CVE정보

2026

CVE설명제출모더레이션항목
CVE-2026-6911Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT to ...2026. 04. 24.
 
CVE-2026-40609This CVE is a duplicate of another CVE.2026. 04. 24.2026. 04. 24.
 
CVE-2026-39920BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administ ...2026. 04. 24.
 
CVE-2026-30368A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated at ...2026. 04. 24.
 
CVE-2026-31672In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00usb: fix devres lif ...2026. 04. 24.
 
CVE-2026-31671In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in bui ...2026. 04. 24.
 
CVE-2026-31670In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited ...2026. 04. 24.
 
CVE-2026-31669In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free ...2026. 04. 24.
 
CVE-2026-31668In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for in ...2026. 04. 24.
 
CVE-2026-31667In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular lo ...2026. 04. 24.
 
CVE-2026-31666In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return val ...2026. 04. 24.
 
CVE-2026-31665In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: fix use-afte ...2026. 04. 24.
 
CVE-2026-31664In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in ...2026. 04. 24.
 
CVE-2026-31663In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after ...2026. 04. 24.
 
CVE-2026-31662In the Linux kernel, the following vulnerability has been resolved: tipc: fix bc_ackers underflow o ...2026. 04. 24.
 
CVE-2026-31661In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: Fix dma_free_co ...2026. 04. 24.
 
CVE-2026-31660In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb bef ...2026. 04. 24.
 
CVE-2026-31659In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized gl ...2026. 04. 24.
 
CVE-2026-31658In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak o ...2026. 04. 24.
 
CVE-2026-31657In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone ...2026. 04. 24.2026. 04. 24.359413
CVE-2026-31656In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: fix refcount under ...2026. 04. 24.2026. 04. 24.359412
CVE-2026-31655In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: Keep ...2026. 04. 24.
 
CVE-2026-31654In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in __mm ...2026. 04. 24.2026. 04. 24.359399
CVE-2026-31653In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc repeat_ ...2026. 04. 24.2026. 04. 24.359414
CVE-2026-31652In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damon ...2026. 04. 24.2026. 04. 24.359411
CVE-2026-31651In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix NULL-deref on ...2026. 04. 24.2026. 04. 24.359410
CVE-2026-31650In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix use-after-free ...2026. 04. 24.
 
CVE-2026-31649In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underf ...2026. 04. 24.
 
CVE-2026-31648In the Linux kernel, the following vulnerability has been resolved: mm: filemap: fix nr_pages calcu ...2026. 04. 24.
 
CVE-2026-31647In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPT_RT raw/bh spi ...2026. 04. 24.
 
CVE-2026-31646In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page_pool err ...2026. 04. 24.
 
CVE-2026-31645In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool lea ...2026. 04. 24.
 
CVE-2026-31644In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-fre ...2026. 04. 24.
 
CVE-2026-31643In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak ...2026. 04. 24.
 
CVE-2026-31642In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to use ...2026. 04. 24.2026. 04. 24.359416
CVE-2026-31641In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading t ...2026. 04. 24.2026. 04. 24.359418
CVE-2026-31640In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix use of wrong skb whe ...2026. 04. 24.
 
CVE-2026-31639In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count ...2026. 04. 24.
 
CVE-2026-31638In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only put the call ref if ...2026. 04. 24.
 
CVE-2026-31637In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxk ...2026. 04. 24.2026. 04. 24.359409
CVE-2026-31636In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticat ...2026. 04. 24.2026. 04. 24.359408
CVE-2026-31635In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE a ...2026. 04. 24.2026. 04. 24.359407
CVE-2026-31634In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak ...2026. 04. 24.
 
CVE-2026-31633In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in ...2026. 04. 24.2026. 04. 24.359406
CVE-2026-31632In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix leak of rxgk context ...2026. 04. 24.
 
CVE-2026-31631In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in r ...2026. 04. 24.2026. 04. 24.359446
CVE-2026-31630In the Linux kernel, the following vulnerability has been resolved: rxrpc: proc: size address buffe ...2026. 04. 24.
 
CVE-2026-31629In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return a ...2026. 04. 24.2026. 04. 24.359405
CVE-2026-31628In the Linux kernel, the following vulnerability has been resolved: x86/CPU: Fix FPDSS on Zen1 Zen ...2026. 04. 24.2026. 04. 24.359404
CVE-2026-31627In the Linux kernel, the following vulnerability has been resolved: i2c: s3c24xx: check the size of ...2026. 04. 24.2026. 04. 24.359403
CVE-2026-31626In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize ...2026. 04. 24.2026. 04. 24.359444
CVE-2026-31625In the Linux kernel, the following vulnerability has been resolved: HID: alps: fix NULL pointer der ...2026. 04. 24.2026. 04. 24.359359
CVE-2026-31624In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in ...2026. 04. 24.2026. 04. 24.359401
CVE-2026-31623In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb f ...2026. 04. 24.2026. 04. 24.359400
CVE-2026-31622In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC- ...2026. 04. 24.2026. 04. 24.359369
CVE-2026-31621In the Linux kernel, the following vulnerability has been resolved: bnge: return after auxiliary_de ...2026. 04. 24.2026. 04. 24.359447
CVE-2026-31620In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NUL ...2026. 04. 24.2026. 04. 24.359445
CVE-2026-31619In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-s ...2026. 04. 24.2026. 04. 24.359442
CVE-2026-31618In the Linux kernel, the following vulnerability has been resolved: fbdev: tdfxfb: avoid divide-by- ...2026. 04. 24.2026. 04. 24.359402
CVE-2026-31617In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: validate mi ...2026. 04. 24.2026. 04. 24.359368
CVE-2026-31616In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_phonet: fix skb ...2026. 04. 24.2026. 04. 24.359396
CVE-2026-31615In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesas_usb3: vali ...2026. 04. 24.2026. 04. 24.359395
CVE-2026-31614In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bound ...2026. 04. 24.2026. 04. 24.359443
CVE-2026-31613In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads pars ...2026. 04. 24.2026. 04. 24.359439
CVE-2026-31612In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in ...2026. 04. 24.2026. 04. 24.359440
CVE-2026-31611In the Linux kernel, the following vulnerability has been resolved: ksmbd: require 3 sub-authoritie ...2026. 04. 24.2026. 04. 24.359441
CVE-2026-31610In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when ...2026. 04. 24.2026. 04. 24.359448
CVE-2026-31609In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free ...2026. 04. 24.2026. 04. 24.359438
CVE-2026-31608In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free ...2026. 04. 24.2026. 04. 24.359437
CVE-2026-31607In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packe ...2026. 04. 24.2026. 04. 24.359367
CVE-2026-31606In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: don't call ...2026. 04. 24.2026. 04. 24.359436
CVE-2026-31605In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: avoid divide-by-z ...2026. 04. 24.2026. 04. 24.359398
CVE-2026-31604In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on ...2026. 04. 24.2026. 04. 24.359393
CVE-2026-31603In the Linux kernel, the following vulnerability has been resolved: staging: sm750fb: fix division ...2026. 04. 24.2026. 04. 24.359435
CVE-2026-31602In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a sin ...2026. 04. 24.2026. 04. 24.359366
CVE-2026-31601In the Linux kernel, the following vulnerability has been resolved: vfio/xe: Reorganize the init to ...2026. 04. 24.2026. 04. 24.359392
CVE-2026-31600In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large ...2026. 04. 24.2026. 04. 24.359391
CVE-2026-31599In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer ...2026. 04. 24.2026. 04. 24.359434
CVE-2026-31598In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible deadlock be ...2026. 04. 24.2026. 04. 24.359394
CVE-2026-31597In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix use-after-free in oc ...2026. 04. 24.2026. 04. 24.359433
CVE-2026-31596In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle invalid dinode in ...2026. 04. 24.2026. 04. 24.359397
CVE-2026-31595In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: St ...2026. 04. 24.2026. 04. 24.359390
CVE-2026-31594In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Re ...2026. 04. 24.2026. 04. 24.359389
CVE-2026-31593In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sy ...2026. 04. 24.2026. 04. 24.359388
CVE-2026-31592In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect *all* of sev_ ...2026. 04. 24.2026. 04. 24.359365
CVE-2026-31591In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Lock all vCPUs when s ...2026. 04. 24.2026. 04. 24.359432
CVE-2026-31590In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Drop WARN on large si ...2026. 04. 24.2026. 04. 24.359431
CVE-2026-31589In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directl ...2026. 04. 24.2026. 04. 24.359430
CVE-2026-31588In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use scratch field in ...2026. 04. 24.
 
