-04-04 | Wikipedia 12.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application... |
| [CVE-2016-20054](https://nvd.nist.gov/vuln/detail/CVE-2016-20054) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-04 | Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative... |
| [CVE-2018-25255](https://nvd.nist.gov/vuln/detail/CVE-2018-25255) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-04-04 | 10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local... |
| [CVE-2018-25254](https://nvd.nist.gov/vuln/detail/CVE-2018-25254) | 9.3 | CRITICAL | CWE-787 | No | 0.2% | 6.52 | 2026-04-04 | NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to... |
| [CVE-2018-25253](https://nvd.nist.gov/vuln/detail/CVE-2018-25253) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-04-04 | Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local att... |
| [CVE-2018-25252](https://nvd.nist.gov/vuln/detail/CVE-2018-25252) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-04-04 | FTP Voyager 16.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by in... |
| [CVE-2018-25251](https://nvd.nist.gov/vuln/detail/CVE-2018-25251) | 8.6 | HIGH | CWE-787 | No | 0.0% | 6.02 | 2026-04-04 | Snes9K 0.0.9z contains a buffer overflow vulnerability in the Netplay Socket Port Number field that allows local attacke... |
| [CVE-2018-25250](https://nvd.nist.gov/vuln/detail/CVE-2018-25250) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-04 | MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows atta... |
| [CVE-2018-25249](https://nvd.nist.gov/vuln/detail/CVE-2018-25249) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-04 | MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to in... |
| [CVE-2018-25248](https://nvd.nist.gov/vuln/detail/CVE-2018-25248) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-04 | MyBB Downloads Plugin 2.0.3 contains a persistent cross-site scripting vulnerability that allows regular members to inje... |
| [CVE-2018-25247](https://nvd.nist.gov/vuln/detail/CVE-2018-25247) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-04 | MyBB Like Plugin 3.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts b... |
| [CVE-2018-25245](https://nvd.nist.gov/vuln/detail/CVE-2018-25245) | 8.7 | HIGH | CWE-601 | No | 0.1% | 6.09 | 2026-04-04 | 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting ex... |
| [CVE-2018-25244](https://nvd.nist.gov/vuln/detail/CVE-2018-25244) | 6.9 | MEDIUM | CWE-1312 | No | 0.0% | 4.83 | 2026-04-04 | Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by su... |
| [CVE-2018-25243](https://nvd.nist.gov/vuln/detail/CVE-2018-25243) | 6.9 | MEDIUM | CWE-763 | No | 0.0% | 4.83 | 2026-04-04 | FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by subm... |
| [CVE-2018-25242](https://nvd.nist.gov/vuln/detail/CVE-2018-25242) | 6.9 | MEDIUM | CWE-1389 | No | 0.0% | 4.83 | 2026-04-04 | One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by su... |
| [CVE-2018-25241](https://nvd.nist.gov/vuln/detail/CVE-2018-25241) | 8.7 | HIGH | CWE-306 | No | 0.1% | 6.09 | 2026-04-04 | VPN Browser+ 1.1.0.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the appli... |
| [CVE-2018-25240](https://nvd.nist.gov/vuln/detail/CVE-2018-25240) | 6.9 | MEDIUM | CWE-1260 | No | 0.0% | 4.83 | 2026-04-04 | Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submit... |
| [CVE-2018-25239](https://nvd.nist.gov/vuln/detail/CVE-2018-25239) | 6.9 | MEDIUM | CWE-470 | No | 0.0% | 4.83 | 2026-04-04 | Smart VPN 1.1.3.0 contains a denial of service vulnerability that allows local attackers to crash the application by sub... |
| [CVE-2018-25238](https://nvd.nist.gov/vuln/detail/CVE-2018-25238) | 6.9 | MEDIUM | CWE-1260 | No | 0.0% | 4.83 | 2026-04-04 | VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitti... |
| [CVE-2016-20061](https://nvd.nist.gov/vuln/detail/CVE-2016-20061) | 8.5 | HIGH | CWE-428 | No | 0.0% | 5.95 | 2026-04-04 | sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers... |
| [CVE-2016-20060](https://nvd.nist.gov/vuln/detail/CVE-2016-20060) | 8.5 | HIGH | CWE-428 | No | 0.0% | 5.95 | 2026-04-04 | Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attac... |
| [CVE-2016-20059](https://nvd.nist.gov/vuln/detail/CVE-2016-20059) | 8.5 | HIGH | CWE-428 | No | 0.0% | 5.95 | 2026-04-04 | IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services... |
| [CVE-2016-20058](https://nvd.nist.gov/vuln/detail/CVE-2016-20058) | 8.5 | HIGH | CWE-428 | No | 0.1% | 5.95 | 2026-04-04 | Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivi... |
| [CVE-2016-20057](https://nvd.nist.gov/vuln/detail/CVE-2016-20057) | 8.5 | HIGH | CWE-428 | No | 0.1% | 5.95 | 2026-04-04 | NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that... |
| [CVE-2016-20056](https://nvd.nist.gov/vuln/detail/CVE-2016-20056) | 8.5 | HIGH | CWE-428 | No | 0.0% | 5.95 | 2026-04-04 | Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv service... |
| [CVE-2016-20055](https://nvd.nist.gov/vuln/detail/CVE-2016-20055) | 8.5 | HIGH | CWE-428 | No | 0.0% | 5.95 | 2026-04-04 | IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 serv... |
| [CVE-2016-20053](https://nvd.nist.gov/vuln/detail/CVE-2016-20053) | 6.9 | MEDIUM | CWE-352 | No | 0.0% | 4.83 | 2026-04-04 | Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create admin... |
| [CVE-2016-20052](https://nvd.nist.gov/vuln/detail/CVE-2016-20052) | 9.3 | CRITICAL | CWE-434 | No | 0.3% | 6.52 | 2026-04-04 | Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitra... |
| [CVE-2016-20051](https://nvd.nist.gov/vuln/detail/CVE-2016-20051) | 6.9 | MEDIUM | CWE-352 | No | 0.0% | 4.83 | 2026-04-04 | Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credenti... |
| [CVE-2016-20050](https://nvd.nist.gov/vuln/detail/CVE-2016-20050) | 6.9 | MEDIUM | CWE-787 | No | 0.0% | 4.83 | 2026-04-04 | NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to c... |
| [CVE-2026-3666](https://nvd.nist.gov/vuln/detail/CVE-2026-3666) | 8.8 | HIGH | CWE-22 | No | 0.0% | 6.16 | 2026-04-04 | The wpForo Forum plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.4... |
| [CVE-2026-3309](https://nvd.nist.gov/vuln/detail/CVE-2026-3309) | 6.5 | MEDIUM | CWE-94 | No | 0.0% | 4.55 | 2026-04-04 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePres... |
| [CVE-2026-2936](https://nvd.nist.gov/vuln/detail/CVE-2026-2936) | 7.2 | HIGH | CWE-79 | No | 0.0% | 5.04 | 2026-04-04 | The Visitor Traffic Real Time Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page... |
| [CVE-2026-1233](https://nvd.nist.gov/vuln/detail/CVE-2026-1233) | 7.5 | HIGH | CWE-798 | No | 0.0% | 5.25 | 2026-04-04 | The Text to Speech for WP (AI Voices by Mementor) plugin for WordPress is vulnerable to sensitive information exposure i... |
| [CVE-2026-0626](https://nvd.nist.gov/vuln/detail/CVE-2026-0626) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulner... |
| [CVE-2025-14938](https://nvd.nist.gov/vuln/detail/CVE-2025-14938) | 5.3 | MEDIUM | CWE-434 | No | 0.0% | 3.71 | 2026-04-04 | The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and... |
| [CVE-2026-5425](https://nvd.nist.gov/vuln/detail/CVE-2026-5425) | 7.2 | HIGH | CWE-79 | No | 0.1% | 5.04 | 2026-04-04 | The Widgets for Social Photo Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'feed_data'... |
| [CVE-2026-3445](https://nvd.nist.gov/vuln/detail/CVE-2026-3445) | 7.1 | HIGH | CWE-862 | No | 0.0% | 4.97 | 2026-04-04 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePres... |
| [CVE-2026-2826](https://nvd.nist.gov/vuln/detail/CVE-2026-2826) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-04 | The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to authorization bypas... |
| [CVE-2026-2437](https://nvd.nist.gov/vuln/detail/CVE-2026-2437) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to Stored Cross-S... |
| [CVE-2026-4896](https://nvd.nist.gov/vuln/detail/CVE-2026-4896) | 8.1 | HIGH | CWE-639 | No | 0.0% | 5.67 | 2026-04-04 | The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is... |
| [CVE-2026-2600](https://nvd.nist.gov/vuln/detail/CVE-2026-2600) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... |
| [CVE-2026-0738](https://nvd.nist.gov/vuln/detail/CVE-2026-0738) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... |
| [CVE-2026-0737](https://nvd.nist.gov/vuln/detail/CVE-2026-0737) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all... |
| [CVE-2026-0664](https://nvd.nist.gov/vuln/detail/CVE-2026-0664) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button_text' p... |
| [CVE-2026-0552](https://nvd.nist.gov/vuln/detail/CVE-2026-0552) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsc_displa... |
| [CVE-2025-15064](https://nvd.nist.gov/vuln/detail/CVE-2025-15064) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugi... |
| [CVE-2025-13368](https://nvd.nist.gov/vuln/detail/CVE-2025-13368) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the P... |
| [CVE-2026-2949](https://nvd.nist.gov/vuln/detail/CVE-2026-2949) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the I... |
| [CVE-2026-2924](https://nvd.nist.gov/vuln/detail/CVE-2026-2924) | 6.4 | MEDIUM | CWE-79 | No | 0.0% | 4.48 | 2026-04-04 | The Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem plugin for WordPress is vulnerable to Stored Cross-Sit... |
| [CVE-2026-3571](https://nvd.nist.gov/vuln/detail/CVE-2026-3571) | 6.5 | MEDIUM | CWE-862 | No | 0.0% | 4.55 | 2026-04-04 | The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized... |
| [CVE-2026-35616](https://nvd.nist.gov/vuln/detail/CVE-2026-35616) | 9.8 | CRITICAL | CWE-284 | Yes | 25.3% | 7.62 | 2026-04-04 | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated atta... |
| [CVE-2026-34780](https://nvd.nist.gov/vuln/detail/CVE-2026-34780) | 8.3 | HIGH | CWE-668 | No | 0.0% | 5.81 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39... |
| [CVE-2026-34955](https://nvd.nist.gov/vuln/detail/CVE-2026-34955) | 8.8 | HIGH | CWE-78 | No | 0.0% | 6.16 | 2026-04-04 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK... |
| [CVE-2026-34779](https://nvd.nist.gov/vuln/detail/CVE-2026-34779) | 6.5 | MEDIUM | CWE-78 | No | 0.0% | 4.55 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34778](https://nvd.nist.gov/vuln/detail/CVE-2026-34778) | 5.9 | MEDIUM | CWE-290 | No | 0.0% | 4.13 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34777](https://nvd.nist.gov/vuln/detail/CVE-2026-34777) | 5.4 | MEDIUM | CWE-346 | No | 0.0% | 3.78 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34776](https://nvd.nist.gov/vuln/detail/CVE-2026-34776) | 5.3 | MEDIUM | CWE-125 | No | 0.0% | 3.71 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34775](https://nvd.nist.gov/vuln/detail/CVE-2026-34775) | 6.8 | MEDIUM | CWE-653 | No | 0.0% | 4.76 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34774](https://nvd.nist.gov/vuln/detail/CVE-2026-34774) | 8.1 | HIGH | CWE-416 | No | 0.1% | 5.67 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34773](https://nvd.nist.gov/vuln/detail/CVE-2026-34773) | 4.7 | MEDIUM | CWE-20 | No | 0.0% | 3.29 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34772](https://nvd.nist.gov/vuln/detail/CVE-2026-34772) | 5.8 | MEDIUM | CWE-416 | No | 0.0% | 4.06 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34771](https://nvd.nist.gov/vuln/detail/CVE-2026-34771) | 7.5 | HIGH | CWE-416 | No | 0.0% | 5.25 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34770](https://nvd.nist.gov/vuln/detail/CVE-2026-34770) | 7.0 | HIGH | CWE-416 | No | 0.0% | 4.90 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34769](https://nvd.nist.gov/vuln/detail/CVE-2026-34769) | 7.7 | HIGH | CWE-88 | No | 0.0% | 5.39 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34768](https://nvd.nist.gov/vuln/detail/CVE-2026-34768) | 3.9 | LOW | CWE-428 | No | 0.0% | 2.73 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34767](https://nvd.nist.gov/vuln/detail/CVE-2026-34767) | 5.9 | MEDIUM | CWE-74 | No | 0.0% | 4.13 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-34766](https://nvd.nist.gov/vuln/detail/CVE-2026-34766) | 3.3 | LOW | CWE-862 | No | 0.0% | 2.31 | 2026-04-04 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to version... |
| [CVE-2026-35468](https://nvd.nist.gov/vuln/detail/CVE-2026-35468) | 5.3 | MEDIUM | CWE-252 | No | 0.1% | 3.71 | 2026-04-03 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus a... |
| [CVE-2026-34954](https://nvd.nist.gov/vuln/detail/CVE-2026-34954) | 8.6 | HIGH | CWE-918 | No | 0.0% | 6.02 | 2026-04-03 | PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates... |
| [CVE-2026-34953](https://nvd.nist.gov/vuln/detail/CVE-2026-34953) | 9.1 | CRITICAL | CWE-863 | No | 0.0% | 6.37 | 2026-04-03 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any tok... |
| [CVE-2026-34952](https://nvd.nist.gov/vuln/detail/CVE-2026-34952) | 9.1 | CRITICAL | CWE-306 | No | 0.0% | 6.37 | 2026-04-03 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connect... |
| [CVE-2026-34939](https://nvd.nist.gov/vuln/detail/CVE-2026-34939) | 6.5 | MEDIUM | CWE-1333 | No | 0.0% | 4.55 | 2026-04-03 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied... |
| [CVE-2026-34938](https://nvd.nist.gov/vuln/detail/CVE-2026-34938) | 10.0 | CRITICAL | CWE-693 | No | 0.1% | 7.00 | 2026-04-03 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-contr... |
| [CVE-2026-34937](https://nvd.nist.gov/vuln/detail/CVE-2026-34937) | 7.8 | HIGH | CWE-78 | No | 0.1% | 5.46 | 2026-04-03 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command s... |
| [CVE-2026-34936](https://nvd.nist.gov/vuln/detail/CVE-2026-34936) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-04-03 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a... |
| [CVE-2026-34935](https://nvd.nist.gov/vuln/detail/CVE-2026-34935) | 9.8 | CRITICAL | CWE-78 | No | 0.1% | 6.86 | 2026-04-03 | PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed... |
| [CVE-2026-34934](https://nvd.nist.gov/vuln/detail/CVE-2026-34934) | 9.8 | CRITICAL | CWE-89 | No | 0.1% | 6.86 | 2026-04-03 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL q... |
| [CVE-2026-34933](https://nvd.nist.gov/vuln/detail/CVE-2026-34933) | 5.5 | MEDIUM | CWE-617 | No | 0.0% | 3.85 | 2026-04-03 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to ve... |
| [CVE-2026-34824](https://nvd.nist.gov/vuln/detail/CVE-2026-34824) | 7.5 | HIGH | CWE-125 | No | 0.0% | 5.25 | 2026-04-03 | Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1... |
| [CVE-2026-34788](https://nvd.nist.gov/vuln/detail/CVE-2026-34788) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-04-03 | Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in in... |
| [CVE-2026-34787](https://nvd.nist.gov/vuln/detail/CVE-2026-34787) | 6.5 | MEDIUM | CWE-98 | No | 0.1% | 4.55 | 2026-04-03 | Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion (LFI) vulnerability... |
| [CVE-2026-34612](https://nvd.nist.gov/vuln/detail/CVE-2026-34612) | 9.9 | CRITICAL | CWE-89 | No | 0.2% | 6.93 | 2026-04-03 | Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra (default docker-compose de... |
| [CVE-2026-34607](https://nvd.nist.gov/vuln/detail/CVE-2026-34607) | 7.2 | HIGH | CWE-22 | No | 0.4% | 5.05 | 2026-04-03 | Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in t... |
| [CVE-2026-34229](https://nvd.nist.gov/vuln/detail/CVE-2026-34229) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-03 | Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting (XSS) vu... |
| [CVE-2026-34228](https://nvd.nist.gov/vuln/detail/CVE-2026-34228) | 8.7 | HIGH | CWE-352 | No | 0.0% | 6.09 | 2026-04-03 | Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQ... |
| [CVE-2026-34061](https://nvd.nist.gov/vuln/detail/CVE-2026-34061) | 4.9 | MEDIUM | CWE-345 | No | 0.0% | 3.43 | 2026-04-03 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus a... |
| [CVE-2026-34052](https://nvd.nist.gov/vuln/detail/CVE-2026-34052) | 5.9 | MEDIUM | CWE-401 | No | 0.1% | 4.13 | 2026-04-03 | LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores... |
| [CVE-2026-33184](https://nvd.nist.gov/vuln/detail/CVE-2026-33184) | 7.5 | HIGH | CWE-191 | No | 0.1% | 5.25 | 2026-04-03 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus a... |
| [CVE-2021-4477](https://nvd.nist.gov/vuln/detail/CVE-2021-4477) | 9.3 | CRITICAL | CWE-284 | No | 0.0% | 6.51 | 2026-04-03 | Hirschmann HiLCOS OpenBAT and BAT450 products contain a firewall bypass vulnerability in IPv6 IPsec deployments that all... |
| [CVE-2018-25236](https://nvd.nist.gov/vuln/detail/CVE-2018-25236) | 9.3 | CRITICAL | CWE-287 | No | 0.0% | 6.51 | 2026-04-03 | Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authenticatio... |
| [CVE-2017-20238](https://nvd.nist.gov/vuln/detail/CVE-2017-20238) | 7.1 | HIGH | CWE-285 | No | 0.0% | 4.97 | 2026-04-03 | Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorizat... |
| [CVE-2017-20236](https://nvd.nist.gov/vuln/detail/CVE-2017-20236) | 9.3 | CRITICAL | CWE-78 | No | 0.1% | 6.51 | 2026-04-03 | ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the w... |
| [CVE-2017-20235](https://nvd.nist.gov/vuln/detail/CVE-2017-20235) | 9.3 | CRITICAL | CWE-287 | No | 0.0% | 6.51 | 2026-04-03 | ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in t... |
| [CVE-2017-20234](https://nvd.nist.gov/vuln/detail/CVE-2017-20234) | 9.3 | CRITICAL | CWE-798 | No | 0.0% | 6.51 | 2026-04-03 | GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated... |
| [CVE-2017-20233](https://nvd.nist.gov/vuln/detail/CVE-2017-20233) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-04-03 | Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correc... |
| [CVE-2026-34990](https://nvd.nist.gov/vuln/detail/CVE-2026-34990) | 5.0 | MEDIUM | CWE-287 | No | 0.0% | 3.50 | 2026-04-03 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16... |
| [CVE-2026-34980](https://nvd.nist.gov/vuln/detail/CVE-2026-34980) | 6.1 | MEDIUM | CWE-20 | No | 0.0% | 4.27 | 2026-04-03 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16... |
| [CVE-2026-34979](https://nvd.nist.gov/vuln/detail/CVE-2026-34979) | 5.3 | MEDIUM | CWE-122 | No | 0.1% | 3.71 | 2026-04-03 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16... |
| [CVE-2026-34978](https://nvd.nist.gov/vuln/detail/CVE-2026-34978) | 6.5 | MEDIUM | CWE-22 | No | 0.1% | 4.55 | 2026-04-03 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16... |
| [CVE-2026-34947](https://nvd.nist.gov/vuln/detail/CVE-2026-34947) | 2.7 | LOW | CWE-200 | No | 0.1% | 1.89 | 2026-04-03 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-33709](https://nvd.nist.gov/vuln/detail/CVE-2026-33709) | 5.1 | MEDIUM | CWE-601 | No | 0.1% | 3.57 | 2026-04-03 | JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an o... |
| [CVE-2026-33175](https://nvd.nist.gov/vuln/detail/CVE-2026-33175) | 8.8 | HIGH | CWE-287 | No | 0.1% | 6.16 | 2026-04-03 | OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to ver... |
| [CVE-2026-28797](https://nvd.nist.gov/vuln/detail/CVE-2026-28797) | 8.7 | HIGH | CWE-20 | No | 0.1% | 6.09 | 2026-04-03 | RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Templ... |
| [CVE-2026-27885](https://nvd.nist.gov/vuln/detail/CVE-2026-27885) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-04-03 | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability w... |
| [CVE-2026-27834](https://nvd.nist.gov/vuln/detail/CVE-2026-27834) | 7.2 | HIGH | CWE-89 | No | 0.0% | 5.04 | 2026-04-03 | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability e... |
| [CVE-2026-27833](https://nvd.nist.gov/vuln/detail/CVE-2026-27833) | 7.5 | HIGH | CWE-862 | No | 0.0% | 5.25 | 2026-04-03 | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API meth... |
| [CVE-2026-27634](https://nvd.nist.gov/vuln/detail/CVE-2026-27634) | 8.7 | HIGH | CWE-89 | No | 0.1% | 6.09 | 2026-04-03 | Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters... |
| [CVE-2026-27481](https://nvd.nist.gov/vuln/detail/CVE-2026-27481) | 6.3 | MEDIUM | CWE-200 | No | 0.1% | 4.41 | 2026-04-03 | Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to be... |
| [CVE-2026-27456](https://nvd.nist.gov/vuln/detail/CVE-2026-27456) | 4.7 | MEDIUM | CWE-59 | No | 0.0% | 3.29 | 2026-04-03 | util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vuln... |
| [CVE-2026-27447](https://nvd.nist.gov/vuln/detail/CVE-2026-27447) | 4.8 | MEDIUM | CWE-863 | No | 0.0% | 3.36 | 2026-04-03 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16... |
| [CVE-2018-25237](https://nvd.nist.gov/vuln/detail/CVE-2018-25237) | 9.3 | CRITICAL | CWE-120 | No | 0.1% | 6.51 | 2026-04-03 | Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interfac... |
| [CVE-2016-15058](https://nvd.nist.gov/vuln/detail/CVE-2016-15058) | 8.6 | HIGH | CWE-257 | No | 0.0% | 6.02 | 2026-04-03 | Hirschmann HiLCOS Classic Platform switches Classic L2E, L2P, L3E, L3P versions prior to 09.0.06 and Classic L2B prior t... |
| [CVE-2015-10148](https://nvd.nist.gov/vuln/detail/CVE-2015-10148) | 8.8 | HIGH | CWE-321 | No | 0.0% | 6.16 | 2026-04-03 | Hirschmann HiLCOS devices OpenBAT, WLC, BAT300, BAT54 prior to 8.80 and OpenBAT prior to 9.10 are shipped with identical... |
| [CVE-2026-34511](https://nvd.nist.gov/vuln/detail/CVE-2026-34511) | 6.0 | MEDIUM | CWE-330 | No | 0.0% | 4.20 | 2026-04-03 | OpenClaw before 2026.4.2 reuses the PKCE verifier as the OAuth state parameter in the Gemini OAuth flow, exposing it thr... |
| [CVE-2026-32662](https://nvd.nist.gov/vuln/detail/CVE-2026-32662) | 6.9 | MEDIUM | CWE-489 | No | 0.0% | 4.83 | 2026-04-03 | Development and test API endpoints are present that mirror production functionality. |
| [CVE-2026-32646](https://nvd.nist.gov/vuln/detail/CVE-2026-32646) | 8.7 | HIGH | CWE-306 | No | 0.1% | 6.09 | 2026-04-03 | A specific administrative endpoint is accessible without proper authentication, exposing device management functions. |
| [CVE-2026-28767](https://nvd.nist.gov/vuln/detail/CVE-2026-28767) | 6.9 | MEDIUM | CWE-306 | No | 0.1% | 4.83 | 2026-04-03 | A specific administrative endpoint notifications is accessible without proper authentication. |
| [CVE-2026-28766](https://nvd.nist.gov/vuln/detail/CVE-2026-28766) | 9.2 | CRITICAL | CWE-306 | No | 0.1% | 6.44 | 2026-04-03 | A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. |
| [CVE-2026-26058](https://nvd.nist.gov/vuln/detail/CVE-2026-26058) | 6.1 | MEDIUM | CWE-22 | No | 0.0% | 4.27 | 2026-04-03 | Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, ./manage.py import reads arb... |
| [CVE-2026-25742](https://nvd.nist.gov/vuln/detail/CVE-2026-25742) | 5.3 | MEDIUM | CWE-862 | No | 0.0% | 3.71 | 2026-04-03 | Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool.... |
| [CVE-2026-25197](https://nvd.nist.gov/vuln/detail/CVE-2026-25197) | 9.3 | CRITICAL | CWE-639 | No | 0.0% | 6.51 | 2026-04-03 | A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API cal... |
| [CVE-2026-22665](https://nvd.nist.gov/vuln/detail/CVE-2026-22665) | 8.6 | HIGH | CWE-178 | No | 0.0% | 6.02 | 2026-04-03 | prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and... |
| [CVE-2026-22664](https://nvd.nist.gov/vuln/detail/CVE-2026-22664) | 7.1 | HIGH | CWE-918 | No | 0.0% | 4.97 | 2026-04-03 | prompts.chat prior to commit 30a8f04 contains a server-side request forgery vulnerability in Fal.ai media status polling... |
| [CVE-2026-22663](https://nvd.nist.gov/vuln/detail/CVE-2026-22663) | 8.7 | HIGH | CWE-862 | No | 0.0% | 6.09 | 2026-04-03 | prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate che... |
| [CVE-2026-22662](https://nvd.nist.gov/vuln/detail/CVE-2026-22662) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-03 | prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media genera... |
| [CVE-2026-22661](https://nvd.nist.gov/vuln/detail/CVE-2026-22661) | 8.6 | HIGH | CWE-22 | No | 0.1% | 6.02 | 2026-04-03 | prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attacker... |
| [CVE-2025-10681](https://nvd.nist.gov/vuln/detail/CVE-2025-10681) | 8.8 | HIGH | CWE-798 | No | 0.1% | 6.16 | 2026-04-03 | Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end u... |
| [CVE-2022-4987](https://nvd.nist.gov/vuln/detail/CVE-2022-4987) | 7.0 | HIGH | CWE-426 | No | 0.0% | 4.90 | 2026-04-03 | Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of... |
| [CVE-2020-37216](https://nvd.nist.gov/vuln/detail/CVE-2020-37216) | 8.7 | HIGH | CWE-20 | No | 0.0% | 6.09 | 2026-04-03 | Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01  contain a denial of service vulnerability in the EtherNet... |
| [CVE-2017-20237](https://nvd.nist.gov/vuln/detail/CVE-2017-20237) | 9.3 | CRITICAL | CWE-287 | No | 0.0% | 6.51 | 2026-04-03 | Hirschmann Industrial HiVision versions prior to 06.0.07 and 07.0.03 contains an authentication bypass vulnerability in... |
| [CVE-2026-5484](https://nvd.nist.gov/vuln/detail/CVE-2026-5484) | 5.5 | MEDIUM | CWE-266 | No | 0.0% | 3.85 | 2026-04-03 | A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the... |
| [CVE-2026-28798](https://nvd.nist.gov/vuln/detail/CVE-2026-28798) | 9.0 | CRITICAL | CWE-918 | No | 0.1% | 6.30 | 2026-04-03 | ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Prior to version 1.5.3, a... |
| [CVE-2026-25726](https://nvd.nist.gov/vuln/detail/CVE-2026-25726) | 8.1 | HIGH | CWE-338 | No | 0.1% | 5.67 | 2026-04-03 | Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak ps... |
| [CVE-2026-3184](https://nvd.nist.gov/vuln/detail/CVE-2026-3184) | 3.7 | LOW | CWE-289 | No | 0.1% | 2.59 | 2026-04-03 | A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h`... |
| [CVE-2026-2625](https://nvd.nist.gov/vuln/detail/CVE-2026-2625) | 4.0 | MEDIUM | CWE-347 | No | 0.0% | 2.80 | 2026-04-03 | A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Ha... |
| [CVE-2026-5476](https://nvd.nist.gov/vuln/detail/CVE-2026-5476) | 2.1 | LOW | CWE-189 | No | 0.0% | 1.47 | 2026-04-03 | A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize... |
| [CVE-2026-5475](https://nvd.nist.gov/vuln/detail/CVE-2026-5475) | 5.1 | MEDIUM | CWE-119 | No | 0.0% | 3.57 | 2026-04-03 | A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_... |
| [CVE-2026-32186](https://nvd.nist.gov/vuln/detail/CVE-2026-32186) | 10.0 | CRITICAL | CWE-918 | No | 0.1% | 7.00 | 2026-04-03 | Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a networ... |
| [CVE-2026-0545](https://nvd.nist.gov/vuln/detail/CVE-2026-0545) | 9.1 | CRITICAL | CWE-306 | No | 0.2% | 6.38 | 2026-04-03 | In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authoriz... |
| [CVE-2026-5474](https://nvd.nist.gov/vuln/detail/CVE-2026-5474) | 5.3 | MEDIUM | CWE-119 | No | 0.0% | 3.71 | 2026-04-03 | A vulnerability was found in NASA cFS up to 7.0.0. This affects the function CFE_MSG_GetSize of the file apps/to_lab/fsw... |
| [CVE-2026-5473](https://nvd.nist.gov/vuln/detail/CVE-2026-5473) | 2.0 | LOW | CWE-20 | No | 0.0% | 1.40 | 2026-04-03 | A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the componen... |
| [CVE-2026-28373](https://nvd.nist.gov/vuln/detail/CVE-2026-28373) | 9.6 | CRITICAL | CWE-22 | No | 0.0% | 6.72 | 2026-04-03 | The Stackfield Desktop App before 1.10.2 for macOS and Windows contains a path traversal vulnerability in certain decryp... |
| [CVE-2026-5472](https://nvd.nist.gov/vuln/detail/CVE-2026-5472) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-04-03 | A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Th... |
| [CVE-2026-5470](https://nvd.nist.gov/vuln/detail/CVE-2026-5470) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-03 | A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca6... |
| [CVE-2026-35218](https://nvd.nist.gov/vuln/detail/CVE-2026-35218) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-04-03 | Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity... |
| [CVE-2026-35216](https://nvd.nist.gov/vuln/detail/CVE-2026-35216) | 9.0 | CRITICAL | CWE-78 | No | 0.6% | 6.32 | 2026-04-03 | Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Co... |
| [CVE-2026-35214](https://nvd.nist.gov/vuln/detail/CVE-2026-35214) | 8.7 | HIGH | CWE-22 | No | 0.1% | 6.09 | 2026-04-03 | Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin... |
| [CVE-2026-31818](https://nvd.nist.gov/vuln/detail/CVE-2026-31818) | 9.6 | CRITICAL | CWE-918 | No | 0.0% | 6.72 | 2026-04-03 | Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerabilit... |
| [CVE-2026-27124](https://nvd.nist.gov/vuln/detail/CVE-2026-27124) | 8.2 | HIGH | CWE-441 | No | 0.1% | 5.74 | 2026-04-03 | FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvide... |
| [CVE-2026-25118](https://nvd.nist.gov/vuln/detail/CVE-2026-25118) | 6.3 | MEDIUM | CWE-598 | No | 0.1% | 4.41 | 2026-04-03 | immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich applica... |
| [CVE-2026-25044](https://nvd.nist.gov/vuln/detail/CVE-2026-25044) | 8.7 | HIGH | CWE-78 | No | 0.1% | 6.09 | 2026-04-03 | Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided c... |
| [CVE-2026-25043](https://nvd.nist.gov/vuln/detail/CVE-2026-25043) | 5.3 | MEDIUM | CWE-770 | No | 0.0% | 3.71 | 2026-04-03 | Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibas... |
| [CVE-2026-23471](https://nvd.nist.gov/vuln/detail/CVE-2026-23471) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-03 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2025-68153](https://nvd.nist.gov/vuln/detail/CVE-2025-68153) | 7.1 | HIGH | CWE-863 | No | 0.0% | 4.97 | 2026-04-03 | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at... |
| [CVE-2025-68152](https://nvd.nist.gov/vuln/detail/CVE-2025-68152) | 6.9 | MEDIUM | CWE-863 | No | 0.0% | 4.83 | 2026-04-03 | Juju is an open source application orchestration engine that enables any application operation on any infrastructure at... |
| [CVE-2025-64340](https://nvd.nist.gov/vuln/detail/CVE-2025-64340) | 6.7 | MEDIUM | CWE-78 | No | 0.0% | 4.69 | 2026-04-03 | FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell m... |