CVE-2026-31587In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm: move compone ...2026. 04. 24.2026. 04. 24.359429
CVE-2026-31586In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-f ...2026. 04. 24.2026. 04. 24.359386
CVE-2026-31585In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state ...2026. 04. 24.2026. 04. 24.359385
CVE-2026-31584In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix us ...2026. 04. 24.2026. 04. 24.359364
CVE-2026-31583In the Linux kernel, the following vulnerability has been resolved: media: em28xx: fix use-after-fr ...2026. 04. 24.2026. 04. 24.359428
CVE-2026-31582In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix use-after-f ...2026. 04. 24.2026. 04. 24.359383
CVE-2026-31581In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: fix use-after-free ...2026. 04. 24.2026. 04. 24.359361
CVE-2026-31580In the Linux kernel, the following vulnerability has been resolved: bcache: fix cached_dev.sb_bio u ...2026. 04. 24.2026. 04. 24.359427
CVE-2026-31579In the Linux kernel, the following vulnerability has been resolved: wireguard: device: use exit_rtn ...2026. 04. 24.2026. 04. 24.359363
CVE-2026-31578In the Linux kernel, the following vulnerability has been resolved: media: as102: fix to not free m ...2026. 04. 24.2026. 04. 24.359384
CVE-2026-31577In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL i_assoc_inode ...2026. 04. 24.2026. 04. 24.359382
CVE-2026-31576In the Linux kernel, the following vulnerability has been resolved: media: hackrf: fix to not free ...2026. 04. 24.2026. 04. 24.359426
CVE-2026-31575In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fau ...2026. 04. 24.2026. 04. 24.359425
CVE-2026-31574In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets ...2026. 04. 24.2026. 04. 24.359381
CVE-2026-31573In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel ...2026. 04. 24.2026. 04. 24.359360
CVE-2026-31572In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix re ...2026. 04. 24.2026. 04. 24.359387
CVE-2026-31571In the Linux kernel, the following vulnerability has been resolved: drm/i915: Unlink NV12 planes ea ...2026. 04. 24.2026. 04. 24.359380
CVE-2026-31570In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in ...2026. 04. 24.2026. 04. 24.359424
CVE-2026-31569In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handle the case ...2026. 04. 24.2026. 04. 24.359423
CVE-2026-31568In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add missing secure sto ...2026. 04. 24.2026. 04. 24.359422
CVE-2026-31567In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Drop spurious WARN_O ...2026. 04. 24.2026. 04. 24.359379
CVE-2026-31566In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix fence put befor ...2026. 04. 24.2026. 04. 24.359378
CVE-2026-31565In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix deadlock during ...2026. 04. 24.2026. 04. 24.359421
CVE-2026-31564In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base addres ...2026. 04. 24.2026. 04. 24.359420
CVE-2026-31563In the Linux kernel, the following vulnerability has been resolved: net: macb: Use dev_consume_skb_ ...2026. 04. 24.
 
CVE-2026-31562In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver ...2026. 04. 24.2026. 04. 24.359376
CVE-2026-31561In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86_CR4_FRED fr ...2026. 04. 24.2026. 04. 24.359374
CVE-2026-31560In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print erro ...2026. 04. 24.2026. 04. 24.359419
CVE-2026-31559In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL che ...2026. 04. 24.2026. 04. 24.359373
CVE-2026-31558In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvm_get_vc ...2026. 04. 24.2026. 04. 24.359415
CVE-2026-31557In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work of ...2026. 04. 24.2026. 04. 24.359375
CVE-2026-31556In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before ...2026. 04. 24.2026. 04. 24.359372
CVE-2026-31555In the Linux kernel, the following vulnerability has been resolved: futex: Clear stale exiting poin ...2026. 04. 24.
 
CVE-2026-31554In the Linux kernel, the following vulnerability has been resolved: futex: Require sys_futex_requeu ...2026. 04. 24.2026. 04. 24.359377
CVE-2026-31553In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor ...2026. 04. 24.2026. 04. 24.359417
CVE-2026-31552In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM in ...2026. 04. 24.2026. 04. 24.359371
CVE-2026-31551In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix static_bran ...2026. 04. 24.2026. 04. 24.359362
CVE-2026-31550In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: I ...2026. 04. 24.2026. 04. 24.359370
CVE-2026-31549In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string ...2026. 04. 24.2026. 04. 24.359358
CVE-2026-31548In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsr_fre ...2026. 04. 24.2026. 04. 24.359354
CVE-2026-31547In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM ...2026. 04. 24.2026. 04. 24.359353
CVE-2026-31546In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in ...2026. 04. 24.2026. 04. 24.359352
CVE-2026-31545In the Linux kernel, the following vulnerability has been resolved: NFC: nxp-nci: allow GPIOs to sl ...2026. 04. 24.2026. 04. 24.359351
CVE-2026-31544In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix NULL de ...2026. 04. 24.2026. 04. 24.359350
CVE-2026-31543In the Linux kernel, the following vulnerability has been resolved: crash_dump: don't log dm-crypt ...2026. 04. 24.2026. 04. 24.359357
CVE-2026-31542In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfi ...2026. 04. 24.2026. 04. 24.359356
CVE-2026-31541In the Linux kernel, the following vulnerability has been resolved: tracing: Fix trace_marker copy ...2026. 04. 24.2026. 04. 24.359355
CVE-2026-31540In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check set_default_ ...2026. 04. 24.2026. 04. 24.359349
CVE-2026-31539In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdi ...2026. 04. 24.2026. 04. 24.359343
CVE-2026-31538In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdir ...2026. 04. 24.2026. 04. 24.359342
CVE-2026-31537In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdir ...2026. 04. 24.2026. 04. 24.359339
CVE-2026-31536In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done hand ...2026. 04. 24.2026. 04. 24.359341
CVE-2026-31535In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdir ...2026. 04. 24.2026. 04. 24.359340
CVE-2026-31534In the Linux kernel, the following vulnerability has been resolved: smb: client: let send_done hand ...2026. 04. 24.2026. 04. 24.359338
CVE-2026-31052An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of servi ...2026. 04. 24.2026. 04. 24.359345
CVE-2026-31051An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of servi ...2026. 04. 24.2026. 04. 24.359344
CVE-2026-31050Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker ...2026. 04. 24.2026. 04. 24.359348
CVE-2026-42095bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by ...2026. 04. 24.2026. 04. 24.359346
CVE-2026-25660CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyz ...2026. 04. 24.2026. 04. 24.359337
CVE-2026-5367A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynami ...2026. 04. 24.2026. 04. 24.358489
CVE-2026-5265When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a por ...2026. 04. 24.2026. 04. 24.358488
CVE-2026-40690The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with ...2026. 04. 24.2026. 04. 24.359336
CVE-2026-38743The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the ...2026. 04. 24.2026. 04. 24.359335
CVE-2026-21515Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized ...2026. 04. 24.2026. 04. 24.359319
CVE-2026-6043P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed ...2026. 04. 24.2026. 04. 24.359333
CVE-2026-4313AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacke ...2026. 04. 24.2026. 04. 24.359334
CVE-2026-23902Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with sys ...2026. 04. 24.2026. 04. 24.359321
CVE-2026-41044Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i ...2026. 04. 24.2026. 04. 24.359176
CVE-2026-41043Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apach ...2026. 04. 24.2026. 04. 24.359175
CVE-2026-40466Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability i ...2026. 04. 24.2026. 04. 24.359174
CVE-2026-6272A client holding only a read JWT scope can still register itself as a signal provider through the pr ...2026. 04. 24.2026. 04. 24.359332
CVE-2026-21728Tempo queries with large limits can cause large memory allocations which can impact the availability ...2026. 04. 24.2026. 04. 24.359331
CVE-2026-4078The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes ...2026. 04. 24.2026. 04. 24.359328
CVE-2026-3569The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions u ...2026. 04. 24.2026. 04. 24.359329
CVE-2026-3565The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, a ...2026. 04. 24.2026. 04. 24.359330
CVE-2026-1952Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.2026. 04. 24.2026. 04. 24.359325
CVE-2026-1951Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulne ...2026. 04. 24.2026. 04. 24.359324
CVE-2026-1950Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerabili ...2026. 04. 24.2026. 04. 24.359323
CVE-2026-6810The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Refer ...2026. 04. 24.2026. 04. 24.359312
CVE-2026-5428The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ima ...2026. 04. 24.2026. 04. 24.359314
CVE-2026-5364The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary fil ...2026. 04. 24.2026. 04. 24.359307
CVE-2026-5347The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to a ...2026. 04. 24.2026. 04. 24.359310
CVE-2026-1949Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT re ...2026. 04. 24.2026. 04. 24.359313
CVE-2026-6947DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force Protection Bypass vulnerability, al ...2026. 04. 24.2026. 04. 24.359268
CVE-2026-41317Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace ...2026. 04. 24.2026. 04. 24.359274
CVE-2026-41316ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) int ...2026. 04. 24.2026. 04. 24.359267
CVE-2026-6393The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and inc ...2026. 04. 24.2026. 04. 24.359259
CVE-2026-5488The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to ...2026. 04. 24.2026. 04. 24.359257
CVE-2026-41485Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1 ...2026. 04. 24.2026. 04. 24.359260
CVE-2026-41430Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace ...2026. 04. 24.2026. 04. 24.359266
CVE-2026-41324basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vulnerable to denial of service ...2026. 04. 24.2026. 04. 24.359261
CVE-2026-41323Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1 ...2026. 04. 24.2026. 04. 24.359264
CVE-2026-41319MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injecti ...2026. 04. 24.2026. 04. 24.359263
CVE-2026-41318AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe ...2026. 04. 24.2026. 04. 24.359265
CVE-2026-41068Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2 ...2026. 04. 24.2026. 04. 24.359262
CVE-2026-2028The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to in ...2026. 04. 24.2026. 04. 24.359258
CVE-2026-41309Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versio ...2026. 04. 24.2026. 04. 24.359248
CVE-2026-41305PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rul ...2026. 04. 24.2026. 04. 24.359256
CVE-2026-40254FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an of ...2026. 04. 24.2026. 04. 24.359253
CVE-2026-33318Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (incl ...2026. 04. 24.2026. 04. 24.359255
CVE-2026-33317OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel r ...2026. 04. 24.2026. 04. 24.359249
CVE-2026-33208Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers ...2026. 04. 24.2026. 04. 24.359250
CVE-2026-33078Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prio ...2026. 04. 24.2026. 04. 24.359247
CVE-2026-33077Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers ...2026. 04. 24.2026. 04. 24.359252
CVE-2026-33076Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to vers ...2026. 04. 24.2026. 04. 24.359251
CVE-2026-32952go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0 ...2026. 04. 24.2026. 04. 24.359254
CVE-2026-41325Kirby is an open-source content management system. Kirby's user permissions control which user role ...2026. 04. 24.2026. 04. 24.359273
CVE-2026-40099Kirby is an open-source content management system. Kirby's user permissions control which user role ...2026. 04. 24.2026. 04. 24.359272
CVE-2026-34587Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user p ...2026. 04. 24.2026. 04. 24.359271
CVE-2026-32870Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handlin ...2026. 04. 24.2026. 04. 24.359270
CVE-2026-31956Xibo is an open source digital signage platform with a web content management system and Windows dis ...2026. 04. 24.2026. 04. 24.359269
CVE-2026-31955Xibo is an open source digital signage platform with a web content management system and Windows dis ...2026. 04. 24.2026. 04. 24.359276
CVE-2026-31953Xibo is an open source digital signage platform with a web content management system and Windows dis ...2026. 04. 24.2026. 04. 24.359275
CVE-2026-40630A vulnerability in  SenseLive X3050’s web management interface allows unauthorized access to ce ...2026. 04. 24.2026. 04. 24.359283
CVE-2026-40623A vulnerability in SenseLive X3050's web management interface allows critical system and network c ...2026. 04. 24.2026. 04. 24.359277
CVE-2026-40620A vulnerability in SenseLive X3050’s embedded management service allows full administrative cont ...2026. 04. 24.2026. 04. 24.359280
CVE-2026-29197In versions <8.4.0, <8.3.2, <8.2.2, <8.1.3, <8.0.4, <7.13.6, <7.12.7, <7.11.7, and <7.10.10, the end ...2026. 04. 24.2026. 04. 24.359286
CVE-2026-25720A vulnerability exists in SenseLive X3050’s web management interface due to improper session lif ...2026. 04. 24.2026. 04. 24.359282
CVE-2026-1789A vulnerability in the browser-based remote management interface may allow an administrator to acces ...2026. 04. 24.2026. 04. 24.359281