| [CVE-2026-5469](https://nvd.nist.gov/vuln/detail/CVE-2026-5469) | 5.1 | MEDIUM | CWE-918 | No | 0.0% | 3.57 | 2026-04-03 | A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL... |
| [CVE-2026-26477](https://nvd.nist.gov/vuln/detail/CVE-2026-26477) | 4.3 | MEDIUM | CWE-770 | No | 0.1% | 3.01 | 2026-04-03 | An issue in Dokuwiki v.2025-05-14b "Librarian" [56.2] allows a remote attacker to cause a denial of service via the medi... |
| [CVE-2025-59711](https://nvd.nist.gov/vuln/detail/CVE-2025-59711) | 8.3 | HIGH | CWE-22 | No | 0.7% | 5.83 | 2026-04-03 | An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism,... |
| [CVE-2025-59710](https://nvd.nist.gov/vuln/detail/CVE-2025-59710) | 8.8 | HIGH | CWE-434 | No | 0.2% | 6.16 | 2026-04-03 | An issue was discovered in Biztalk360 before 11.5. Because of incorrect access control, any user is able to request the... |
| [CVE-2025-59709](https://nvd.nist.gov/vuln/detail/CVE-2025-59709) | 6.8 | MEDIUM | CWE-22 | No | 0.2% | 4.77 | 2026-04-03 | An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read b... |
| [CVE-2026-5468](https://nvd.nist.gov/vuln/detail/CVE-2026-5468) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-03 | A security flaw has been discovered in Casdoor 2.356.0. This affects the function dangerouslySetInnerHTML. Performing a... |
| [CVE-2026-28736](https://nvd.nist.gov/vuln/detail/CVE-2026-28736) | 4.3 | MEDIUM | CWE-639 | No | 0.0% | 3.01 | 2026-04-03 | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. Thi... |
| [CVE-2026-25773](https://nvd.nist.gov/vuln/detail/CVE-2026-25773) | 8.1 | HIGH | CWE-89 | No | 0.0% | 5.67 | 2026-04-03 | ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dyn... |
| [CVE-2026-27655](https://nvd.nist.gov/vuln/detail/CVE-2026-27655) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on M... |
| [CVE-2026-5467](https://nvd.nist.gov/vuln/detail/CVE-2026-5467) | 5.3 | MEDIUM | CWE-601 | No | 0.0% | 3.71 | 2026-04-03 | A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component... |
| [CVE-2026-4108](https://nvd.nist.gov/vuln/detail/CVE-2026-4108) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Perm... |
| [CVE-2026-4107](https://nvd.nist.gov/vuln/detail/CVE-2026-4107) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count a... |
| [CVE-2026-3880](https://nvd.nist.gov/vuln/detail/CVE-2026-3880) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client P... |
| [CVE-2026-3879](https://nvd.nist.gov/vuln/detail/CVE-2026-3879) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Deta... |
| [CVE-2026-28703](https://nvd.nist.gov/vuln/detail/CVE-2026-28703) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Betwee... |
| [CVE-2026-28756](https://nvd.nist.gov/vuln/detail/CVE-2026-28756) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on D... |
| [CVE-2026-28754](https://nvd.nist.gov/vuln/detail/CVE-2026-28754) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-03 | Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists rep... |
| [CVE-2026-4350](https://nvd.nist.gov/vuln/detail/CVE-2026-4350) | 8.1 | HIGH | CWE-22 | No | 0.1% | 5.67 | 2026-04-03 | The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to,... |
| [CVE-2026-5463](https://nvd.nist.gov/vuln/detail/CVE-2026-5463) | 9.3 | CRITICAL | CWE-77 | No | 1.8% | 6.56 | 2026-04-03 | Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attack... |
| [CVE-2026-35549](https://nvd.nist.gov/vuln/detail/CVE-2026-35549) | 6.5 | MEDIUM | CWE-789 | No | 0.0% | 4.55 | 2026-04-03 | An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. I... |
| [CVE-2026-35545](https://nvd.nist.gov/vuln/detail/CVE-2026-35545) | 5.3 | MEDIUM | CWE-669 | No | 0.0% | 3.71 | 2026-04-03 | An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed... |
| [CVE-2026-35544](https://nvd.nist.gov/vuln/detail/CVE-2026-35544) | 5.3 | MEDIUM | CWE-669 | No | 0.0% | 3.71 | 2026-04-03 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitiz... |
| [CVE-2026-35543](https://nvd.nist.gov/vuln/detail/CVE-2026-35543) | 5.3 | MEDIUM | CWE-669 | No | 0.0% | 3.71 | 2026-04-03 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed... |
| [CVE-2026-35542](https://nvd.nist.gov/vuln/detail/CVE-2026-35542) | 5.3 | MEDIUM | CWE-669 | No | 0.0% | 3.71 | 2026-04-03 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed... |
| [CVE-2026-35541](https://nvd.nist.gov/vuln/detail/CVE-2026-35541) | 4.2 | MEDIUM | CWE-843 | No | 0.0% | 2.94 | 2026-04-03 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plu... |
| [CVE-2026-35540](https://nvd.nist.gov/vuln/detail/CVE-2026-35540) | 5.4 | MEDIUM | CWE-669 | No | 0.0% | 3.78 | 2026-04-03 | An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization... |
| [CVE-2026-35539](https://nvd.nist.gov/vuln/detail/CVE-2026-35539) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-03 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachmen... |
| [CVE-2026-35538](https://nvd.nist.gov/vuln/detail/CVE-2026-35538) | 3.1 | LOW | CWE-88 | No | 0.0% | 2.17 | 2026-04-03 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could l... |
| [CVE-2026-35537](https://nvd.nist.gov/vuln/detail/CVE-2026-35537) | 3.7 | LOW | CWE-502 | No | 0.0% | 2.59 | 2026-04-03 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache sess... |
| [CVE-2026-35536](https://nvd.nist.gov/vuln/detail/CVE-2026-35536) | 7.2 | HIGH | CWE-159 | No | 0.1% | 5.04 | 2026-04-03 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .Req... |
| [CVE-2026-35535](https://nvd.nist.gov/vuln/detail/CVE-2026-35535) | 7.4 | HIGH | CWE-271 | No | 0.0% | 5.18 | 2026-04-03 | In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop befor... |
| [CVE-2026-28815](https://nvd.nist.gov/vuln/detail/CVE-2026-28815) | 7.5 | HIGH | CWE-125 | No | 0.0% | 5.25 | 2026-04-03 | A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulati... |
| [CVE-2026-35508](https://nvd.nist.gov/vuln/detail/CVE-2026-35508) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-03 | Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, |
| [CVE-2026-35507](https://nvd.nist.gov/vuln/detail/CVE-2026-35507) | 6.4 | MEDIUM | CWE-348 | No | 0.0% | 4.48 | 2026-04-03 | Shynet before 0.14.0 allows Host header injection in the password reset flow. |
| [CVE-2026-33107](https://nvd.nist.gov/vuln/detail/CVE-2026-33107) | 10.0 | CRITICAL | CWE-918 | No | 0.0% | 7.00 | 2026-04-03 | Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a netw... |
| [CVE-2026-33105](https://nvd.nist.gov/vuln/detail/CVE-2026-33105) | 10.0 | CRITICAL | CWE-285 | No | 0.0% | 7.00 | 2026-04-03 | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over... |
| [CVE-2026-32213](https://nvd.nist.gov/vuln/detail/CVE-2026-32213) | 10.0 | CRITICAL | CWE-285 | No | 0.0% | 7.00 | 2026-04-03 | Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. |
| [CVE-2026-32211](https://nvd.nist.gov/vuln/detail/CVE-2026-32211) | 9.1 | CRITICAL | CWE-306 | No | 0.1% | 6.37 | 2026-04-03 | Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information... |
| [CVE-2026-32173](https://nvd.nist.gov/vuln/detail/CVE-2026-32173) | 8.6 | HIGH | CWE-287 | No | 0.1% | 6.02 | 2026-04-03 | Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. |
| [CVE-2026-26135](https://nvd.nist.gov/vuln/detail/CVE-2026-26135) | 9.6 | CRITICAL | CWE-918 | No | 0.0% | 6.72 | 2026-04-03 | Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to ele... |
| [CVE-2022-4986](https://nvd.nist.gov/vuln/detail/CVE-2022-4986) | 8.7 | HIGH | CWE-400 | No | 0.0% | 6.09 | 2026-04-02 | Hirschmann EagleSDV version 05.4.01 prior to 05.4.02 contains a denial-of-service vulnerability that causes the device t... |
| [CVE-2026-35467](https://nvd.nist.gov/vuln/detail/CVE-2026-35467) | 7.5 | HIGH | CWE-522 | No | 0.0% | 5.25 | 2026-04-02 | The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other error... |
| [CVE-2026-35466](https://nvd.nist.gov/vuln/detail/CVE-2026-35466) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-02 | XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from C... |
| [CVE-2026-30252](https://nvd.nist.gov/vuln/detail/CVE-2026-30252) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-02 | Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l Zen... |
| [CVE-2026-30251](https://nvd.nist.gov/vuln/detail/CVE-2026-30251) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-02 | A reflected cross-site scripting (XSS) vulnerability in the login_newpwd.php endpoint of Interzen Consulting S.r.l ZenSh... |
| [CVE-2025-15620](https://nvd.nist.gov/vuln/detail/CVE-2025-15620) | 9.2 | CRITICAL | CWE-306 | No | 0.0% | 6.44 | 2026-04-02 | HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web... |
| [CVE-2024-14033](https://nvd.nist.gov/vuln/detail/CVE-2024-14033) | 8.7 | HIGH | CWE-400 | No | 0.0% | 6.09 | 2026-04-02 | Hirschmann Industrial IT products (BAT-R, BAT-F, BAT450-F, BAT867-R, BAT867-F, WLC, BAT Controller Virtual) contain a he... |
| [CVE-2026-35383](https://nvd.nist.gov/vuln/detail/CVE-2026-35383) | 6.9 | MEDIUM | CWE-540 | No | 0.0% | 4.83 | 2026-04-02 | Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated att... |
| [CVE-2026-35053](https://nvd.nist.gov/vuln/detail/CVE-2026-35053) | 9.2 | CRITICAL | CWE-306 | No | 0.1% | 6.44 | 2026-04-02 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's Manual... |
| [CVE-2026-34932](https://nvd.nist.gov/vuln/detail/CVE-2026-34932) | 8.5 | HIGH | CWE-79 | No | 0.1% | 5.95 | 2026-04-02 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability t... |
| [CVE-2026-34931](https://nvd.nist.gov/vuln/detail/CVE-2026-34931) | 8.5 | HIGH | CWE-601 | No | 0.1% | 5.95 | 2026-04-02 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerabili... |
| [CVE-2026-34848](https://nvd.nist.gov/vuln/detail/CVE-2026-34848) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-02 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability i... |
| [CVE-2026-34847](https://nvd.nist.gov/vuln/detail/CVE-2026-34847) | 4.7 | MEDIUM | CWE-601 | No | 0.0% | 3.29 | 2026-04-02 | hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based... |
| [CVE-2026-34840](https://nvd.nist.gov/vuln/detail/CVE-2026-34840) | 8.1 | HIGH | CWE-347 | No | 0.1% | 5.67 | 2026-04-02 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implem... |
| [CVE-2026-34838](https://nvd.nist.gov/vuln/detail/CVE-2026-34838) | 9.9 | CRITICAL | CWE-502 | No | 0.5% | 6.95 | 2026-04-02 | Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, a... |
| [CVE-2026-34834](https://nvd.nist.gov/vuln/detail/CVE-2026-34834) | 8.7 | HIGH | CWE-287 | No | 0.1% | 6.09 | 2026-04-02 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity()... |
| [CVE-2026-34833](https://nvd.nist.gov/vuln/detail/CVE-2026-34833) | 8.7 | HIGH | CWE-312 | No | 0.0% | 6.09 | 2026-04-02 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/ses... |
| [CVE-2026-34832](https://nvd.nist.gov/vuln/detail/CVE-2026-34832) | 6.5 | MEDIUM | CWE-639 | No | 0.0% | 4.55 | 2026-04-02 | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated au... |
| [CVE-2026-34825](https://nvd.nist.gov/vuln/detail/CVE-2026-34825) | 8.5 | HIGH | CWE-89 | No | 0.0% | 5.95 | 2026-04-02 | NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior t... |
| [CVE-2026-34762](https://nvd.nist.gov/vuln/detail/CVE-2026-34762) | 2.7 | LOW | CWE-20 | No | 0.1% | 1.89 | 2026-04-02 | Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API acce... |
| [CVE-2026-34761](https://nvd.nist.gov/vuln/detail/CVE-2026-34761) | 5.8 | MEDIUM | CWE-476 | No | 0.1% | 4.06 | 2026-04-02 | Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP ha... |
| [CVE-2026-34760](https://nvd.nist.gov/vuln/detail/CVE-2026-34760) | 5.9 | MEDIUM | CWE-20 | No | 0.1% | 4.13 | 2026-04-02 | vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, L... |
| [CVE-2024-14034](https://nvd.nist.gov/vuln/detail/CVE-2024-14034) | 9.3 | CRITICAL | CWE-287 | No | 0.0% | 6.51 | 2026-04-02 | Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) managem... |
| [CVE-2023-7343](https://nvd.nist.gov/vuln/detail/CVE-2023-7343) | 8.5 | HIGH | CWE-269 | No | 0.0% | 5.95 | 2026-04-02 | HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allow... |
| [CVE-2026-5418](https://nvd.nist.gov/vuln/detail/CVE-2026-5418) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-04-02 | A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of th... |
| [CVE-2026-5417](https://nvd.nist.gov/vuln/detail/CVE-2026-5417) | 5.1 | MEDIUM | CWE-918 | No | 0.0% | 3.57 | 2026-04-02 | A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of th... |
| [CVE-2026-34759](https://nvd.nist.gov/vuln/detail/CVE-2026-34759) | 9.2 | CRITICAL | CWE-862 | No | 0.3% | 6.45 | 2026-04-02 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API e... |
| [CVE-2026-34758](https://nvd.nist.gov/vuln/detail/CVE-2026-34758) | 9.1 | CRITICAL | CWE-306 | No | 0.0% | 6.37 | 2026-04-02 | OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to N... |
| [CVE-2026-34752](https://nvd.nist.gov/vuln/detail/CVE-2026-34752) | 8.7 | HIGH | CWE-248 | No | 0.1% | 6.09 | 2026-04-02 | Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the H... |
| [CVE-2026-34745](https://nvd.nist.gov/vuln/detail/CVE-2026-34745) | 9.1 | CRITICAL | CWE-22 | No | 0.1% | 6.37 | 2026-04-02 | Fireshare facilitates self-hosted media and link sharing. Prior to version 1.5.3, the fix for CVE-2026-33645 was applied... |
| [CVE-2026-34743](https://nvd.nist.gov/vuln/detail/CVE-2026-34743) | 1.7 | LOW | CWE-122 | No | 0.1% | 1.19 | 2026-04-02 | XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_ind... |
| [CVE-2026-34742](https://nvd.nist.gov/vuln/detail/CVE-2026-34742) | 7.6 | HIGH | CWE-1188 | No | 0.1% | 5.32 | 2026-04-02 | The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does no... |
| [CVE-2026-34736](https://nvd.nist.gov/vuln/detail/CVE-2026-34736) | 5.3 | MEDIUM | CWE-287 | No | 0.1% | 3.71 | 2026-04-02 | Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before t... |
| [CVE-2026-34735](https://nvd.nist.gov/vuln/detail/CVE-2026-34735) | 8.7 | HIGH | CWE-434 | No | 0.1% | 6.09 | 2026-04-02 | The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prio... |
| [CVE-2026-34730](https://nvd.nist.gov/vuln/detail/CVE-2026-34730) | 5.5 | MEDIUM | CWE-22 | No | 0.0% | 3.85 | 2026-04-02 | Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _external_data featur... |
| [CVE-2026-34726](https://nvd.nist.gov/vuln/detail/CVE-2026-34726) | 4.4 | MEDIUM | CWE-22 | No | 0.0% | 3.08 | 2026-04-02 | Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _subdirectory setting... |
| [CVE-2026-34581](https://nvd.nist.gov/vuln/detail/CVE-2026-34581) | 8.1 | HIGH | CWE-288 | No | 0.0% | 5.67 | 2026-04-02 | goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token... |
| [CVE-2026-34426](https://nvd.nist.gov/vuln/detail/CVE-2026-34426) | 6.9 | MEDIUM | CWE-184 | No | 0.0% | 4.83 | 2026-04-02 | OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment varia... |
| [CVE-2026-34425](https://nvd.nist.gov/vuln/detail/CVE-2026-34425) | 5.3 | MEDIUM | CWE-184 | No | 0.1% | 3.71 | 2026-04-02 | OpenClaw versions prior to commit 8aceaf5 contain a preflight validation bypass vulnerability in shell-bleed protection... |
| [CVE-2025-43264](https://nvd.nist.gov/vuln/detail/CVE-2025-43264) | 8.8 | HIGH | CWE-119 | No | 0.0% | 6.16 | 2026-04-02 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a malicious... |
| [CVE-2025-43257](https://nvd.nist.gov/vuln/detail/CVE-2025-43257) | 8.7 | HIGH | CWE-59 | No | 0.0% | 6.09 | 2026-04-02 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.6. An app may be ab... |
| [CVE-2025-43238](https://nvd.nist.gov/vuln/detail/CVE-2025-43238) | 6.2 | MEDIUM | CWE-190 | No | 0.0% | 4.34 | 2026-04-02 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonom... |
| [CVE-2025-43236](https://nvd.nist.gov/vuln/detail/CVE-2025-43236) | 3.3 | LOW | CWE-843 | No | 0.0% | 2.31 | 2026-04-02 | A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Son... |
| [CVE-2025-43219](https://nvd.nist.gov/vuln/detail/CVE-2025-43219) | 8.8 | HIGH | CWE-787 | No | 0.0% | 6.16 | 2026-04-02 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a malicious... |
| [CVE-2025-43210](https://nvd.nist.gov/vuln/detail/CVE-2025-43210) | 6.3 | MEDIUM | CWE-125 | No | 0.0% | 4.41 | 2026-04-02 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18... |
| [CVE-2025-43202](https://nvd.nist.gov/vuln/detail/CVE-2025-43202) | 8.8 | HIGH | CWE-787 | No | 0.0% | 6.16 | 2026-04-02 | This issue was addressed with improved memory handling. This issue is fixed in iOS 18.6 and iPadOS 18.6, macOS Sequoia 1... |
| [CVE-2024-44303](https://nvd.nist.gov/vuln/detail/CVE-2024-44303) | 7.5 | HIGH | CWE-284 | No | 0.1% | 5.25 | 2026-04-02 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1. A malicious application may be... |
| [CVE-2024-44286](https://nvd.nist.gov/vuln/detail/CVE-2024-44286) | 7.5 | HIGH | CWE-288 | No | 0.1% | 5.25 | 2026-04-02 | This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with... |
| [CVE-2024-44250](https://nvd.nist.gov/vuln/detail/CVE-2024-44250) | 8.2 | HIGH | CWE-269 | No | 0.1% | 5.74 | 2026-04-02 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be... |
| [CVE-2024-44219](https://nvd.nist.gov/vuln/detail/CVE-2024-44219) | 7.5 | HIGH | CWE-284 | No | 0.1% | 5.25 | 2026-04-02 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. A malicious a... |
| [CVE-2024-40858](https://nvd.nist.gov/vuln/detail/CVE-2024-40858) | 7.1 | HIGH | CWE-284 | No | 0.1% | 4.97 | 2026-04-02 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be... |
| [CVE-2024-40849](https://nvd.nist.gov/vuln/detail/CVE-2024-40849) | 7.5 | HIGH | CWE-362 | No | 0.1% | 5.25 | 2026-04-02 | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able... |
| [CVE-2023-7342](https://nvd.nist.gov/vuln/detail/CVE-2023-7342) | 8.7 | HIGH | CWE-269 | No | 0.0% | 6.09 | 2026-04-02 | HiSecOS web server versions 03.4.00 prior to 04.1.00 contains a privilege escalation vulnerability that allows authentic... |
| [CVE-2026-5414](https://nvd.nist.gov/vuln/detail/CVE-2026-5414) | 5.5 | MEDIUM | CWE-99 | No | 0.0% | 3.85 | 2026-04-02 | A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionali... |
| [CVE-2026-5413](https://nvd.nist.gov/vuln/detail/CVE-2026-5413) | 6.3 | MEDIUM | CWE-200 | No | 0.0% | 4.41 | 2026-04-02 | A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functional... |
| [CVE-2026-5370](https://nvd.nist.gov/vuln/detail/CVE-2026-5370) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file package... |
| [CVE-2026-5368](https://nvd.nist.gov/vuln/detail/CVE-2026-5368) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-02 | A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of t... |
| [CVE-2026-35414](https://nvd.nist.gov/vuln/detail/CVE-2026-35414) | 4.2 | MEDIUM | CWE-670 | No | 0.0% | 2.94 | 2026-04-02 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list i... |
| [CVE-2026-34835](https://nvd.nist.gov/vuln/detail/CVE-2026-34835) | 4.8 | MEDIUM | CWE-1286 | No | 0.1% | 3.36 | 2026-04-02 | Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack... |
| [CVE-2026-34828](https://nvd.nist.gov/vuln/detail/CVE-2026-34828) | 7.1 | HIGH | CWE-613 | No | 0.0% | 4.97 | 2026-04-02 | listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0,... |
| [CVE-2026-34827](https://nvd.nist.gov/vuln/detail/CVE-2026-34827) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-04-02 | Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack... |
| [CVE-2026-34725](https://nvd.nist.gov/vuln/detail/CVE-2026-34725) | 8.2 | HIGH | CWE-79 | No | 0.0% | 5.74 | 2026-04-02 | DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists... |
| [CVE-2026-34717](https://nvd.nist.gov/vuln/detail/CVE-2026-34717) | 9.9 | CRITICAL | CWE-89 | No | 0.0% | 6.93 | 2026-04-02 | OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in module... |
| [CVE-2026-34715](https://nvd.nist.gov/vuln/detail/CVE-2026-34715) | 5.3 | MEDIUM | CWE-113 | No | 0.0% | 3.71 | 2026-04-02 | ewe is a Gleam web server. Prior to version 3.0.6, the encode_headers function in src/ewe/internal/encoder.gleam directl... |
| [CVE-2026-34610](https://nvd.nist.gov/vuln/detail/CVE-2026-34610) | 5.9 | MEDIUM | CWE-681 | No | 0.0% | 4.13 | 2026-04-02 | The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms.... |
| [CVE-2026-34608](https://nvd.nist.gov/vuln/detail/CVE-2026-34608) | 4.9 | MEDIUM | CWE-125 | No | 0.1% | 3.43 | 2026-04-02 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook_inpr... |
| [CVE-2026-34606](https://nvd.nist.gov/vuln/detail/CVE-2026-34606) | 6.9 | MEDIUM | CWE-79 | No | 0.0% | 4.83 | 2026-04-02 | Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27... |
| [CVE-2026-34601](https://nvd.nist.gov/vuln/detail/CVE-2026-34601) | 7.5 | HIGH | CWE-91 | No | 0.1% | 5.25 | 2026-04-02 | xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In xmldom... |
| [CVE-2026-34598](https://nvd.nist.gov/vuln/detail/CVE-2026-34598) | 7.1 | HIGH | CWE-79 | No | 0.0% | 4.97 | 2026-04-02 | YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form... |
| [CVE-2026-34593](https://nvd.nist.gov/vuln/detail/CVE-2026-34593) | 8.2 | HIGH | CWE-400 | No | 0.1% | 5.74 | 2026-04-02 | Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type... |
| [CVE-2026-34591](https://nvd.nist.gov/vuln/detail/CVE-2026-34591) | 7.1 | HIGH | CWE-22 | No | 0.0% | 4.97 | 2026-04-02 | Poetry is a dependency manager for Python. From version 1.4.0 to before version 2.3.3, a crafted wheel can contain ../ p... |
| [CVE-2026-34590](https://nvd.nist.gov/vuln/detail/CVE-2026-34590) | 5.4 | MEDIUM | CWE-918 | No | 0.0% | 3.78 | 2026-04-02 | Postiz is an AI social media scheduling tool. Prior to version 2.21.4, the POST /webhooks/ endpoint for creating webhook... |
| [CVE-2026-34584](https://nvd.nist.gov/vuln/detail/CVE-2026-34584) | 5.4 | MEDIUM | CWE-639 | No | 0.0% | 3.78 | 2026-04-02 | listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0,... |
| [CVE-2026-34577](https://nvd.nist.gov/vuln/detail/CVE-2026-34577) | 8.6 | HIGH | CWE-918 | No | 0.1% | 6.02 | 2026-04-02 | Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicControll... |
| [CVE-2026-34576](https://nvd.nist.gov/vuln/detail/CVE-2026-34576) | 8.3 | HIGH | CWE-918 | No | 0.0% | 5.81 | 2026-04-02 | Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint acce... |
| [CVE-2026-34526](https://nvd.nist.gov/vuln/detail/CVE-2026-34526) | 5.0 | MEDIUM | CWE-918 | No | 0.0% | 3.50 | 2026-04-02 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode... |
| [CVE-2026-34524](https://nvd.nist.gov/vuln/detail/CVE-2026-34524) | 8.3 | HIGH | CWE-22 | No | 0.1% | 5.81 | 2026-04-02 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode... |
| [CVE-2026-34523](https://nvd.nist.gov/vuln/detail/CVE-2026-34523) | 5.3 | MEDIUM | CWE-22 | No | 0.1% | 3.71 | 2026-04-02 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode... |
| [CVE-2026-34522](https://nvd.nist.gov/vuln/detail/CVE-2026-34522) | 8.1 | HIGH | CWE-22 | No | 0.1% | 5.67 | 2026-04-02 | SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode... |
| [CVE-2026-34124](https://nvd.nist.gov/vuln/detail/CVE-2026-34124) | 7.1 | HIGH | CWE-120 | No | 0.0% | 4.97 | 2026-04-02 | A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic.... |
| [CVE-2026-33271](https://nvd.nist.gov/vuln/detail/CVE-2026-33271) | 6.7 | MEDIUM | CWE-732 | No | 0.0% | 4.69 | 2026-04-02 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (... |
| [CVE-2026-32762](https://nvd.nist.gov/vuln/detail/CVE-2026-32762) | 4.8 | MEDIUM | CWE-436 | No | 0.0% | 3.36 | 2026-04-02 | Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack:... |
| [CVE-2026-28728](https://nvd.nist.gov/vuln/detail/CVE-2026-28728) | 6.7 | MEDIUM | CWE-427 | No | 0.0% | 4.69 | 2026-04-02 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (... |
| [CVE-2026-27774](https://nvd.nist.gov/vuln/detail/CVE-2026-27774) | 6.7 | MEDIUM | CWE-427 | No | 0.0% | 4.69 | 2026-04-02 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (... |
| [CVE-2026-26962](https://nvd.nist.gov/vuln/detail/CVE-2026-26962) | 4.8 | MEDIUM | CWE-93 | No | 0.1% | 3.36 | 2026-04-02 | Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds... |
| [CVE-2026-5360](https://nvd.nist.gov/vuln/detail/CVE-2026-5360) | 6.3 | MEDIUM | CWE-843 | No | 0.1% | 4.41 | 2026-04-02 | A vulnerability has been found in Free5GC 4.2.0. The affected element is an unknown function of the component aper. Such... |
| [CVE-2026-5355](https://nvd.nist.gov/vuln/detail/CVE-2026-5355) | 5.3 | MEDIUM | CWE-77 | No | 0.3% | 3.72 | 2026-04-02 | A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the fil... |
| [CVE-2026-5354](https://nvd.nist.gov/vuln/detail/CVE-2026-5354) | 5.3 | MEDIUM | CWE-77 | No | 0.3% | 3.72 | 2026-04-02 | A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the f... |
| [CVE-2026-5353](https://nvd.nist.gov/vuln/detail/CVE-2026-5353) | 5.3 | MEDIUM | CWE-77 | No | 0.3% | 3.72 | 2026-04-02 | A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. P... |
| [CVE-2026-5352](https://nvd.nist.gov/vuln/detail/CVE-2026-5352) | 5.3 | MEDIUM | CWE-77 | No | 0.3% | 3.72 | 2026-04-02 | A security vulnerability has been detected in Trendnet TEW-657BRM 1.00.1. This impacts the function Edit of the file /se... |
| [CVE-2026-35388](https://nvd.nist.gov/vuln/detail/CVE-2026-35388) | 2.5 | LOW | CWE-420 | No | 0.0% | 1.75 | 2026-04-02 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. |
| [CVE-2026-35387](https://nvd.nist.gov/vuln/detail/CVE-2026-35387) | 3.1 | LOW | CWE-670 | No | 0.0% | 2.17 | 2026-04-02 | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or H... |
| [CVE-2026-35386](https://nvd.nist.gov/vuln/detail/CVE-2026-35386) | 3.6 | LOW | CWE-696 | No | 0.0% | 2.52 | 2026-04-02 | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This r... |
| [CVE-2026-35385](https://nvd.nist.gov/vuln/detail/CVE-2026-35385) | 7.5 | HIGH | CWE-281 | No | 0.0% | 5.25 | 2026-04-02 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' e... |
| [CVE-2026-35038](https://nvd.nist.gov/vuln/detail/CVE-2026-35038) | 5.3 | MEDIUM | CWE-20 | No | 0.1% | 3.71 | 2026-04-02 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbit... |
| [CVE-2026-34877](https://nvd.nist.gov/vuln/detail/CVE-2026-34877) | 9.8 | CRITICAL | CWE-250 | No | 0.1% | 6.86 | 2026-04-02 | An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of seriali... |
| [CVE-2026-34831](https://nvd.nist.gov/vuln/detail/CVE-2026-34831) | 4.8 | MEDIUM | CWE-130 | No | 0.0% | 3.36 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Files#fail sets the Cont... |
| [CVE-2026-34830](https://nvd.nist.gov/vuln/detail/CVE-2026-34830) | 5.9 | MEDIUM | CWE-625 | No | 0.0% | 4.13 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfile#map_accel_path... |
| [CVE-2026-34829](https://nvd.nist.gov/vuln/detail/CVE-2026-34829) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only w... |
| [CVE-2026-34826](https://nvd.nist.gov/vuln/detail/CVE-2026-34826) | 5.3 | MEDIUM | CWE-400 | No | 0.1% | 3.71 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.get_byte_ranges pa... |
| [CVE-2026-34786](https://nvd.nist.gov/vuln/detail/CVE-2026-34786) | 5.3 | MEDIUM | CWE-180 | No | 0.0% | 3.71 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static#applicable_rules... |
| [CVE-2026-34785](https://nvd.nist.gov/vuln/detail/CVE-2026-34785) | 7.5 | HIGH | CWE-187 | No | 0.0% | 5.25 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whethe... |
| [CVE-2026-34763](https://nvd.nist.gov/vuln/detail/CVE-2026-34763) | 5.3 | MEDIUM | CWE-625 | No | 0.0% | 3.71 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Directory interpolates t... |
| [CVE-2026-34230](https://nvd.nist.gov/vuln/detail/CVE-2026-34230) | 5.3 | MEDIUM | CWE-400 | No | 0.1% | 3.71 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.select_best_encodi... |
| [CVE-2026-34083](https://nvd.nist.gov/vuln/detail/CVE-2026-34083) | 6.1 | MEDIUM | CWE-346 | No | 0.0% | 4.27 | 2026-04-02 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server co... |
| [CVE-2026-33951](https://nvd.nist.gov/vuln/detail/CVE-2026-33951) | 6.9 | MEDIUM | CWE-284 | No | 0.1% | 4.83 | 2026-04-02 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the Signal... |
| [CVE-2026-33950](https://nvd.nist.gov/vuln/detail/CVE-2026-33950) | 9.4 | CRITICAL | CWE-285 | No | 0.1% | 6.58 | 2026-04-02 | Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a... |
| [CVE-2026-30603](https://nvd.nist.gov/vuln/detail/CVE-2026-30603) | 6.8 | MEDIUM | CWE-345 | No | 0.0% | 4.76 | 2026-04-02 | An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access,... |
| [CVE-2026-26961](https://nvd.nist.gov/vuln/detail/CVE-2026-26961) | 3.7 | LOW | CWE-436 | No | 0.0% | 2.59 | 2026-04-02 | Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extrac... |
| [CVE-2026-26895](https://nvd.nist.gov/vuln/detail/CVE-2026-26895) | 5.3 | MEDIUM | CWE-203 | No | 0.0% | 3.71 | 2026-04-02 | User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames... |
| [CVE-2026-25212](https://nvd.nist.gov/vuln/detail/CVE-2026-25212) | 9.9 | CRITICAL | CWE-250 | No | 0.0% | 6.93 | 2026-04-02 | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileg... |
| [CVE-2026-5351](https://nvd.nist.gov/vuln/detail/CVE-2026-5351) | 5.3 | MEDIUM | CWE-77 | No | 0.3% | 3.72 | 2026-04-02 | A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setu... |
| [CVE-2026-5350](https://nvd.nist.gov/vuln/detail/CVE-2026-5350) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-02 | A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of t... |
| [CVE-2026-5349](https://nvd.nist.gov/vuln/detail/CVE-2026-5349) | 7.4 | HIGH | CWE-119 | No | 0.1% | 5.18 | 2026-04-02 | A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file... |
| [CVE-2026-34876](https://nvd.nist.gov/vuln/detail/CVE-2026-34876) | 7.5 | HIGH | CWE-125 | No | 0.0% | 5.25 | 2026-04-02 | An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in lib... |