CVE-2026-40431A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unen ...2026. 04. 24.2026. 04. 24.359238
CVE-2026-39462A vulnerability exists in SenseLive X3050’s web management interface in which password updates ar ...2026. 04. 24.2026. 04. 24.359243
CVE-2026-35503A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be p ...2026. 04. 24.2026. 04. 24.359246
CVE-2026-35064A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of de ...2026. 04. 24.2026. 04. 24.359242
CVE-2026-31952Xibo is an open source digital signage platform with a web content management system and Windows dis ...2026. 04. 24.2026. 04. 24.359244
CVE-2026-29051melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 a ...2026. 04. 24.2026. 04. 24.359240
CVE-2026-29050melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 a ...2026. 04. 24.2026. 04. 24.359237
CVE-2026-27843A vulnerability exists in SenseLive X3050's web management interface that allows critical configura ...2026. 04. 24.2026. 04. 24.359245
CVE-2026-27841A vulnerability in SenseLive X3050's web management interface allows state-changing operations to ...2026. 04. 24.2026. 04. 24.359241
CVE-2026-25775A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and upd ...2026. 04. 24.2026. 04. 24.359239
CVE-2026-6732A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafte ...2026. 04. 24.2026. 04. 24.359284
CVE-2026-41361OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 ...2026. 04. 24.2026. 04. 24.359317
CVE-2026-41360OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind ...2026. 04. 24.2026. 04. 24.359318
CVE-2026-41359OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated opera ...2026. 04. 24.2026. 04. 24.359311
CVE-2026-41358OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allo ...2026. 04. 24.2026. 04. 24.359316
CVE-2026-41357OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbo ...2026. 04. 24.2026. 04. 24.359308
CVE-2026-41356OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. ...2026. 04. 24.2026. 04. 24.359315
CVE-2026-41355OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that co ...2026. 04. 24.2026. 04. 24.359309
CVE-2026-41354OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe ...2026. 04. 24.2026. 04. 24.359304
CVE-2026-41353OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles featu ...2026. 04. 24.2026. 04. 24.359297
CVE-2026-41352OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node ...2026. 04. 24.2026. 04. 24.359293
CVE-2026-41351OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature hand ...2026. 04. 24.2026. 04. 24.359303
CVE-2026-41350OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_statu ...2026. 04. 24.2026. 04. 24.359299
CVE-2026-41349OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to si ...2026. 04. 24.2026. 04. 24.359292
CVE-2026-41348OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command an ...2026. 04. 24.2026. 04. 24.359291
CVE-2026-41347OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating ...2026. 04. 24.2026. 04. 24.359301
CVE-2026-41346OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead o ...2026. 04. 24.2026. 04. 24.359287
CVE-2026-41345OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionali ...2026. 04. 24.2026. 04. 24.359296
CVE-2026-41344OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint th ...2026. 04. 24.2026. 04. 24.359300
CVE-2026-41343OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path ...2026. 04. 24.2026. 04. 24.359290
CVE-2026-41342OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding c ...2026. 04. 24.2026. 04. 24.359289
CVE-2026-41341OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that miscl ...2026. 04. 24.2026. 04. 24.359288
CVE-2026-41340OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy al ...2026. 04. 24.2026. 04. 24.359302
CVE-2026-41339OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapsho ...2026. 04. 24.2026. 04. 24.359306
CVE-2026-41338OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operati ...2026. 04. 24.2026. 04. 24.359295
CVE-2026-41337OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call repl ...2026. 04. 24.2026. 04. 24.359305
CVE-2026-41336OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR env ...2026. 04. 24.2026. 04. 24.359298
CVE-2026-41335OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface ...2026. 04. 24.2026. 04. 24.359294
CVE-2026-41334OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails ...2026. 04. 24.2026. 04. 24.359279
CVE-2026-41333OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows ...2026. 04. 24.2026. 04. 24.359278
CVE-2026-41332OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMP ...2026. 04. 24.2026. 04. 24.359285
CVE-2026-41274Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 24.2026. 04. 24.359235
CVE-2026-26210KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve ba ...2026. 04. 24.2026. 04. 24.359234
CVE-2026-35431Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthoriz ...2026. 04. 24.2026. 04. 24.359231
CVE-2026-33819Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code ...2026. 04. 24.2026. 04. 24.359230
CVE-2026-33102Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker ...2026. 04. 24.2026. 04. 24.359236
CVE-2026-32210Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacke ...2026. 04. 24.2026. 04. 24.359233
CVE-2026-32172Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute ...2026. 04. 24.2026. 04. 24.359228
CVE-2026-2708A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_ ...2026. 04. 24.2026. 04. 24.347007
CVE-2026-26150Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate p ...2026. 04. 24.2026. 04. 24.359232
CVE-2026-24303Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privile ...2026. 04. 24.2026. 04. 24.359229
CVE-2026-6942radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows rem ...2026. 04. 23.2026. 04. 23.359227
CVE-2026-28525SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_mult ...2026. 04. 23.2026. 04. 23.359226
CVE-2026-6941radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that al ...2026. 04. 23.2026. 04. 23.359218
CVE-2026-6940radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local ...2026. 04. 23.2026. 04. 23.359225
CVE-2026-6376A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to b ...2026. 04. 23.2026. 04. 23.359221
CVE-2026-6375A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name rec ...2026. 04. 23.2026. 04. 23.359224
CVE-2026-41275Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359217
CVE-2026-41279Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359223
CVE-2026-41278Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359222
CVE-2026-41277Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359220
CVE-2026-41276Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359216
CVE-2026-41265Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359215
CVE-2026-41264Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359214
CVE-2026-25874LeRobot contains an unsafe deserialization vulnerability in the async inference pipeline where pickl ...2026. 04. 23.2026. 04. 23.359219
CVE-2026-41273Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359210
CVE-2026-41272Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359213
CVE-2026-41271Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359212
CVE-2026-41270Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359211
CVE-2026-41269Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359209
CVE-2026-41268Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359205
CVE-2026-41267Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359208
CVE-2026-41266Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359207
CVE-2026-41138Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359204
CVE-2026-41137Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 23.2026. 04. 23.359206
CVE-2026-6074A path traversal condition in Intrado 911 Emergency Gateway could allow an attacker with existing ne ...2026. 04. 23.2026. 04. 23.359203
CVE-2026-41241pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backen ...2026. 04. 23.2026. 04. 23.359202
CVE-2026-41213@node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchan ...2026. 04. 23.2026. 04. 23.359199
CVE-2026-41173The AWS X-Ray Remote Sampler package provides a sampler which can get sampling configurations from A ...2026. 04. 23.2026. 04. 23.359200
CVE-2026-41078OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Expor ...2026. 04. 23.2026. 04. 23.359201
CVE-2026-41259Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16 ...2026. 04. 23.2026. 04. 23.359198
CVE-2026-41247elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1 ...2026. 04. 23.2026. 04. 23.359197
CVE-2026-41246Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32. ...2026. 04. 23.2026. 04. 23.359196
CVE-2026-41205Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vuln ...2026. 04. 23.2026. 04. 23.359195
CVE-2026-40894OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 an ...2026. 04. 23.2026. 04. 23.359187
CVE-2026-40886Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on ...2026. 04. 23.2026. 04. 23.359186
CVE-2026-33694This vulnerability allows an attacker to create a junction, enabling the deletion of arbitrary files ...2026. 04. 23.2026. 04. 23.359185
CVE-2026-31173An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359193
CVE-2026-31169An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359192
CVE-2026-31168An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359194
CVE-2026-31167An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359191
CVE-2026-31166An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359190
CVE-2026-31163An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359189
CVE-2026-31162An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359188
CVE-2026-41909OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing ...2026. 04. 23.2026. 04. 23.359178
CVE-2026-41908OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media r ...2026. 04. 23.2026. 04. 23.359177
CVE-2026-40891OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting t ...2026. 04. 23.2026. 04. 23.359180
CVE-2026-40182OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting t ...2026. 04. 23.2026. 04. 23.359179
CVE-2026-31175An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359184
CVE-2026-31174An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359183
CVE-2026-31172An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359182
CVE-2026-31171An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359181
CVE-2026-6921Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potenti ...2026. 04. 23.2026. 04. 23.359169
CVE-2026-31165An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359171
CVE-2026-31164An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359172
CVE-2026-31160An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359170
CVE-2026-6920Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attac ...2026. 04. 23.2026. 04. 23.359159
CVE-2026-6919Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who ha ...2026. 04. 23.2026. 04. 23.359166
CVE-2026-5039TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug protocol with a cryptographic key ...2026. 04. 23.2026. 04. 23.359163
CVE-2026-31533In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in ...2026. 04. 23.2026. 04. 23.359162
CVE-2026-31179An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359165
CVE-2026-31181An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359164
CVE-2026-31178An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359168
CVE-2026-31177An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359161
CVE-2026-31176An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359167
CVE-2026-31159An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to ex ...2026. 04. 23.2026. 04. 23.359160
CVE-2026-41240DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to ...2026. 04. 23.2026. 04. 23.359153
CVE-2026-41239DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in versio ...2026. 04. 23.2026. 04. 23.359156
CVE-2026-41238DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 thr ...2026. 04. 23.2026. 04. 23.359062
CVE-2026-40472In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes ...2026. 04. 23.2026. 04. 23.359158
CVE-2026-40471hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on ...2026. 04. 23.2026. 04. 23.359155
CVE-2026-40470A critical XSS vulnerability affected hackage-server and hackage.haskell.org. HTML and JavaScript f ...2026. 04. 23.2026. 04. 23.359152
CVE-2026-39087An issue in Ntfy ntfy.sh before v.2.21 allows a remote attacker to execute arbitrary code via the pa ...2026. 04. 23.2026. 04. 23.359154
CVE-2026-34003A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could se ...2026. 04. 23.2026. 04. 23.359151
CVE-2026-34001A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence ...2026. 04. 23.2026. 04. 23.359149
CVE-2026-33999A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XK ...2026. 04. 23.2026. 04. 23.359150
CVE-2026-23751Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) ...2026. 04. 23.2026. 04. 23.359148
CVE-2026-41461SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in t ...2026. 04. 23.2026. 04. 23.359145
CVE-2026-41460SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/g ...2026. 04. 23.2026. 04. 23.359143
CVE-2026-35225An unauthenticated remote attacker is able to exhaust all available TCP connections in the CODESYS E ...2026. 04. 23.2026. 04. 23.359144
CVE-2026-39440Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFor ...2026. 04. 23.2026. 04. 23.359141
CVE-2026-31532In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-afte ...2026. 04. 23.2026. 04. 23.359131
CVE-2026-31531In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dyn ...2026. 04. 23.2026. 04. 23.359129
CVE-2026-28040Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...2026. 04. 23.2026. 04. 23.359138
CVE-2026-6903The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in ...2026. 04. 23.2026. 04. 23.359130
CVE-2026-6887Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vu ...2026. 04. 23.2026. 04. 23.359136
CVE-2026-6886Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication B ...2026. 04. 23.2026. 04. 23.359135
CVE-2026-6885Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File U ...2026. 04. 23.2026. 04. 23.359134
CVE-2026-5464The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for Word ...2026. 04. 23.2026. 04. 23.359132
CVE-2026-3960A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/I ...2026. 04. 23.2026. 04. 23.359128
CVE-2026-3259A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized Vie ...2026. 04. 23.2026. 04. 23.359133
CVE-2026-41564CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Cry ...2026. 04. 23.2026. 04. 23.359125
CVE-2026-41040GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a ...2026. 04. 23.2026. 04. 23.359127
CVE-2026-4512The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key se ...2026. 04. 23.2026. 04. 23.359122
CVE-2026-4106The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX act ...2026. 04. 23.2026. 04. 23.359121
CVE-2026-34488IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading ...2026. 04. 23.2026. 04. 23.359123
CVE-2026-41990Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check b ...2026. 04. 23.2026. 04. 23.359120
CVE-2026-41989Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via craf ...2026. 04. 23.2026. 04. 23.359119
CVE-2026-41988uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID ve ...2026. 04. 23.2026. 04. 23.359111
CVE-2026-41233Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, t ...2026. 04. 23.2026. 04. 23.359109
CVE-2026-41232Froxlor is open source server administration software. Prior to version 2.3.6, in `EmailSender::add( ...2026. 04. 23.2026. 04. 23.359115
CVE-2026-40529CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in ...2026. 04. 23.2026. 04. 23.359114
CVE-2026-41231Froxlor is open source server administration software. Prior to version 2.3.6, `DataDump.add()` cons ...2026. 04. 23.2026. 04. 23.359098
CVE-2026-41230Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` ...2026. 04. 23.2026. 04. 23.359104
CVE-2026-41229Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArra ...2026. 04. 23.2026. 04. 23.359066
CVE-2026-41228Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpo ...2026. 04. 23.2026. 04. 23.359065
CVE-2026-3361The WP Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpsl ...2026. 04. 23.2026. 04. 23.359110
CVE-2026-3007Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attack ...2026. 04. 23.2026. 04. 23.359118
CVE-2026-3844The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file ty ...2026. 04. 23.2026. 04. 23.359090
CVE-2026-2951The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vuln ...2026. 04. 23.2026. 04. 23.359095
CVE-2026-41679Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. ...2026. 04. 23.2026. 04. 23.359106
CVE-2026-41243OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0 ...2026. 04. 23.2026. 04. 23.359105
CVE-2026-41211Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `download ...2026. 04. 23.2026. 04. 23.359107
CVE-2026-41208Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. ...2026. 04. 23.2026. 04. 23.359093
CVE-2026-41206PySpector is a static analysis security testing (SAST) Framework engineered for modern Python develo ...2026. 04. 23.2026. 04. 23.359089
CVE-2026-41200STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) ...2026. 04. 23.2026. 04. 23.359097
CVE-2026-41197Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compat ...2026. 04. 23.2026. 04. 23.359092
CVE-2026-41196Luanti (formerly Minetest) is an open source voxel game-creation platform. Starting in version 5.0.0 ...2026. 04. 23.2026. 04. 23.359094
CVE-2026-41182LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to version 0. ...2026. 04. 23.2026. 04. 23.359072
CVE-2026-41180PsiTransfer is an open source, self-hosted file sharing solution. Prior to version 2.4.3, the upload ...2026. 04. 23.2026. 04. 23.359091
CVE-2026-1923The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site ...2026. 04. 23.2026. 04. 23.359096
CVE-2026-6874A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function ...2026. 04. 23.2026. 04. 23.359039
CVE-2026-5935IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow ...2026. 04. 23.2026. 04. 23.359101
CVE-2026-5926IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10 ...2026. 04. 23.2026. 04. 23.359100
CVE-2026-4919IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows a ...2026. 04. 23.2026. 04. 23.359103
CVE-2026-4918IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability a ...2026. 04. 23.2026. 04. 23.359102
CVE-2026-4917IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the ...2026. 04. 23.2026. 04. 23.359099
CVE-2026-3621IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Serve ...2026. 04. 23.2026. 04. 23.359064
CVE-2026-29198In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11.6, and <7.10.9, a NoSQL injec ...2026. 04. 23.2026. 04. 23.359117
CVE-2026-1726IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.12026. 04. 23.2026. 04. 23.359086
CVE-2026-1352IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 C ...2026. 04. 23.2026. 04. 23.359063
CVE-2026-1274IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerabi ...2026. 04. 23.2026. 04. 23.359085
CVE-2026-1272IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnera ...2026. 04. 23.2026. 04. 23.359083
CVE-2026-6878A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of ...2026. 04. 23.2026. 04. 23.359040
CVE-2026-41179Rclone is a command-line program to sync files and directories to and from different cloud storage p ...2026. 04. 23.2026. 04. 23.359082
CVE-2026-41176Rclone is a command-line program to sync files and directories to and from different cloud storage p ...2026. 04. 23.2026. 04. 23.359084
CVE-2026-40062A path Traversal vulnerability exists in Ziostation2 v2.9.8.7 and earlier. A remote unauthenticated ...2026. 04. 23.2026. 04. 23.359088
CVE-2026-32679The installers of LiveOn Meet Client for Windows (Downloader5Installer.exe and Downloader5InstallerF ...2026. 04. 23.2026. 04. 23.359087
CVE-2026-4049Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026. 04. 23.2026. 04. 23.
 