| [CVE-2026-33746](https://nvd.nist.gov/vuln/detail/CVE-2026-33746) | 9.8 | CRITICAL | CWE-287 | No | 0.0% | 6.86 | 2026-04-02 | Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWT... |
| [CVE-2026-33691](https://nvd.nist.gov/vuln/detail/CVE-2026-33691) | 6.8 | MEDIUM | CWE-178 | No | 0.1% | 4.76 | 2026-04-02 | The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewal... |
| [CVE-2026-30332](https://nvd.nist.gov/vuln/detail/CVE-2026-30332) | 7.5 | HIGH | CWE-367 | No | 0.0% | 5.25 | 2026-04-02 | A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows... |
| [CVE-2026-5346](https://nvd.nist.gov/vuln/detail/CVE-2026-5346) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-04-02 | A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src... |
| [CVE-2026-5344](https://nvd.nist.gov/vuln/detail/CVE-2026-5344) | 5.3 | MEDIUM | CWE-22 | No | 0.0% | 3.71 | 2026-04-02 | A security vulnerability has been detected in Textpattern up to 4.9.1. Affected by this vulnerability is the function mt... |
| [CVE-2026-5342](https://nvd.nist.gov/vuln/detail/CVE-2026-5342) | 5.5 | MEDIUM | CWE-119 | No | 0.1% | 3.85 | 2026-04-02 | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file... |
| [CVE-2026-5339](https://nvd.nist.gov/vuln/detail/CVE-2026-5339) | 5.1 | MEDIUM | CWE-74 | No | 0.1% | 3.57 | 2026-04-02 | A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the... |
| [CVE-2026-35002](https://nvd.nist.gov/vuln/detail/CVE-2026-35002) | 9.3 | CRITICAL | CWE-95 | No | 0.6% | 6.53 | 2026-04-02 | Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that al... |
| [CVE-2026-34974](https://nvd.nist.gov/vuln/detail/CVE-2026-34974) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-02 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSa... |
| [CVE-2026-34973](https://nvd.nist.gov/vuln/detail/CVE-2026-34973) | 6.9 | MEDIUM | CWE-943 | No | 0.1% | 4.83 | 2026-04-02 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/p... |
| [CVE-2026-34823](https://nvd.nist.gov/vuln/detail/CVE-2026-34823) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/pas... |
| [CVE-2026-34822](https://nvd.nist.gov/vuln/detail/CVE-2026-34822) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /man... |
| [CVE-2026-34821](https://nvd.nist.gov/vuln/detail/CVE-2026-34821) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpn... |
| [CVE-2026-34820](https://nvd.nist.gov/vuln/detail/CVE-2026-34820) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/ips... |
| [CVE-2026-34819](https://nvd.nist.gov/vuln/detail/CVE-2026-34819) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the REMARK parameter to /cgi-bin/op... |
| [CVE-2026-34818](https://nvd.nist.gov/vuln/detail/CVE-2026-34818) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dns... |
| [CVE-2026-34817](https://nvd.nist.gov/vuln/detail/CVE-2026-34817) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-b... |
| [CVE-2026-34816](https://nvd.nist.gov/vuln/detail/CVE-2026-34816) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smt... |
| [CVE-2026-34815](https://nvd.nist.gov/vuln/detail/CVE-2026-34815) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/sm... |
| [CVE-2026-34814](https://nvd.nist.gov/vuln/detail/CVE-2026-34814) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/pro... |
| [CVE-2026-34813](https://nvd.nist.gov/vuln/detail/CVE-2026-34813) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/prox... |
| [CVE-2026-34812](https://nvd.nist.gov/vuln/detail/CVE-2026-34812) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin... |
| [CVE-2026-34811](https://nvd.nist.gov/vuln/detail/CVE-2026-34811) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xt... |
| [CVE-2026-34810](https://nvd.nist.gov/vuln/detail/CVE-2026-34810) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vp... |
| [CVE-2026-34809](https://nvd.nist.gov/vuln/detail/CVE-2026-34809) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zo... |
| [CVE-2026-34808](https://nvd.nist.gov/vuln/detail/CVE-2026-34808) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/ou... |
| [CVE-2026-34807](https://nvd.nist.gov/vuln/detail/CVE-2026-34807) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/in... |
| [CVE-2026-34806](https://nvd.nist.gov/vuln/detail/CVE-2026-34806) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/sn... |
| [CVE-2026-34805](https://nvd.nist.gov/vuln/detail/CVE-2026-34805) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/dn... |
| [CVE-2026-34804](https://nvd.nist.gov/vuln/detail/CVE-2026-34804) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the dscp parameter to /manage/qos/r... |
| [CVE-2026-34803](https://nvd.nist.gov/vuln/detail/CVE-2026-34803) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the name parameter to /manage/qos/c... |
| [CVE-2026-34802](https://nvd.nist.gov/vuln/detail/CVE-2026-34802) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark user ham spam parameter... |
| [CVE-2026-34801](https://nvd.nist.gov/vuln/detail/CVE-2026-34801) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dhc... |
| [CVE-2026-34800](https://nvd.nist.gov/vuln/detail/CVE-2026-34800) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the NAME parameter to /cgi-bin/upli... |
| [CVE-2026-34799](https://nvd.nist.gov/vuln/detail/CVE-2026-34799) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dns... |
| [CVE-2026-34798](https://nvd.nist.gov/vuln/detail/CVE-2026-34798) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/ro... |
| [CVE-2026-34797](https://nvd.nist.gov/vuln/detail/CVE-2026-34797) | 8.7 | HIGH | CWE-78 | No | 0.5% | 6.10 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet... |
| [CVE-2026-34796](https://nvd.nist.gov/vuln/detail/CVE-2026-34796) | 8.7 | HIGH | CWE-78 | No | 0.5% | 6.10 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet... |
| [CVE-2026-34795](https://nvd.nist.gov/vuln/detail/CVE-2026-34795) | 8.7 | HIGH | CWE-78 | No | 0.5% | 6.10 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet... |
| [CVE-2026-34794](https://nvd.nist.gov/vuln/detail/CVE-2026-34794) | 8.7 | HIGH | CWE-78 | No | 0.5% | 6.10 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet... |
| [CVE-2026-34793](https://nvd.nist.gov/vuln/detail/CVE-2026-34793) | 8.7 | HIGH | CWE-78 | No | 0.5% | 6.10 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet... |
| [CVE-2026-34792](https://nvd.nist.gov/vuln/detail/CVE-2026-34792) | 8.7 | HIGH | CWE-78 | No | 0.5% | 6.10 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet... |
| [CVE-2026-34791](https://nvd.nist.gov/vuln/detail/CVE-2026-34791) | 8.7 | HIGH | CWE-78 | No | 0.5% | 6.10 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE paramet... |
| [CVE-2026-34790](https://nvd.nist.gov/vuln/detail/CVE-2026-34790) | 7.1 | HIGH | CWE-22 | No | 0.2% | 4.97 | 2026-04-02 | Endian Firewall version 3.3.25 and prior allow authenticated users to delete arbitrary files via directory traversal in... |
| [CVE-2026-34729](https://nvd.nist.gov/vuln/detail/CVE-2026-34729) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-02 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, there is a stored XSS vulnerability via Regex By... |
| [CVE-2026-34728](https://nvd.nist.gov/vuln/detail/CVE-2026-34728) | 8.7 | HIGH | CWE-22 | No | 0.2% | 6.10 | 2026-04-02 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handl... |
| [CVE-2026-33641](https://nvd.nist.gov/vuln/detail/CVE-2026-33641) | 7.8 | HIGH | CWE-78 | No | 0.0% | 5.46 | 2026-04-02 | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic config... |
| [CVE-2026-33544](https://nvd.nist.gov/vuln/detail/CVE-2026-33544) | 7.7 | HIGH | CWE-362 | No | 0.0% | 5.39 | 2026-04-02 | Tinyauth is an authentication and authorization server. Prior to version 5.0.5, all three OAuth service implementations... |
| [CVE-2026-33533](https://nvd.nist.gov/vuln/detail/CVE-2026-33533) | 7.1 | HIGH | CWE-942 | No | 0.0% | 4.97 | 2026-04-02 | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server (act... |
| [CVE-2026-32871](https://nvd.nist.gov/vuln/detail/CVE-2026-32871) | 10.0 | CRITICAL | CWE-918 | No | 0.2% | 7.00 | 2026-04-02 | FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP expos... |
| [CVE-2026-32629](https://nvd.nist.gov/vuln/detail/CVE-2026-32629) | 5.4 | MEDIUM | CWE-20 | No | 0.2% | 3.79 | 2026-04-02 | phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest F... |
| [CVE-2026-31937](https://nvd.nist.gov/vuln/detail/CVE-2026-31937) | 7.5 | HIGH | CWE-407 | No | 0.1% | 5.25 | 2026-04-02 | Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a p... |
| [CVE-2026-31935](https://nvd.nist.gov/vuln/detail/CVE-2026-31935) | 7.5 | HIGH | CWE-400 | No | 0.1% | 5.25 | 2026-04-02 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, flooding of craft HTTP2 continuation... |
| [CVE-2026-31934](https://nvd.nist.gov/vuln/detail/CVE-2026-31934) | 7.5 | HIGH | CWE-407 | No | 0.1% | 5.25 | 2026-04-02 | Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexi... |
| [CVE-2026-5338](https://nvd.nist.gov/vuln/detail/CVE-2026-5338) | 5.1 | MEDIUM | CWE-74 | No | 0.4% | 3.58 | 2026-04-02 | A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system... |
| [CVE-2026-5334](https://nvd.nist.gov/vuln/detail/CVE-2026-5334) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-02 | A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file... |
| [CVE-2026-5333](https://nvd.nist.gov/vuln/detail/CVE-2026-5333) | 6.9 | MEDIUM | CWE-74 | No | 0.3% | 4.84 | 2026-04-02 | A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown pro... |
| [CVE-2026-5332](https://nvd.nist.gov/vuln/detail/CVE-2026-5332) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of t... |
| [CVE-2026-3692](https://nvd.nist.gov/vuln/detail/CVE-2026-3692) | 8.7 | HIGH | CWE-78 | No | 0.2% | 6.09 | 2026-04-02 | In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may cr... |
| [CVE-2026-35168](https://nvd.nist.gov/vuln/detail/CVE-2026-35168) | 8.8 | HIGH | CWE-89 | No | 0.1% | 6.16 | 2026-04-02 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, th... |
| [CVE-2026-31933](https://nvd.nist.gov/vuln/detail/CVE-2026-31933) | 7.5 | HIGH | CWE-407 | No | 0.1% | 5.25 | 2026-04-02 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, specially crafted traffic can cause S... |
| [CVE-2026-31932](https://nvd.nist.gov/vuln/detail/CVE-2026-31932) | 7.5 | HIGH | CWE-407 | No | 0.1% | 5.25 | 2026-04-02 | Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.15 and 8.0.4, inefficiency in KRB5 buffering can le... |
| [CVE-2026-31931](https://nvd.nist.gov/vuln/detail/CVE-2026-31931) | 7.5 | HIGH | CWE-476 | No | 0.1% | 5.25 | 2026-04-02 | Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule ke... |
| [CVE-2026-30867](https://nvd.nist.gov/vuln/detail/CVE-2026-30867) | 5.7 | MEDIUM | CWE-617 | No | 0.0% | 3.99 | 2026-04-02 | CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exist... |
| [CVE-2026-2737](https://nvd.nist.gov/vuln/detail/CVE-2026-2737) | 8.5 | HIGH | CWE-79 | No | 0.1% | 5.95 | 2026-04-02 | A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a ma... |
| [CVE-2026-2701](https://nvd.nist.gov/vuln/detail/CVE-2026-2701) | 9.1 | CRITICAL | CWE-78 | No | 0.3% | 6.38 | 2026-04-02 | Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. |
| [CVE-2026-2699](https://nvd.nist.gov/vuln/detail/CVE-2026-2699) | 9.8 | CRITICAL | CWE-284 | No | 9.9% | 7.16 | 2026-04-02 | Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted config... |
| [CVE-2026-29782](https://nvd.nist.gov/vuln/detail/CVE-2026-29782) | 7.2 | HIGH | CWE-502 | No | 0.1% | 5.04 | 2026-04-02 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, th... |
| [CVE-2026-28805](https://nvd.nist.gov/vuln/detail/CVE-2026-28805) | 8.8 | HIGH | CWE-89 | No | 0.0% | 6.16 | 2026-04-02 | OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, mu... |
| [CVE-2026-5331](https://nvd.nist.gov/vuln/detail/CVE-2026-5331) | 5.1 | MEDIUM | CWE-22 | No | 0.1% | 3.57 | 2026-04-02 | A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the compon... |
| [CVE-2026-5330](https://nvd.nist.gov/vuln/detail/CVE-2026-5330) | 6.9 | MEDIUM | CWE-266 | No | 0.1% | 4.83 | 2026-04-02 | A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some... |
| [CVE-2026-5328](https://nvd.nist.gov/vuln/detail/CVE-2026-5328) | 5.3 | MEDIUM | CWE-74 | No | 0.0% | 3.71 | 2026-04-02 | A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted e... |
| [CVE-2026-4636](https://nvd.nist.gov/vuln/detail/CVE-2026-4636) | 8.1 | HIGH | CWE-551 | No | 0.0% | 5.67 | 2026-04-02 | A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) po... |
| [CVE-2026-4634](https://nvd.nist.gov/vuln/detail/CVE-2026-4634) | 7.5 | HIGH | CWE-1050 | No | 0.1% | 5.25 | 2026-04-02 | A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted... |
| [CVE-2026-4325](https://nvd.nist.gov/vuln/detail/CVE-2026-4325) | 5.3 | MEDIUM | CWE-653 | No | 0.0% | 3.71 | 2026-04-02 | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace iso... |
| [CVE-2026-4282](https://nvd.nist.gov/vuln/detail/CVE-2026-4282) | 7.4 | HIGH | CWE-653 | No | 0.0% | 5.18 | 2026-04-02 | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace iso... |
| [CVE-2026-3872](https://nvd.nist.gov/vuln/detail/CVE-2026-3872) | 7.3 | HIGH | CWE-601 | No | 0.0% | 5.11 | 2026-04-02 | A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass... |
| [CVE-2026-34890](https://nvd.nist.gov/vuln/detail/CVE-2026-34890) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O’Donnell MST... |
| [CVE-2026-5327](https://nvd.nist.gov/vuln/detail/CVE-2026-5327) | 5.3 | MEDIUM | CWE-74 | No | 1.2% | 3.75 | 2026-04-02 | A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function h... |
| [CVE-2026-5326](https://nvd.nist.gov/vuln/detail/CVE-2026-5326) | 5.5 | MEDIUM | CWE-285 | No | 0.0% | 3.85 | 2026-04-02 | A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the fi... |
| [CVE-2026-5246](https://nvd.nist.gov/vuln/detail/CVE-2026-5246) | 6.3 | MEDIUM | CWE-285 | No | 0.1% | 4.41 | 2026-04-02 | A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of... |
| [CVE-2026-5245](https://nvd.nist.gov/vuln/detail/CVE-2026-5245) | 6.3 | MEDIUM | CWE-119 | No | 0.1% | 4.41 | 2026-04-02 | A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongo... |
| [CVE-2026-33617](https://nvd.nist.gov/vuln/detail/CVE-2026-33617) | 5.3 | MEDIUM | CWE-497 | No | 0.0% | 3.71 | 2026-04-02 | An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a... |
| [CVE-2026-33616](https://nvd.nist.gov/vuln/detail/CVE-2026-33616) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-04-02 | An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpo... |
| [CVE-2026-33615](https://nvd.nist.gov/vuln/detail/CVE-2026-33615) | 9.1 | CRITICAL | CWE-89 | No | 0.1% | 6.37 | 2026-04-02 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint du... |
| [CVE-2026-33614](https://nvd.nist.gov/vuln/detail/CVE-2026-33614) | 7.5 | HIGH | CWE-89 | No | 0.1% | 5.25 | 2026-04-02 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint du... |