CVE-2026-41177Squidex is an open source headless content management system and content management hub. Prior to ve ...2026. 04. 23.2026. 04. 23.359116
CVE-2026-41175Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.20 and ...2026. 04. 23.2026. 04. 23.359113
CVE-2026-41172Squidex is an open source headless content management system and content management hub. Prior to ve ...2026. 04. 23.2026. 04. 23.359112
CVE-2026-40517radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() ...2026. 04. 23.2026. 04. 23.359108
CVE-2026-41168pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen ...2026. 04. 22.2026. 04. 23.359070
CVE-2026-41167Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple A ...2026. 04. 22.2026. 04. 23.359081
CVE-2026-41455WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL h ...2026. 04. 22.2026. 04. 23.359076
CVE-2026-41454WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoi ...2026. 04. 22.2026. 04. 23.359074
CVE-2026-41314pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen ...2026. 04. 22.2026. 04. 23.359069
CVE-2026-41313pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen ...2026. 04. 22.2026. 04. 23.359068
CVE-2026-41312pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen ...2026. 04. 22.2026. 04. 23.359067
CVE-2026-41171Squidex is an open source headless content management system and content management hub. Versions pr ...2026. 04. 22.2026. 04. 23.359077
CVE-2026-41170Squidex is an open source headless content management system and content management hub. Prior to ve ...2026. 04. 22.2026. 04. 23.359075
CVE-2026-41166OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `w ...2026. 04. 22.2026. 04. 23.359080
CVE-2026-41134Kiota is an OpenAPI based HTTP Client code generator. Versions prior to 1.31.1 are affected by a cod ...2026. 04. 22.2026. 04. 23.359073
CVE-2026-40937RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notif ...2026. 04. 22.2026. 04. 23.359078
CVE-2026-40882OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset ...2026. 04. 22.2026. 04. 23.359079
CVE-2026-3837An authenticated attacker can persist crafted values in multiple field types and trigger client-side ...2026. 04. 22.2026. 04. 22.359061
CVE-2026-34068nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prio ...2026. 04. 22.2026. 04. 22.359058
CVE-2026-34067nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prio ...2026. 04. 22.2026. 04. 22.359057
CVE-2026-33733EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the ...2026. 04. 22.2026. 04. 22.359056
CVE-2026-33656EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, Espo ...2026. 04. 22.2026. 04. 22.359055
CVE-2026-6019http.cookies.Morsel.js_output() returns an inline snippet and only escapes " for JavaScript string ...2026. 04. 22.2026. 04. 22.359054
CVE-2026-3673An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript executi ...2026. 04. 22.2026. 04. 22.359060
CVE-2026-34066nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version ...2026. 04. 22.2026. 04. 22.359050
CVE-2026-34065nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust ...2026. 04. 22.2026. 04. 22.359053
CVE-2026-34064nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to versio ...2026. 04. 22.2026. 04. 22.359052
CVE-2026-34063Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `n ...2026. 04. 22.2026. 04. 22.359047
CVE-2026-34062nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCode ...2026. 04. 22.2026. 04. 22.359051
CVE-2026-41459Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that ...2026. 04. 22.2026. 04. 22.359046
CVE-2026-34415Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability ...2026. 04. 22.2026. 04. 22.359049
CVE-2026-34414Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in t ...2026. 04. 22.2026. 04. 22.359048
CVE-2026-34413Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in th ...2026. 04. 22.2026. 04. 22.359045
CVE-2026-33471nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the A ...2026. 04. 22.2026. 04. 22.359059
CVE-2026-41469Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loadin ...2026. 04. 22.2026. 04. 22.359041
CVE-2026-41468Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbo ...2026. 04. 22.2026. 04. 22.359042
CVE-2026-28950A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.8 and iP ...2026. 04. 22.2026. 04. 22.359044
CVE-2026-26354Dell PowerProtect Data Domain with Domain Operating System (DD OS) of Feature Release versions 7.7.1 ...2026. 04. 22.2026. 04. 22.359043
CVE-2026-32885DDEV is an open-source tool for running local web development environments for PHP and Node.js. Vers ...2026. 04. 22.2026. 04. 22.359038
CVE-2026-4922GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 ...2026. 04. 22.2026. 04. 22.359034
CVE-2026-3254GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that ...2026. 04. 22.2026. 04. 22.359027
CVE-2026-6515GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 ...2026. 04. 22.2026. 04. 22.359026
CVE-2026-5816GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and ...2026. 04. 22.2026. 04. 22.359025
CVE-2026-5377GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that ...2026. 04. 22.2026. 04. 22.359024
CVE-2026-5262GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18. ...2026. 04. 22.2026. 04. 22.359023
CVE-2026-35382Voluntarily withdrawn2026. 04. 22.2026. 04. 22.
 