| [CVE-2026-29144](https://nvd.nist.gov/vuln/detail/CVE-2026-29144) | 7.8 | HIGH | CWE-20 | No | 0.1% | 5.46 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security... |
| [CVE-2026-29143](https://nvd.nist.gov/vuln/detail/CVE-2026-29143) | 7.8 | HIGH | CWE-20 | No | 0.1% | 5.46 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted... |
| [CVE-2026-29142](https://nvd.nist.gov/vuln/detail/CVE-2026-29142) | 6.3 | MEDIUM | CWE-325 | No | 0.0% | 4.41 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. |
| [CVE-2026-29141](https://nvd.nist.gov/vuln/detail/CVE-2026-29141) | 7.7 | HIGH | CWE-20 | No | 0.1% | 5.39 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags suc... |
| [CVE-2026-29140](https://nvd.nist.gov/vuln/detail/CVE-2026-29140) | 7.7 | HIGH | CWE-295 | No | 0.0% | 5.39 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be u... |
| [CVE-2026-29139](https://nvd.nist.gov/vuln/detail/CVE-2026-29139) | 7.8 | HIGH | CWE-288 | No | 0.1% | 5.46 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to re... |
| [CVE-2026-29138](https://nvd.nist.gov/vuln/detail/CVE-2026-29138) | 6.3 | MEDIUM | CWE-90 | No | 0.1% | 4.41 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim ano... |
| [CVE-2026-29137](https://nvd.nist.gov/vuln/detail/CVE-2026-29137) | 5.3 | MEDIUM | CWE-20 | No | 0.1% | 3.71 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a lo... |
| [CVE-2026-29136](https://nvd.nist.gov/vuln/detail/CVE-2026-29136) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new... |
| [CVE-2026-29135](https://nvd.nist.gov/vuln/detail/CVE-2026-29135) | 5.3 | MEDIUM | CWE-20 | No | 0.1% | 3.71 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject san... |
| [CVE-2026-29134](https://nvd.nist.gov/vuln/detail/CVE-2026-29134) | 5.3 | MEDIUM | CWE-807 | No | 0.1% | 3.71 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass... |
| [CVE-2026-29133](https://nvd.nist.gov/vuln/detail/CVE-2026-29133) | 5.3 | MEDIUM | CWE-20 | No | 0.1% | 3.71 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match th... |
| [CVE-2026-29132](https://nvd.nist.gov/vuln/detail/CVE-2026-29132) | 6.3 | MEDIUM | CWE-306 | No | 0.1% | 4.41 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass... |
| [CVE-2026-29131](https://nvd.nist.gov/vuln/detail/CVE-2026-29131) | 4.9 | MEDIUM | CWE-90 | No | 0.1% | 3.43 | 2026-04-02 | SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the... |
| [CVE-2026-0634](https://nvd.nist.gov/vuln/detail/CVE-2026-0634) | 7.8 | HIGH | CWE-88 | No | 0.1% | 5.46 | 2026-04-02 | Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on Android allows local apps to execute arbitrary code as... |
| [CVE-2026-5244](https://nvd.nist.gov/vuln/detail/CVE-2026-5244) | 6.9 | MEDIUM | CWE-119 | No | 0.1% | 4.83 | 2026-04-02 | A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mo... |
| [CVE-2026-5032](https://nvd.nist.gov/vuln/detail/CVE-2026-5032) | 7.5 | HIGH | CWE-200 | No | 0.1% | 5.25 | 2026-04-02 | The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.... |
| [CVE-2026-0688](https://nvd.nist.gov/vuln/detail/CVE-2026-0688) | 6.4 | MEDIUM | CWE-918 | No | 0.0% | 4.48 | 2026-04-02 | The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5... |
| [CVE-2026-0686](https://nvd.nist.gov/vuln/detail/CVE-2026-0686) | 7.2 | HIGH | CWE-918 | No | 0.1% | 5.04 | 2026-04-02 | The Webmention plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5... |
| [CVE-2026-5325](https://nvd.nist.gov/vuln/detail/CVE-2026-5325) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-02 | A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects... |
| [CVE-2026-5323](https://nvd.nist.gov/vuln/detail/CVE-2026-5323) | 4.8 | MEDIUM | CWE-918 | No | 0.0% | 3.36 | 2026-04-02 | A vulnerability was found in priyankark a11y-mcp up to 1.0.5. This vulnerability affects the function A11yServer of the... |
| [CVE-2026-5322](https://nvd.nist.gov/vuln/detail/CVE-2026-5322) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-02 | A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69... |
| [CVE-2026-4347](https://nvd.nist.gov/vuln/detail/CVE-2026-4347) | 8.1 | HIGH | CWE-22 | No | 0.1% | 5.67 | 2026-04-02 | The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via... |
| [CVE-2026-1540](https://nvd.nist.gov/vuln/detail/CVE-2026-1540) | 7.2 | HIGH | CWE-94 | No | 0.1% | 5.04 | 2026-04-02 | The Spam Protect for Contact Form 7 WordPress plugin before 1.2.10 allows logging to a PHP file, which could allow an at... |
| [CVE-2026-5321](https://nvd.nist.gov/vuln/detail/CVE-2026-5321) | 5.3 | MEDIUM | CWE-346 | No | 0.0% | 3.71 | 2026-04-02 | A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the compone... |
| [CVE-2026-5320](https://nvd.nist.gov/vuln/detail/CVE-2026-5320) | 6.9 | MEDIUM | CWE-287 | No | 0.1% | 4.83 | 2026-04-02 | A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality o... |
| [CVE-2026-5319](https://nvd.nist.gov/vuln/detail/CVE-2026-5319) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-02 | A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown f... |
| [CVE-2026-5318](https://nvd.nist.gov/vuln/detail/CVE-2026-5318) | 5.3 | MEDIUM | CWE-119 | No | 0.0% | 3.71 | 2026-04-02 | A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/deco... |
| [CVE-2026-5317](https://nvd.nist.gov/vuln/detail/CVE-2026-5317) | 5.3 | MEDIUM | CWE-119 | No | 0.0% | 3.71 | 2026-04-02 | A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_... |
| [CVE-2026-1243](https://nvd.nist.gov/vuln/detail/CVE-2026-1243) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-02 | IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authe... |
| [CVE-2026-5316](https://nvd.nist.gov/vuln/detail/CVE-2026-5316) | 5.3 | MEDIUM | CWE-400 | No | 0.0% | 3.71 | 2026-04-02 | A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file s... |
| [CVE-2026-5315](https://nvd.nist.gov/vuln/detail/CVE-2026-5315) | 5.3 | MEDIUM | CWE-119 | No | 0.0% | 3.71 | 2026-04-02 | A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the l... |
| [CVE-2026-21767](https://nvd.nist.gov/vuln/detail/CVE-2026-21767) | 4.0 | MEDIUM | CWE-306 | No | 0.0% | 2.80 | 2026-04-02 | HCL BigFix Platform is affected by insufficient authentication.  The application might allow users to access sensitive a... |
| [CVE-2026-21765](https://nvd.nist.gov/vuln/detail/CVE-2026-21765) | 8.8 | HIGH | CWE-276 | No | 0.0% | 6.16 | 2026-04-02 | HCL BigFix Platform is affected by insecure permissions on private cryptographic keys.  The private cryptographic keys l... |
| [CVE-2026-5314](https://nvd.nist.gov/vuln/detail/CVE-2026-5314) | 5.3 | MEDIUM | CWE-119 | No | 0.0% | 3.71 | 2026-04-01 | A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library st... |
| [CVE-2026-4759](https://nvd.nist.gov/vuln/detail/CVE-2026-4759) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-01 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-3882](https://nvd.nist.gov/vuln/detail/CVE-2026-3882) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-01 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-32929](https://nvd.nist.gov/vuln/detail/CVE-2026-32929) | 8.4 | HIGH | CWE-125 | No | 0.0% | 5.88 | 2026-04-01 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 fi... |
| [CVE-2026-32928](https://nvd.nist.gov/vuln/detail/CVE-2026-32928) | 8.4 | HIGH | CWE-121 | No | 0.0% | 5.88 | 2026-04-01 | V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Op... |
| [CVE-2026-32927](https://nvd.nist.gov/vuln/detail/CVE-2026-32927) | 8.4 | HIGH | CWE-125 | No | 0.0% | 5.88 | 2026-04-01 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Openi... |
| [CVE-2026-32926](https://nvd.nist.gov/vuln/detail/CVE-2026-32926) | 8.4 | HIGH | CWE-125 | No | 0.0% | 5.88 | 2026-04-01 | V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a cra... |
| [CVE-2026-32925](https://nvd.nist.gov/vuln/detail/CVE-2026-32925) | 8.4 | HIGH | CWE-121 | No | 0.0% | 5.88 | 2026-04-01 | V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom. Open... |
| [CVE-2025-66487](https://nvd.nist.gov/vuln/detail/CVE-2025-66487) | 2.7 | LOW | CWE-770 | No | 0.0% | 1.89 | 2026-04-01 | IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send em... |
| [CVE-2025-66486](https://nvd.nist.gov/vuln/detail/CVE-2025-66486) | 4.8 | MEDIUM | CWE-80 | No | 0.0% | 3.36 | 2026-04-01 | IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML co... |
| [CVE-2025-66485](https://nvd.nist.gov/vuln/detail/CVE-2025-66485) | 5.4 | MEDIUM | CWE-644 | No | 0.0% | 3.78 | 2026-04-01 | IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by... |
| [CVE-2025-66484](https://nvd.nist.gov/vuln/detail/CVE-2025-66484) | 5.5 | MEDIUM | CWE-79 | No | 0.0% | 3.85 | 2026-04-01 | IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to... |
| [CVE-2025-66483](https://nvd.nist.gov/vuln/detail/CVE-2025-66483) | 6.3 | MEDIUM | CWE-613 | No | 0.0% | 4.41 | 2026-04-01 | IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authentic... |
| [CVE-2025-36375](https://nvd.nist.gov/vuln/detail/CVE-2025-36375) | 6.5 | MEDIUM | CWE-352 | No | 0.0% | 4.55 | 2026-04-01 | IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and I... |
| [CVE-2025-0711](https://nvd.nist.gov/vuln/detail/CVE-2025-0711) | 0.0 | NONE | N/A | No | — | 0.00 | 2026-04-01 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. |
| [CVE-2026-5313](https://nvd.nist.gov/vuln/detail/CVE-2026-5313) | 5.3 | MEDIUM | CWE-404 | No | 0.0% | 3.71 | 2026-04-01 | A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the li... |
| [CVE-2026-3987](https://nvd.nist.gov/vuln/detail/CVE-2026-3987) | 8.6 | HIGH | CWE-22 | No | 0.6% | 6.04 | 2026-04-01 | A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authentica... |
| [CVE-2026-34572](https://nvd.nist.gov/vuln/detail/CVE-2026-34572) | 8.8 | HIGH | CWE-284 | No | 0.1% | 6.16 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34571](https://nvd.nist.gov/vuln/detail/CVE-2026-34571) | 9.9 | CRITICAL | CWE-79 | No | 0.1% | 6.93 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34570](https://nvd.nist.gov/vuln/detail/CVE-2026-34570) | 8.8 | HIGH | CWE-284 | No | 0.1% | 6.16 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34569](https://nvd.nist.gov/vuln/detail/CVE-2026-34569) | 9.9 | CRITICAL | CWE-79 | No | 0.0% | 6.93 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34568](https://nvd.nist.gov/vuln/detail/CVE-2026-34568) | 9.1 | CRITICAL | CWE-79 | No | 0.0% | 6.37 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34567](https://nvd.nist.gov/vuln/detail/CVE-2026-34567) | 9.1 | CRITICAL | CWE-79 | No | 0.0% | 6.37 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34566](https://nvd.nist.gov/vuln/detail/CVE-2026-34566) | 9.1 | CRITICAL | CWE-79 | No | 0.0% | 6.37 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34565](https://nvd.nist.gov/vuln/detail/CVE-2026-34565) | 9.1 | CRITICAL | CWE-79 | No | 0.0% | 6.37 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34564](https://nvd.nist.gov/vuln/detail/CVE-2026-34564) | 9.1 | CRITICAL | CWE-79 | No | 0.0% | 6.37 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34563](https://nvd.nist.gov/vuln/detail/CVE-2026-34563) | 9.1 | CRITICAL | CWE-79 | No | 0.0% | 6.37 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34562](https://nvd.nist.gov/vuln/detail/CVE-2026-34562) | 4.7 | MEDIUM | CWE-79 | No | 0.0% | 3.29 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34561](https://nvd.nist.gov/vuln/detail/CVE-2026-34561) | 4.7 | MEDIUM | CWE-79 | No | 0.0% | 3.29 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34560](https://nvd.nist.gov/vuln/detail/CVE-2026-34560) | 9.1 | CRITICAL | CWE-79 | No | 0.0% | 6.37 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-34559](https://nvd.nist.gov/vuln/detail/CVE-2026-34559) | 9.1 | CRITICAL | CWE-79 | No | 0.0% | 6.37 | 2026-04-01 | CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorizati... |
| [CVE-2026-5312](https://nvd.nist.gov/vuln/detail/CVE-2026-5312) | 5.5 | MEDIUM | CWE-266 | No | 0.1% | 3.85 | 2026-04-01 | A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, D... |
| [CVE-2026-4820](https://nvd.nist.gov/vuln/detail/CVE-2026-4820) | 4.3 | MEDIUM | CWE-614 | No | 0.0% | 3.01 | 2026-04-01 | IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or sessi... |
| [CVE-2026-4364](https://nvd.nist.gov/vuln/detail/CVE-2026-4364) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-01 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1... |
| [CVE-2026-4101](https://nvd.nist.gov/vuln/detail/CVE-2026-4101) | 8.1 | HIGH | CWE-287 | No | 0.1% | 5.67 | 2026-04-01 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1... |
| [CVE-2026-34873](https://nvd.nist.gov/vuln/detail/CVE-2026-34873) | 9.1 | CRITICAL | CWE-287 | No | 0.0% | 6.37 | 2026-04-01 | An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session... |
| [CVE-2026-34545](https://nvd.nist.gov/vuln/detail/CVE-2026-34545) | 8.4 | HIGH | CWE-122 | No | 0.1% | 5.88 | 2026-04-01 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the... |
| [CVE-2026-34544](https://nvd.nist.gov/vuln/detail/CVE-2026-34544) | 8.4 | HIGH | CWE-190 | No | 0.0% | 5.88 | 2026-04-01 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the... |
| [CVE-2026-34543](https://nvd.nist.gov/vuln/detail/CVE-2026-34543) | 8.7 | HIGH | CWE-908 | No | 0.0% | 6.09 | 2026-04-01 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the... |
| [CVE-2026-34531](https://nvd.nist.gov/vuln/detail/CVE-2026-34531) | 6.5 | MEDIUM | CWE-287 | No | 0.0% | 4.55 | 2026-04-01 | Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situa... |
| [CVE-2026-34530](https://nvd.nist.gov/vuln/detail/CVE-2026-34530) | 6.9 | MEDIUM | CWE-79 | No | 0.1% | 4.83 | 2026-04-01 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-34529](https://nvd.nist.gov/vuln/detail/CVE-2026-34529) | 7.6 | HIGH | CWE-79 | No | 0.0% | 5.32 | 2026-04-01 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-34528](https://nvd.nist.gov/vuln/detail/CVE-2026-34528) | 8.1 | HIGH | CWE-269 | No | 0.2% | 5.68 | 2026-04-01 | File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a spec... |
| [CVE-2026-34525](https://nvd.nist.gov/vuln/detail/CVE-2026-34525) | 6.3 | MEDIUM | CWE-20 | No | 0.1% | 4.41 | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host h... |
| [CVE-2026-34520](https://nvd.nist.gov/vuln/detail/CVE-2026-34520) | 2.7 | LOW | CWE-113 | No | 0.1% | 1.89 | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (t... |
| [CVE-2026-34519](https://nvd.nist.gov/vuln/detail/CVE-2026-34519) | 2.7 | LOW | CWE-113 | No | 0.1% | 1.89 | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who... |
| [CVE-2026-34518](https://nvd.nist.gov/vuln/detail/CVE-2026-34518) | 2.7 | LOW | CWE-200 | No | 0.1% | 1.89 | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following... |
| [CVE-2026-34517](https://nvd.nist.gov/vuln/detail/CVE-2026-34517) | 2.7 | LOW | CWE-770 | No | 0.1% | 1.89 | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multip... |