CVE-2026-35381A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delim ...2026. 04. 22.2026. 04. 22.358988
CVE-2026-35380A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the ...2026. 04. 22.2026. 04. 22.359016
CVE-2026-35379A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:g ...2026. 04. 22.2026. 04. 22.358992
CVE-2026-35378A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized s ...2026. 04. 22.2026. 04. 22.358987
CVE-2026-35377A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-lin ...2026. 04. 22.2026. 04. 22.358997
CVE-2026-35376A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the chcon utility of uutils coreutil ...2026. 04. 22.2026. 04. 22.359031
CVE-2026-35375A logic error in the split utility of uutils coreutils causes the corruption of output filenames whe ...2026. 04. 22.2026. 04. 22.358991
CVE-2026-35374A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutil ...2026. 04. 22.2026. 04. 22.359037
CVE-2026-35373A logic error in the ln utility of uutils coreutils causes the program to reject source paths contai ...2026. 04. 22.2026. 04. 22.358995
CVE-2026-35372A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic lin ...2026. 04. 22.2026. 04. 22.359030
CVE-2026-35371The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the ...2026. 04. 22.2026. 04. 22.359022
CVE-2026-35370The id utility in uutils coreutils miscalculates the groups= section of its output. The implementati ...2026. 04. 22.2026. 04. 22.358986
CVE-2026-35369An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as ...2026. 04. 22.2026. 04. 22.358984
CVE-2026-35368A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. T ...2026. 04. 22.2026. 04. 22.359015
CVE-2026-35367The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying ...2026. 04. 22.2026. 04. 22.358990
CVE-2026-35366The printenv utility in uutils coreutils fails to display environment variables containing invalid U ...2026. 04. 22.2026. 04. 22.359014
CVE-2026-35365The mv utility in uutils coreutils improperly handles directory trees containing symbolic links duri ...2026. 04. 22.2026. 04. 22.359012
CVE-2026-35364A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils ...2026. 04. 22.2026. 04. 22.359029
CVE-2026-35363A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms inte ...2026. 04. 22.2026. 04. 22.359017
CVE-2026-35362The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Ti ...2026. 04. 22.2026. 04. 22.358985
CVE-2026-35361The mknod utility in uutils coreutils fails to handle security labels atomically by creating device ...2026. 04. 22.2026. 04. 22.359013
CVE-2026-35360The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race ...2026. 04. 22.2026. 04. 22.359018
CVE-2026-35359A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows a ...2026. 04. 22.2026. 04. 22.359011
CVE-2026-35358The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats charac ...2026. 04. 22.2026. 04. 22.359010
CVE-2026-35357The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destin ...2026. 04. 22.2026. 04. 22.359035
CVE-2026-35356A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreut ...2026. 04. 22.2026. 04. 22.359009
CVE-2026-35355The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) rac ...2026. 04. 22.2026. 04. 22.359033
CVE-2026-35354A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils d ...2026. 04. 22.2026. 04. 22.359028
CVE-2026-35353The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by crea ...2026. 04. 22.2026. 04. 22.359019
CVE-2026-35352A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreut ...2026. 04. 22.2026. 04. 22.359032
CVE-2026-35351The mv utility in uutils coreutils fails to preserve file ownership during moves across different fi ...2026. 04. 22.2026. 04. 22.358998
CVE-2026-35350The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership pr ...2026. 04. 22.2026. 04. 22.358994
CVE-2026-35349A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protect ...2026. 04. 22.2026. 04. 22.359007
CVE-2026-35348The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from o ...2026. 04. 22.2026. 04. 22.358996
CVE-2026-35347The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before p ...2026. 04. 22.2026. 04. 22.359008
CVE-2026-35346The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on ...2026. 04. 22.2026. 04. 22.358989
CVE-2026-35345A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive fil ...2026. 04. 22.2026. 04. 22.358993
CVE-2026-35344The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditio ...2026. 04. 22.2026. 04. 22.358983
CVE-2026-35343The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newlin ...2026. 04. 22.2026. 04. 22.359006
CVE-2026-35342The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable ...2026. 04. 22.2026. 04. 22.358982
CVE-2026-35341A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions o ...2026. 04. 22.2026. 04. 22.359005
CVE-2026-35340A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return ...2026. 04. 22.2026. 04. 22.359004
CVE-2026-35339The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when ...2026. 04. 22.2026. 04. 22.359003
CVE-2026-35338A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root ...2026. 04. 22.2026. 04. 22.359002
CVE-2026-1660GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.9.6, 18.10 ...2026. 04. 22.2026. 04. 22.359021
CVE-2026-30139A reflected cross-site scripting (XSS) vulnerability in the AdvancedSearch functionality of Silverpe ...2026. 04. 22.2026. 04. 22.358981
CVE-2026-35548An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 ...2026. 04. 22.2026. 04. 22.358953
CVE-2026-6862A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fai ...2026. 04. 22.2026. 04. 22.358961
CVE-2026-6861A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs proc ...2026. 04. 22.2026. 04. 22.358952
CVE-2026-33611An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS ...2026. 04. 22.2026. 04. 22.358958
CVE-2026-33610A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when ...2026. 04. 22.2026. 04. 22.358966
CVE-2026-33609Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queri ...2026. 04. 22.2026. 04. 22.358967
CVE-2026-33608An attacker can send a notify request that causes a new secondary domain to be added to the bind bac ...2026. 04. 22.2026. 04. 22.358957
CVE-2026-33602A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum co ...2026. 04. 22.2026. 04. 22.358964
CVE-2026-33599A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, whe ...2026. 04. 22.2026. 04. 22.358956
CVE-2026-33598A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAd ...2026. 04. 22.2026. 04. 22.358965
CVE-2026-33597PRSD detection denial of service2026. 04. 22.2026. 04. 22.358963
CVE-2026-33596A client might theoretically be able to cause a mismatch between queries sent to a backend and the r ...2026. 04. 22.2026. 04. 22.358960
CVE-2026-33595A client can trigger excessive memory allocation by generating a lot of errors responses over a sing ...2026. 04. 22.2026. 04. 22.358955
CVE-2026-33594A client can trigger excessive memory allocation by generating a lot of queries that are routed to a ...2026. 04. 22.2026. 04. 22.358959
CVE-2026-33593A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.2026. 04. 22.2026. 04. 22.358962
CVE-2026-33254An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memor ...2026. 04. 22.2026. 04. 22.358954
CVE-2026-31530In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of ...2026. 04. 22.2026. 04. 22.358861
CVE-2026-31529In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __co ...2026. 04. 22.2026. 04. 22.358903
CVE-2026-31528In the Linux kernel, the following vulnerability has been resolved: perf: Make sure to use pmu_ctx- ...2026. 04. 22.2026. 04. 22.358944
CVE-2026-31527In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use gene ...2026. 04. 22.2026. 04. 22.358941
CVE-2026-31526In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exception exit lock ch ...2026. 04. 22.2026. 04. 22.358901
CVE-2026-31525In the Linux kernel, the following vulnerability has been resolved: bpf: Fix undefined behavior in ...2026. 04. 22.2026. 04. 22.358873
CVE-2026-31524In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in ...2026. 04. 22.2026. 04. 22.358900
CVE-2026-31523In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling ...2026. 04. 22.2026. 04. 22.358945
CVE-2026-31522In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory l ...2026. 04. 22.2026. 04. 22.358899
CVE-2026-31521In the Linux kernel, the following vulnerability has been resolved: module: Fix kernel panic when a ...2026. 04. 22.2026. 04. 22.358898
CVE-2026-31520In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak i ...2026. 04. 22.2026. 04. 22.358859
CVE-2026-31519In the Linux kernel, the following vulnerability has been resolved: btrfs: set BTRFS_ROOT_ORPHAN_CL ...2026. 04. 22.2026. 04. 22.358872
CVE-2026-31518In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp ...2026. 04. 22.2026. 04. 22.358948
CVE-2026-31517In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() pani ...2026. 04. 22.2026. 04. 22.358950
CVE-2026-31516In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.wo ...2026. 04. 22.2026. 04. 22.358939
CVE-2026-31515In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pf ...2026. 04. 22.2026. 04. 22.358946
CVE-2026-31514In the Linux kernel, the following vulnerability has been resolved: erofs: set fileio bio failed in ...2026. 04. 22.2026. 04. 22.358897
CVE-2026-31513In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out ...2026. 04. 22.2026. 04. 22.358942
CVE-2026-31512In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU ...2026. 04. 22.2026. 04. 22.358937
CVE-2026-31511In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling p ...2026. 04. 22.2026. 04. 22.358932
CVE-2026-31510In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr- ...2026. 04. 22.2026. 04. 22.358896
CVE-2026-31509In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking ...2026. 04. 22.2026. 04. 22.358934
CVE-2026-31508In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasi ...2026. 04. 22.2026. 04. 22.358871
CVE-2026-31507In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc ...2026. 04. 22.2026. 04. 22.358895
CVE-2026-31506In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of ...2026. 04. 22.2026. 04. 22.358930
CVE-2026-31505In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes ...2026. 04. 22.2026. 04. 22.358864
CVE-2026-31504In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_r ...2026. 04. 22.2026. 04. 22.321044
CVE-2026-31503In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict ...2026. 04. 22.2026. 04. 22.358947
CVE-2026-31502In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confu ...2026. 04. 22.2026. 04. 22.358870
CVE-2026-31501In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use- ...2026. 04. 22.2026. 04. 22.358936
CVE-2026-31500In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize b ...2026. 04. 22.2026. 04. 22.358933
CVE-2026-31499In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock ...2026. 04. 22.2026. 04. 22.358931
CVE-2026-31498In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-i ...2026. 04. 22.2026. 04. 22.358869
CVE-2026-31497In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO alt ...2026. 04. 22.2026. 04. 22.358935
CVE-2026-31496In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: ...2026. 04. 22.2026. 04. 22.358894
CVE-2026-31495In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netli ...2026. 04. 22.2026. 04. 22.358929
CVE-2026-31494In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queu ...2026. 04. 22.2026. 04. 22.358951
CVE-2026-31493In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ...2026. 04. 22.2026. 04. 22.358928
CVE-2026-31492In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp ...2026. 04. 22.2026. 04. 22.358927
CVE-2026-31491In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calcul ...2026. 04. 22.2026. 04. 22.358926
CVE-2026-31490In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free i ...2026. 04. 22.2026. 04. 22.358868
CVE-2026-31489In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-pu ...2026. 04. 22.2026. 04. 22.358925
CVE-2026-31488In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip un ...2026. 04. 22.2026. 04. 22.358866
CVE-2026-31487In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_overrid ...2026. 04. 22.2026. 04. 22.358893
CVE-2026-31486In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect reg ...2026. 04. 22.2026. 04. 22.358892
CVE-2026-31485In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardow ...2026. 04. 22.2026. 04. 22.358924
CVE-2026-31484In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: fix OOB read i ...2026. 04. 22.2026. 04. 22.358922