| [CVE-2026-34516](https://nvd.nist.gov/vuln/detail/CVE-2026-34516) | 6.6 | MEDIUM | CWE-770 | No | 0.1% | 4.62 | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with... |
| [CVE-2026-34515](https://nvd.nist.gov/vuln/detail/CVE-2026-34515) | 6.6 | MEDIUM | CWE-36 | No | 0.1% | 4.62 | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the... |
| [CVE-2026-34514](https://nvd.nist.gov/vuln/detail/CVE-2026-34514) | 2.7 | LOW | CWE-113 | No | 0.1% | 1.89 | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who... |
| [CVE-2026-34513](https://nvd.nist.gov/vuln/detail/CVE-2026-34513) | 2.7 | LOW | CWE-770 | No | 0.1% | 1.89 | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DN... |
| [CVE-2026-2862](https://nvd.nist.gov/vuln/detail/CVE-2026-2862) | 5.3 | MEDIUM | CWE-444 | No | 0.0% | 3.71 | 2026-04-01 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1... |
| [CVE-2026-2475](https://nvd.nist.gov/vuln/detail/CVE-2026-2475) | 3.1 | LOW | CWE-601 | No | 0.0% | 2.17 | 2026-04-01 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1... |
| [CVE-2026-22815](https://nvd.nist.gov/vuln/detail/CVE-2026-22815) | 6.9 | MEDIUM | CWE-400 | No | 0.1% | 4.83 | 2026-04-01 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient re... |
| [CVE-2026-1491](https://nvd.nist.gov/vuln/detail/CVE-2026-1491) | 5.3 | MEDIUM | CWE-444 | No | 0.0% | 3.71 | 2026-04-01 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1... |
| [CVE-2026-1345](https://nvd.nist.gov/vuln/detail/CVE-2026-1345) | 7.3 | HIGH | CWE-78 | No | 0.1% | 5.11 | 2026-04-01 | IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1... |
| [CVE-2025-36373](https://nvd.nist.gov/vuln/detail/CVE-2025-36373) | 4.1 | MEDIUM | CWE-497 | No | 0.0% | 2.87 | 2026-04-01 | IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and I... |
| [CVE-2025-13916](https://nvd.nist.gov/vuln/detail/CVE-2025-13916) | 5.9 | MEDIUM | CWE-327 | No | 0.0% | 4.13 | 2026-04-01 | IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker t... |
| [CVE-2026-5311](https://nvd.nist.gov/vuln/detail/CVE-2026-5311) | 5.5 | MEDIUM | CWE-266 | No | 0.3% | 3.86 | 2026-04-01 | A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-32... |
| [CVE-2026-34872](https://nvd.nist.gov/vuln/detail/CVE-2026-34872) | 9.1 | CRITICAL | CWE-347 | No | 0.0% | 6.37 | 2026-04-01 | An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory... |
| [CVE-2026-34750](https://nvd.nist.gov/vuln/detail/CVE-2026-34750) | 6.5 | MEDIUM | CWE-22 | No | 0.1% | 4.55 | 2026-04-01 | Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/storage-azu... |
| [CVE-2026-34749](https://nvd.nist.gov/vuln/detail/CVE-2026-34749) | 5.4 | MEDIUM | CWE-352 | No | 0.0% | 3.78 | 2026-04-01 | Payload is a free and open source headless content management system. Prior to version 3.79.1, a Cross-Site Request Forg... |
| [CVE-2026-34748](https://nvd.nist.gov/vuln/detail/CVE-2026-34748) | 8.7 | HIGH | CWE-79 | No | 0.0% | 6.09 | 2026-04-01 | Payload is a free and open source headless content management system. Prior to version 3.78.0 in @payloadcms/next, a sto... |
| [CVE-2026-34747](https://nvd.nist.gov/vuln/detail/CVE-2026-34747) | 8.5 | HIGH | CWE-89 | No | 0.1% | 5.95 | 2026-04-01 | Payload is a free and open source headless content management system. Prior to version 3.79.1, certain request inputs we... |
| [CVE-2026-34746](https://nvd.nist.gov/vuln/detail/CVE-2026-34746) | 7.7 | HIGH | CWE-918 | No | 0.0% | 5.39 | 2026-04-01 | Payload is a free and open source headless content management system. Prior to version 3.79.1, an authenticated Server-S... |
| [CVE-2026-34456](https://nvd.nist.gov/vuln/detail/CVE-2026-34456) | 9.1 | CRITICAL | CWE-284 | No | 0.1% | 6.37 | 2026-04-01 | Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From ver... |
| [CVE-2026-34455](https://nvd.nist.gov/vuln/detail/CVE-2026-34455) | 8.7 | HIGH | CWE-89 | No | 0.0% | 6.09 | 2026-04-01 | Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.... |
| [CVE-2025-66442](https://nvd.nist.gov/vuln/detail/CVE-2025-66442) | 5.1 | MEDIUM | CWE-385 | No | 0.0% | 3.57 | 2026-04-01 | In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occ... |
| [CVE-2026-35000](https://nvd.nist.gov/vuln/detail/CVE-2026-35000) | 7.1 | HIGH | CWE-184 | No | 0.1% | 4.97 | 2026-04-01 | ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementa... |
| [CVE-2026-34874](https://nvd.nist.gov/vuln/detail/CVE-2026-34874) | 7.5 | HIGH | CWE-476 | No | 0.1% | 5.25 | 2026-04-01 | An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distingu... |
| [CVE-2026-34871](https://nvd.nist.gov/vuln/detail/CVE-2026-34871) | 6.7 | MEDIUM | CWE-338 | No | 0.0% | 4.69 | 2026-04-01 | An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predict... |
| [CVE-2026-25835](https://nvd.nist.gov/vuln/detail/CVE-2026-25835) | 7.7 | HIGH | CWE-335 | No | 0.0% | 5.39 | 2026-04-01 | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). |
| [CVE-2026-25833](https://nvd.nist.gov/vuln/detail/CVE-2026-25833) | 7.5 | HIGH | CWE-121 | No | 0.0% | 5.25 | 2026-04-01 | Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function |
| [CVE-2026-34875](https://nvd.nist.gov/vuln/detail/CVE-2026-34875) | 9.8 | CRITICAL | CWE-120 | No | 0.1% | 6.86 | 2026-04-01 | An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key exp... |
| [CVE-2026-34751](https://nvd.nist.gov/vuln/detail/CVE-2026-34751) | 9.1 | CRITICAL | CWE-472 | No | 0.1% | 6.37 | 2026-04-01 | Payload is a free and open source headless content management system. Prior to version 3.79.1 in @payloadcms/graphql and... |
| [CVE-2026-34447](https://nvd.nist.gov/vuln/detail/CVE-2026-34447) | 5.5 | MEDIUM | CWE-22 | No | 0.0% | 3.85 | 2026-04-01 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0,... |
| [CVE-2026-34446](https://nvd.nist.gov/vuln/detail/CVE-2026-34446) | 4.7 | MEDIUM | CWE-22 | No | 0.0% | 3.29 | 2026-04-01 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0,... |
| [CVE-2026-34445](https://nvd.nist.gov/vuln/detail/CVE-2026-34445) | 8.6 | HIGH | CWE-20 | No | 0.1% | 6.02 | 2026-04-01 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0,... |
| [CVE-2026-34397](https://nvd.nist.gov/vuln/detail/CVE-2026-34397) | 6.3 | MEDIUM | CWE-269 | No | 0.0% | 4.41 | 2026-04-01 | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3... |
| [CVE-2026-34376](https://nvd.nist.gov/vuln/detail/CVE-2026-34376) | 7.5 | HIGH | CWE-863 | No | 0.0% | 5.25 | 2026-04-01 | PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to... |
| [CVE-2026-34236](https://nvd.nist.gov/vuln/detail/CVE-2026-34236) | 8.2 | HIGH | CWE-331 | No | 0.0% | 5.74 | 2026-04-01 | Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in app... |
| [CVE-2026-34222](https://nvd.nist.gov/vuln/detail/CVE-2026-34222) | 7.7 | HIGH | CWE-285 | No | 0.0% | 5.39 | 2026-04-01 | Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.... |
| [CVE-2026-34159](https://nvd.nist.gov/vuln/detail/CVE-2026-34159) | 9.8 | CRITICAL | CWE-119 | No | 0.2% | 6.86 | 2026-04-01 | llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserialize_tensor()... |
| [CVE-2026-34076](https://nvd.nist.gov/vuln/detail/CVE-2026-34076) | 7.4 | HIGH | CWE-918 | No | 0.0% | 5.18 | 2026-04-01 | Clerk JavaScript is the official JavaScript repository for Clerk authentication. In @clerk/hono from versions 0.1.0 to b... |
| [CVE-2026-34072](https://nvd.nist.gov/vuln/detail/CVE-2026-34072) | 8.3 | HIGH | CWE-287 | No | 0.1% | 5.81 | 2026-04-01 | Cr*nMaster (cronmaster) is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs... |
| [CVE-2026-27489](https://nvd.nist.gov/vuln/detail/CVE-2026-27489) | 8.7 | HIGH | CWE-23 | No | 0.1% | 6.09 | 2026-04-01 | Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0,... |
| [CVE-2026-25834](https://nvd.nist.gov/vuln/detail/CVE-2026-25834) | 6.5 | MEDIUM | CWE-295 | No | 0.0% | 4.55 | 2026-04-01 | Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. |
| [CVE-2026-34604](https://nvd.nist.gov/vuln/detail/CVE-2026-34604) | 7.1 | HIGH | CWE-22 | No | 0.1% | 4.97 | 2026-04-01 | Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containmen... |
| [CVE-2026-34603](https://nvd.nist.gov/vuln/detail/CVE-2026-34603) | 7.1 | HIGH | CWE-22 | No | 0.1% | 4.97 | 2026-04-01 | Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal... |
| [CVE-2026-33990](https://nvd.nist.gov/vuln/detail/CVE-2026-33990) | 6.8 | MEDIUM | CWE-918 | No | 0.0% | 4.76 | 2026-04-01 | Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, D... |
| [CVE-2026-33978](https://nvd.nist.gov/vuln/detail/CVE-2026-33978) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-01 | Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerabilit... |
| [CVE-2026-33949](https://nvd.nist.gov/vuln/detail/CVE-2026-33949) | 8.1 | HIGH | CWE-22 | No | 0.2% | 5.67 | 2026-04-01 | Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql... |
| [CVE-2026-30643](https://nvd.nist.gov/vuln/detail/CVE-2026-30643) | 9.8 | CRITICAL | CWE-94 | No | 0.1% | 6.86 | 2026-04-01 | An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module u... |
| [CVE-2026-30273](https://nvd.nist.gov/vuln/detail/CVE-2026-30273) | 7.3 | HIGH | CWE-89 | No | 0.0% | 5.11 | 2026-04-01 | pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query... |
| [CVE-2026-2265](https://nvd.nist.gov/vuln/detail/CVE-2026-2265) | 6.5 | MEDIUM | N/A | No | 0.1% | 4.55 | 2026-04-01 | An unauthenticated remote code execution (RCE) vulnerability exists in applications that use the Replicator node package... |
| [CVE-2024-43028](https://nvd.nist.gov/vuln/detail/CVE-2024-43028) | 9.8 | CRITICAL | CWE-77 | No | 0.8% | 6.88 | 2026-04-01 | A command injection vulnerability in the component /jmreport/show of jeecg boot v3.0.0 to v3.5.3 allows attackers to exe... |
| [CVE-2024-40489](https://nvd.nist.gov/vuln/detail/CVE-2024-40489) | 9.8 | CRITICAL | CWE-94 | No | 1.0% | 6.89 | 2026-04-01 | There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows a... |
| [CVE-2026-4829](https://nvd.nist.gov/vuln/detail/CVE-2026-4829) | 5.4 | MEDIUM | CWE-287 | No | 0.0% | 3.78 | 2026-04-01 | Improper authentication in the external OAuth authentication flow in Devolutions Server 2026.1.11 and earlier allows an... |
| [CVE-2026-4828](https://nvd.nist.gov/vuln/detail/CVE-2026-4828) | 8.2 | HIGH | CWE-1390 | No | 0.0% | 5.74 | 2026-04-01 | Improper authentication in the OAuth login functionality in Devolutions Server 2026.1.11 and earlier allows a remote att... |
| [CVE-2026-35099](https://nvd.nist.gov/vuln/detail/CVE-2026-35099) | 7.4 | HIGH | CWE-362 | No | 0.0% | 5.18 | 2026-04-01 | Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant local privilege escalation to SYSTEM. Th... |
| [CVE-2026-34510](https://nvd.nist.gov/vuln/detail/CVE-2026-34510) | 6.9 | MEDIUM | CWE-41 | No | 0.1% | 4.83 | 2026-04-01 | OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file... |
| [CVE-2026-31027](https://nvd.nist.gov/vuln/detail/CVE-2026-31027) | 9.8 | CRITICAL | CWE-120 | No | 0.8% | 6.88 | 2026-04-01 | TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste... |
| [CVE-2025-67807](https://nvd.nist.gov/vuln/detail/CVE-2025-67807) | 4.7 | MEDIUM | CWE-204 | No | 0.0% | 3.29 | 2026-04-01 | The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumer... |
| [CVE-2025-67806](https://nvd.nist.gov/vuln/detail/CVE-2025-67806) | 3.7 | LOW | CWE-203 | No | 0.0% | 2.59 | 2026-04-01 | The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumer... |
| [CVE-2025-67805](https://nvd.nist.gov/vuln/detail/CVE-2025-67805) | 5.9 | MEDIUM | CWE-306 | No | 0.0% | 4.13 | 2026-04-01 | A non-default configuration in Sage DPW 2025_06_004 allows unauthenticated access to diagnostic endpoints within the Dat... |
| [CVE-2026-30573](https://nvd.nist.gov/vuln/detail/CVE-2026-30573) | 7.5 | HIGH | CWE-1284 | No | 0.0% | 5.25 | 2026-04-01 | A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is loc... |
| [CVE-2026-30526](https://nvd.nist.gov/vuln/detail/CVE-2026-30526) | 6.1 | MEDIUM | CWE-79 | No | 0.0% | 4.27 | 2026-04-01 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerabil... |
| [CVE-2026-30523](https://nvd.nist.gov/vuln/detail/CVE-2026-30523) | 6.5 | MEDIUM | CWE-20 | No | 0.1% | 4.55 | 2026-04-01 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input vali... |
| [CVE-2026-30292](https://nvd.nist.gov/vuln/detail/CVE-2026-30292) | 8.4 | HIGH | CWE-73 | No | 0.0% | 5.88 | 2026-04-01 | An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite... |
| [CVE-2026-30291](https://nvd.nist.gov/vuln/detail/CVE-2026-30291) | 8.4 | HIGH | CWE-73 | No | 0.0% | 5.88 | 2026-04-01 | An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwr... |
| [CVE-2026-29598](https://nvd.nist.gov/vuln/detail/CVE-2026-29598) | 5.4 | MEDIUM | CWE-79 | No | 0.0% | 3.78 | 2026-04-01 | Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_user.asp endpoint of DDSN Interactive Acora... |
| [CVE-2025-13535](https://nvd.nist.gov/vuln/detail/CVE-2025-13535) | 6.4 | MEDIUM | CWE-79 | No | 0.1% | 4.48 | 2026-04-01 | The King Addons for Elementor plugin for WordPress is vulnerable to multiple Contributor+ DOM-Based Stored Cross-Site Sc... |
| [CVE-2026-3877](https://nvd.nist.gov/vuln/detail/CVE-2026-3877) | 7.3 | HIGH | CWE-79 | No | 0.0% | 5.11 | 2026-04-01 | A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution a... |
| [CVE-2026-35094](https://nvd.nist.gov/vuln/detail/CVE-2026-35094) | 3.3 | LOW | CWE-825 | No | 0.0% | 2.31 | 2026-04-01 | A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can expl... |
| [CVE-2026-35093](https://nvd.nist.gov/vuln/detail/CVE-2026-35093) | 8.8 | HIGH | CWE-94 | No | 0.0% | 6.16 | 2026-04-01 | A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or... |
| [CVE-2026-35092](https://nvd.nist.gov/vuln/detail/CVE-2026-35092) | 7.5 | HIGH | CWE-190 | No | 1.0% | 5.28 | 2026-04-01 | A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a re... |
| [CVE-2026-35091](https://nvd.nist.gov/vuln/detail/CVE-2026-35091) | 8.2 | HIGH | CWE-253 | No | 0.3% | 5.75 | 2026-04-01 | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Co... |
| [CVE-2026-34999](https://nvd.nist.gov/vuln/detail/CVE-2026-34999) | 6.9 | MEDIUM | CWE-306 | No | 0.1% | 4.83 | 2026-04-01 | OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that al... |
| [CVE-2026-34430](https://nvd.nist.gov/vuln/detail/CVE-2026-34430) | 8.6 | HIGH | CWE-184 | No | 0.1% | 6.02 | 2026-04-01 | ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that a... |
| [CVE-2026-30522](https://nvd.nist.gov/vuln/detail/CVE-2026-30522) | 6.5 | MEDIUM | CWE-602 | No | 0.0% | 4.55 | 2026-04-01 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validati... |
| [CVE-2026-30289](https://nvd.nist.gov/vuln/detail/CVE-2026-30289) | 8.4 | HIGH | CWE-73 | No | 0.0% | 5.88 | 2026-04-01 | An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrit... |
| [CVE-2026-30287](https://nvd.nist.gov/vuln/detail/CVE-2026-30287) | 8.4 | HIGH | CWE-73 | No | 0.0% | 5.88 | 2026-04-01 | An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to... |
| [CVE-2026-29014](https://nvd.nist.gov/vuln/detail/CVE-2026-29014) | 9.3 | CRITICAL | CWE-94 | No | 15.8% | 6.98 | 2026-04-01 | MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote at... |
| [CVE-2026-22768](https://nvd.nist.gov/vuln/detail/CVE-2026-22768) | 7.3 | HIGH | CWE-732 | No | 0.0% | 5.11 | 2026-04-01 | Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low... |
| [CVE-2026-22767](https://nvd.nist.gov/vuln/detail/CVE-2026-22767) | 7.3 | HIGH | CWE-61 | No | 0.0% | 5.11 | 2026-04-01 | Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged att... |
| [CVE-2026-24096](https://nvd.nist.gov/vuln/detail/CVE-2026-24096) | 5.3 | MEDIUM | CWE-280 | No | 0.0% | 3.71 | 2026-04-01 | Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5... |
| [CVE-2026-0932](https://nvd.nist.gov/vuln/detail/CVE-2026-0932) | 6.9 | MEDIUM | CWE-918 | No | 0.1% | 4.83 | 2026-04-01 | Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in... |
| [CVE-2026-23899](https://nvd.nist.gov/vuln/detail/CVE-2026-23899) | 8.6 | HIGH | CWE-284 | No | 0.0% | 6.02 | 2026-04-01 | An improper access check allows unauthorized access to webservice endpoints. |
| [CVE-2026-23898](https://nvd.nist.gov/vuln/detail/CVE-2026-23898) | 8.6 | HIGH | CWE-73 | No | 0.0% | 6.02 | 2026-04-01 | Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. |
| [CVE-2026-21632](https://nvd.nist.gov/vuln/detail/CVE-2026-21632) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-04-01 | Lack of output escaping for article titles leads to XSS vectors in various locations. |
| [CVE-2026-21631](https://nvd.nist.gov/vuln/detail/CVE-2026-21631) | 5.9 | MEDIUM | CWE-79 | No | 0.0% | 4.13 | 2026-04-01 | Lack of output escaping leads to a XSS vector in the multilingual associations component. |
| [CVE-2026-21630](https://nvd.nist.gov/vuln/detail/CVE-2026-21630) | 6.9 | MEDIUM | CWE-89 | No | 0.0% | 4.83 | 2026-04-01 | Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. |
| [CVE-2026-21629](https://nvd.nist.gov/vuln/detail/CVE-2026-21629) | 6.3 | MEDIUM | CWE-284 | No | 0.0% | 4.41 | 2026-04-01 | The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was pote... |
| [CVE-2026-1879](https://nvd.nist.gov/vuln/detail/CVE-2026-1879) | 5.3 | MEDIUM | CWE-284 | No | 0.0% | 3.71 | 2026-04-01 | A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the fil... |
| [CVE-2026-5261](https://nvd.nist.gov/vuln/detail/CVE-2026-5261) | 6.9 | MEDIUM | CWE-284 | No | 0.1% | 4.83 | 2026-04-01 | A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uplo... |
| [CVE-2026-4370](https://nvd.nist.gov/vuln/detail/CVE-2026-4370) | 10.0 | CRITICAL | CWE-295 | No | 0.1% | 7.00 | 2026-04-01 | A vulnerability was identified in Juju from version 3.2.0 until 3.6.19 and from version 4.0 until 4.0.4, where the inter... |
| [CVE-2026-34889](https://nvd.nist.gov/vuln/detail/CVE-2026-34889) | 6.5 | MEDIUM | CWE-79 | No | 0.0% | 4.55 | 2026-04-01 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force U... |
| [CVE-2026-5259](https://nvd.nist.gov/vuln/detail/CVE-2026-5259) | 5.3 | MEDIUM | CWE-918 | No | 0.0% | 3.71 | 2026-04-01 | A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the... |
| [CVE-2026-28265](https://nvd.nist.gov/vuln/detail/CVE-2026-28265) | 4.4 | MEDIUM | CWE-35 | No | 0.0% | 3.08 | 2026-04-01 | PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access cou... |
| [CVE-2026-27101](https://nvd.nist.gov/vuln/detail/CVE-2026-27101) | 4.7 | MEDIUM | CWE-22 | No | 0.3% | 3.30 | 2026-04-01 | Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Impro... |
| [CVE-2026-5258](https://nvd.nist.gov/vuln/detail/CVE-2026-5258) | 6.9 | MEDIUM | CWE-22 | No | 0.1% | 4.83 | 2026-04-01 | A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/... |
| [CVE-2026-5257](https://nvd.nist.gov/vuln/detail/CVE-2026-5257) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-01 | A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of... |
| [CVE-2026-5256](https://nvd.nist.gov/vuln/detail/CVE-2026-5256) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-01 | A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /m... |
| [CVE-2026-5255](https://nvd.nist.gov/vuln/detail/CVE-2026-5255) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-01 | A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delst... |
| [CVE-2026-2696](https://nvd.nist.gov/vuln/detail/CVE-2026-2696) | 5.3 | MEDIUM | CWE-200 | No | 0.0% | 3.71 | 2026-04-01 | The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts)... |
| [CVE-2025-15484](https://nvd.nist.gov/vuln/detail/CVE-2025-15484) | 9.1 | CRITICAL | CWE-287 | No | 0.0% | 6.37 | 2026-04-01 | The Order Notification for WooCommerce  WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant... |
| [CVE-2026-5292](https://nvd.nist.gov/vuln/detail/CVE-2026-5292) | 8.8 | HIGH | CWE-125 | No | 0.1% | 6.16 | 2026-04-01 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of... |
| [CVE-2026-5291](https://nvd.nist.gov/vuln/detail/CVE-2026-5291) | 6.5 | MEDIUM | CWE-200 | No | 0.0% | 4.55 | 2026-04-01 | Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain poten... |
| [CVE-2026-5290](https://nvd.nist.gov/vuln/detail/CVE-2026-5290) | 9.6 | CRITICAL | CWE-416 | No | 0.1% | 6.72 | 2026-04-01 | Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the... |
| [CVE-2026-5289](https://nvd.nist.gov/vuln/detail/CVE-2026-5289) | 9.6 | CRITICAL | CWE-416 | No | 0.1% | 6.72 | 2026-04-01 | Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the... |
| [CVE-2026-5288](https://nvd.nist.gov/vuln/detail/CVE-2026-5288) | 9.6 | CRITICAL | CWE-416 | No | 0.1% | 6.72 | 2026-04-01 | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromi... |
| [CVE-2026-5287](https://nvd.nist.gov/vuln/detail/CVE-2026-5287) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-01 | Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code insid... |
| [CVE-2026-5286](https://nvd.nist.gov/vuln/detail/CVE-2026-5286) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-01 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via... |
| [CVE-2026-5285](https://nvd.nist.gov/vuln/detail/CVE-2026-5285) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-01 | Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code ins... |
| [CVE-2026-5284](https://nvd.nist.gov/vuln/detail/CVE-2026-5284) | 7.5 | HIGH | CWE-416 | No | 0.1% | 5.25 | 2026-04-01 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render... |
| [CVE-2026-5283](https://nvd.nist.gov/vuln/detail/CVE-2026-5283) | 6.5 | MEDIUM | CWE-285 | No | 0.0% | 4.55 | 2026-04-01 | Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-o... |
| [CVE-2026-5282](https://nvd.nist.gov/vuln/detail/CVE-2026-5282) | 8.1 | HIGH | CWE-125 | No | 0.1% | 5.67 | 2026-04-01 | Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of... |
| [CVE-2026-5281](https://nvd.nist.gov/vuln/detail/CVE-2026-5281) | 8.8 | HIGH | CWE-416 | Yes | 3.3% | 6.26 | 2026-04-01 | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render... |
| [CVE-2026-5280](https://nvd.nist.gov/vuln/detail/CVE-2026-5280) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-01 | Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code... |
| [CVE-2026-5279](https://nvd.nist.gov/vuln/detail/CVE-2026-5279) | 8.8 | HIGH | CWE-120 | No | 0.1% | 6.16 | 2026-04-01 | Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code ins... |
| [CVE-2026-5278](https://nvd.nist.gov/vuln/detail/CVE-2026-5278) | 8.8 | HIGH | CWE-416 | No | 0.1% | 6.16 | 2026-04-01 | Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbi... |
| [CVE-2026-5277](https://nvd.nist.gov/vuln/detail/CVE-2026-5277) | 7.5 | HIGH | CWE-472 | No | 0.1% | 5.25 | 2026-04-01 | Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromi... |
| [CVE-2026-5276](https://nvd.nist.gov/vuln/detail/CVE-2026-5276) | 6.5 | MEDIUM | CWE-693 | No | 0.0% | 4.55 | 2026-04-01 | Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain p... |
| [CVE-2026-5275](https://nvd.nist.gov/vuln/detail/CVE-2026-5275) | 8.8 | HIGH | CWE-122 | No | 0.1% | 6.16 | 2026-04-01 | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbit... |
| [CVE-2026-5274](https://nvd.nist.gov/vuln/detail/CVE-2026-5274) | 8.8 | HIGH | CWE-472 | No | 0.1% | 6.16 | 2026-04-01 | Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/... |
| [CVE-2026-5273](https://nvd.nist.gov/vuln/detail/CVE-2026-5273) | 6.3 | MEDIUM | CWE-416 | No | 0.1% | 4.41 | 2026-04-01 | Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code insid... |
| [CVE-2026-5272](https://nvd.nist.gov/vuln/detail/CVE-2026-5272) | 8.8 | HIGH | CWE-122 | No | 0.0% | 6.16 | 2026-04-01 | Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code... |
| [CVE-2026-5254](https://nvd.nist.gov/vuln/detail/CVE-2026-5254) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-01 | A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown fu... |
| [CVE-2026-5253](https://nvd.nist.gov/vuln/detail/CVE-2026-5253) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-01 | A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of... |
| [CVE-2026-5252](https://nvd.nist.gov/vuln/detail/CVE-2026-5252) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-01 | A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/... |
| [CVE-2026-5251](https://nvd.nist.gov/vuln/detail/CVE-2026-5251) | 5.3 | MEDIUM | CWE-913 | No | 0.1% | 3.71 | 2026-04-01 | A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user... |
| [CVE-2026-5249](https://nvd.nist.gov/vuln/detail/CVE-2026-5249) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-01 | A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\v... |
| [CVE-2026-4947](https://nvd.nist.gov/vuln/detail/CVE-2026-4947) | 7.1 | HIGH | CWE-284 | No | 0.0% | 4.97 | 2026-04-01 | Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process... |
| [CVE-2026-4374](https://nvd.nist.gov/vuln/detail/CVE-2026-4374) | 8.8 | HIGH | CWE-611 | No | 0.0% | 6.16 | 2026-04-01 | Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observa... |
| [CVE-2026-3831](https://nvd.nist.gov/vuln/detail/CVE-2026-3831) | 4.3 | MEDIUM | CWE-862 | No | 0.0% | 3.01 | 2026-04-01 | The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to unauthorized access of d... |
| [CVE-2026-3780](https://nvd.nist.gov/vuln/detail/CVE-2026-3780) | 7.3 | HIGH | CWE-426 | No | 0.0% | 5.11 | 2026-04-01 | The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted searc... |
| [CVE-2026-3779](https://nvd.nist.gov/vuln/detail/CVE-2026-3779) | 7.8 | HIGH | CWE-416 | No | 0.0% | 5.46 | 2026-04-01 | The application's list box calculate array logic keeps stale references to page or form objects after they are deleted o... |
| [CVE-2026-3778](https://nvd.nist.gov/vuln/detail/CVE-2026-3778) | 6.2 | MEDIUM | CWE-674 | No | 0.0% | 4.34 | 2026-04-01 | The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pag... |
| [CVE-2026-3777](https://nvd.nist.gov/vuln/detail/CVE-2026-3777) | 5.5 | MEDIUM | CWE-416 | No | 0.0% | 3.85 | 2026-04-01 | The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript ch... |
| [CVE-2026-3776](https://nvd.nist.gov/vuln/detail/CVE-2026-3776) | 5.5 | MEDIUM | CWE-476 | No | 0.0% | 3.85 | 2026-04-01 | The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resour... |
| [CVE-2026-3775](https://nvd.nist.gov/vuln/detail/CVE-2026-3775) | 7.8 | HIGH | CWE-427 | No | 0.0% | 5.46 | 2026-04-01 | The application's update service, when checking for updates, loads certain system libraries from a search path that incl... |
| [CVE-2026-3774](https://nvd.nist.gov/vuln/detail/CVE-2026-3774) | 4.7 | MEDIUM | CWE-200 | No | 0.0% | 3.29 | 2026-04-01 | The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, ann... |
| [CVE-2026-5248](https://nvd.nist.gov/vuln/detail/CVE-2026-5248) | 5.3 | MEDIUM | CWE-913 | No | 0.1% | 3.71 | 2026-04-01 | A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app... |
| [CVE-2026-35057](https://nvd.nist.gov/vuln/detail/CVE-2026-35057) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-01 | XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions,... |
| [CVE-2026-35056](https://nvd.nist.gov/vuln/detail/CVE-2026-35056) | 8.6 | HIGH | CWE-94 | No | 0.4% | 6.03 | 2026-04-01 | XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users.... |
| [CVE-2026-35055](https://nvd.nist.gov/vuln/detail/CVE-2026-35055) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-01 | XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. A... |
| [CVE-2026-35054](https://nvd.nist.gov/vuln/detail/CVE-2026-35054) | 5.1 | MEDIUM | CWE-79 | No | 0.0% | 3.57 | 2026-04-01 | XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can in... |
| [CVE-2026-2394](https://nvd.nist.gov/vuln/detail/CVE-2026-2394) | 6.3 | MEDIUM | CWE-126 | No | 0.0% | 4.41 | 2026-04-01 | Buffer Over-read vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers.This issue affects C... |
| [CVE-2025-71282](https://nvd.nist.gov/vuln/detail/CVE-2025-71282) | 8.7 | HIGH | CWE-209 | No | 0.0% | 6.09 | 2026-04-01 | XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This... |
| [CVE-2025-71281](https://nvd.nist.gov/vuln/detail/CVE-2025-71281) | 8.7 | HIGH | CWE-94 | No | 0.1% | 6.09 | 2026-04-01 | XenForo before 2.3.7 does not properly restrict methods callable from within templates. A loose prefix match was used in... |
| [CVE-2025-71280](https://nvd.nist.gov/vuln/detail/CVE-2025-71280) | 6.9 | MEDIUM | CWE-200 | No | 0.0% | 4.83 | 2026-04-01 | XenForo before 2.3.7 allows information disclosure via local account page caching on shared systems. On systems where mu... |
| [CVE-2025-71279](https://nvd.nist.gov/vuln/detail/CVE-2025-71279) | 9.3 | CRITICAL | CWE-287 | No | 0.1% | 6.51 | 2026-04-01 | XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may... |
| [CVE-2025-71278](https://nvd.nist.gov/vuln/detail/CVE-2025-71278) | 8.7 | HIGH | CWE-863 | No | 0.0% | 6.09 | 2026-04-01 | XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using O... |
| [CVE-2025-13855](https://nvd.nist.gov/vuln/detail/CVE-2025-13855) | 7.6 | HIGH | CWE-89 | No | 0.1% | 5.32 | 2026-04-01 | IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could... |
| [CVE-2024-58342](https://nvd.nist.gov/vuln/detail/CVE-2024-58342) | 5.3 | MEDIUM | CWE-601 | No | 0.0% | 3.71 | 2026-04-01 | XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does... |
| [CVE-2026-5240](https://nvd.nist.gov/vuln/detail/CVE-2026-5240) | 5.3 | MEDIUM | CWE-79 | No | 0.0% | 3.71 | 2026-04-01 | A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part... |
| [CVE-2026-5238](https://nvd.nist.gov/vuln/detail/CVE-2026-5238) | 6.9 | MEDIUM | CWE-74 | No | 0.0% | 4.83 | 2026-04-01 | A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown fun... |
| [CVE-2026-4668](https://nvd.nist.gov/vuln/detail/CVE-2026-4668) | 6.5 | MEDIUM | CWE-89 | No | 0.0% | 4.55 | 2026-04-01 | The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `s... |