CVE-2026-31483In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre boun ...2026. 04. 22.2026. 04. 22.358923
CVE-2026-31482In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register ...2026. 04. 22.2026. 04. 22.358891
CVE-2026-31481In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger ...2026. 04. 22.2026. 04. 22.358921
CVE-2026-31480In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock ...2026. 04. 22.2026. 04. 22.358920
CVE-2026-31479In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of re ...2026. 04. 22.2026. 04. 22.358890
CVE-2026-31478In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_l ...2026. 04. 22.2026. 04. 22.358889
CVE-2026-31477In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NUL ...2026. 04. 22.2026. 04. 22.358919
CVE-2026-31476In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on ...2026. 04. 22.2026. 04. 22.358887
CVE-2026-31475In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free ...2026. 04. 22.2026. 04. 22.358882
CVE-2026-31474In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-afte ...2026. 04. 22.2026. 04. 22.358884
CVE-2026-31473In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REIN ...2026. 04. 22.2026. 04. 22.358918
CVE-2026-31472In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv ...2026. 04. 22.2026. 04. 22.358917
CVE-2026-31471In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode_ ...2026. 04. 22.2026. 04. 22.358916
CVE-2026-31470In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fix handling o ...2026. 04. 22.2026. 04. 22.358943
CVE-2026-31469In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops ...2026. 04. 22.2026. 04. 22.358867
CVE-2026-31468In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dm ...2026. 04. 22.2026. 04. 22.358915
CVE-2026-31467In the Linux kernel, the following vulnerability has been resolved: erofs: add GFP_NOIO in the bio ...2026. 04. 22.2026. 04. 22.358885
CVE-2026-31466In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't ...2026. 04. 22.2026. 04. 22.358862
CVE-2026-31465In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for ...2026. 04. 22.2026. 04. 22.358883
CVE-2026-31464In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ...2026. 04. 22.2026. 04. 22.358860
CVE-2026-31463In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access ...2026. 04. 22.2026. 04. 22.358888
CVE-2026-31462In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate P ...2026. 04. 22.2026. 04. 22.358886
CVE-2026-31461In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid l ...2026. 04. 22.2026. 04. 22.358879
CVE-2026-31460In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_c ...2026. 04. 22.2026. 04. 22.358880
CVE-2026-31459In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx l ...2026. 04. 22.2026. 04. 22.358881
CVE-2026-31458In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts- ...2026. 04. 22.2026. 04. 22.358914
CVE-2026-31457In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts- ...2026. 04. 22.2026. 04. 22.358913
CVE-2026-31456In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between c ...2026. 04. 22.2026. 04. 22.358878
CVE-2026-31455In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushin ...2026. 04. 22.2026. 04. 22.358912
CVE-2026-31454In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping ...2026. 04. 22.2026. 04. 22.358949
CVE-2026-31453In the Linux kernel, the following vulnerability has been resolved: xfs: avoid dereferencing log it ...2026. 04. 22.2026. 04. 22.358911
CVE-2026-31452In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to ex ...2026. 04. 22.2026. 04. 22.358865
CVE-2026-31451In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with prope ...2026. 04. 22.2026. 04. 22.358910
CVE-2026-31450In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after init ...2026. 04. 22.2026. 04. 22.358863
CVE-2026-31449In the Linux kernel, the following vulnerability has been resolved: ext4: validate p_idx bounds in ...2026. 04. 22.2026. 04. 22.358909
CVE-2026-31448In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caus ...2026. 04. 22.2026. 04. 22.358940
CVE-2026-31447In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc ...2026. 04. 22.2026. 04. 22.358908
CVE-2026-31446In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in upd ...2026. 04. 22.2026. 04. 22.358877
CVE-2026-31445In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of hal ...2026. 04. 22.2026. 04. 22.358876
CVE-2026-31444In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free and N ...2026. 04. 22.2026. 04. 22.358907
CVE-2026-31443In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when ...2026. 04. 22.2026. 04. 22.358906
CVE-2026-31442In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible i ...2026. 04. 22.2026. 04. 22.358905
CVE-2026-31441In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory lea ...2026. 04. 22.2026. 04. 22.358875
CVE-2026-31440In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking ev ...2026. 04. 22.2026. 04. 22.358904
CVE-2026-31439In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix re ...2026. 04. 22.2026. 04. 22.358902
CVE-2026-31438In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_ ...2026. 04. 22.2026. 04. 22.358874
CVE-2026-31437In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer derefer ...2026. 04. 22.2026. 04. 22.358857
CVE-2026-31436In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix possible w ...2026. 04. 22.2026. 04. 22.358858
CVE-2026-31435In the Linux kernel, the following vulnerability has been resolved: netfs: Fix read abandonment dur ...2026. 04. 22.2026. 04. 22.358855
CVE-2026-31434In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name ...2026. 04. 22.2026. 04. 22.358854
CVE-2026-31192Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6. ...2026. 04. 22.2026. 04. 22.358856
CVE-2026-6859A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when ...2026. 04. 22.2026. 04. 22.358847
CVE-2026-6356A vulnerability in the web application allows standard users to escalate their privileges to those o ...2026. 04. 22.2026. 04. 22.358851
CVE-2026-6355A vulnerability in the web application allows unauthorized users to access and manipulate sensitive ...2026. 04. 22.2026. 04. 22.358850
CVE-2026-5750An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process all ...2026. 04. 22.2026. 04. 22.358849
CVE-2026-5749Inadequate access control in the registration process in Fullstep V5, which could allow unauthentica ...2026. 04. 22.2026. 04. 22.358848
CVE-2026-41651PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way us ...2026. 04. 22.2026. 04. 22.358852
CVE-2026-0539Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local att ...2026. 04. 22.2026. 04. 22.358853
CVE-2026-6857A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the Prot ...2026. 04. 22.2026. 04. 22.358845
CVE-2026-6855A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in th ...2026. 04. 22.2026. 04. 22.358846
CVE-2026-33601If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zo ...2026. 04. 22.2026. 04. 22.358837
CVE-2026-33262An attacker can send replies that result in a null pointer dereference, caused by a missing consiste ...2026. 04. 22.2026. 04. 22.358844
CVE-2026-33261A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of s ...2026. 04. 22.2026. 04. 22.358843
CVE-2026-33260An attacker can send a web request that causes unlimited memory allocation in the internal web serve ...2026. 04. 22.2026. 04. 22.358840
CVE-2026-33259Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free a ...2026. 04. 22.2026. 04. 22.358836
CVE-2026-33258By publishing and querying a crafted zone an attacker can cause allocation of large entries in the n ...2026. 04. 22.2026. 04. 22.358842
CVE-2026-33257An attacker can send a web request that causes unlimited memory allocation in the internal web serve ...2026. 04. 22.2026. 04. 22.358839
CVE-2026-33256An attacker can send a web request that causes unlimited memory allocation in the internal web serve ...2026. 04. 22.2026. 04. 22.358838
CVE-2026-6848A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive ...2026. 04. 22.2026. 04. 22.358833
CVE-2026-33600An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by ...2026. 04. 22.2026. 04. 22.358841
CVE-2026-1930The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missi ...2026. 04. 22.2026. 04. 22.358831
CVE-2026-1913The Gallagher Website Design plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t ...2026. 04. 22.2026. 04. 22.358835
CVE-2026-1395The Gutentools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Slider ...2026. 04. 22.2026. 04. 22.358834
CVE-2026-6845A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a ...2026. 04. 22.2026. 04. 22.358830
CVE-2026-6396The Fast & Fancy Filter – 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in v ...2026. 04. 22.2026. 04. 22.358829
CVE-2026-6294The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in vers ...2026. 04. 22.2026. 04. 22.358832
CVE-2026-6246The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...2026. 04. 22.2026. 04. 22.358828
CVE-2026-6236The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' short ...2026. 04. 22.2026. 04. 22.358827
CVE-2026-6235The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'ma ...2026. 04. 22.2026. 04. 22.358826
CVE-2026-6041The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom ...2026. 04. 22.2026. 04. 22.358816
CVE-2026-5820The Zypento Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table o ...2026. 04. 22.2026. 04. 22.358819
CVE-2026-5767The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin ...2026. 04. 22.2026. 04. 22.358818
CVE-2026-5748The Text Snippets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ...2026. 04. 22.2026. 04. 22.358820
CVE-2026-4353The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' ...2026. 04. 22.2026. 04. 22.358821
CVE-2026-4280The Breaking News WP plugin for WordPress is vulnerable to Local File Inclusion in all versions up t ...2026. 04. 22.2026. 04. 22.358825
CVE-2026-4279The Bread & Butter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'breadb ...2026. 04. 22.2026. 04. 22.358817
CVE-2026-6846A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a speciall ...2026. 04. 22.2026. 04. 22.358823
CVE-2026-6844A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit tw ...2026. 04. 22.2026. 04. 22.358822
CVE-2026-6843A flaw was found in nano. A local user could exploit a format string vulnerability in the `statuslin ...2026. 04. 22.2026. 04. 22.358824
CVE-2026-4142The Sentence To SEO (keywords, description and tags) plugin for WordPress is vulnerable to Stored Cr ...2026. 04. 22.2026. 04. 22.358812
CVE-2026-4140The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in ...2026. 04. 22.2026. 04. 22.358809
CVE-2026-4139The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t ...2026. 04. 22.2026. 04. 22.358814
CVE-2026-4138The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v ...2026. 04. 22.2026. 04. 22.358808
CVE-2026-4133The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all v ...2026. 04. 22.2026. 04. 22.358815
CVE-2026-4132The HTTP Headers plugin for WordPress is vulnerable to External Control of File Name or Path leading ...2026. 04. 22.2026. 04. 22.358783
CVE-2026-4131The WP Responsive Popup + Optin plugin for WordPress is vulnerable to Cross-Site Request Forgery in ...2026. 04. 22.2026. 04. 22.358806
CVE-2026-4128The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization ...2026. 04. 22.2026. 04. 22.358804
CVE-2026-4126The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versio ...2026. 04. 22.2026. 04. 22.358807
CVE-2026-4125The WPMK Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' sho ...2026. 04. 22.2026. 04. 22.358813
CVE-2026-4121The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to ...2026. 04. 22.2026. 04. 22.358790
CVE-2026-4119The Create DB Tables plugin for WordPress is vulnerable to authorization bypass in all versions up t ...2026. 04. 22.2026. 04. 22.358795
CVE-2026-4118The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all ve ...2026. 04. 22.2026. 04. 22.358803
CVE-2026-4117The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and incl ...2026. 04. 22.2026. 04. 22.358785
CVE-2026-4090The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up ...2026. 04. 22.2026. 04. 22.358805
CVE-2026-4089The Twittee Text Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id ...2026. 04. 22.2026. 04. 22.358811
CVE-2026-4088The Switch CTA Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wppw_c ...2026. 04. 22.2026. 04. 22.358810
CVE-2026-4085The Easy Social Photos Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...2026. 04. 22.2026. 04. 22.358798
CVE-2026-4082The ER Swiffy Insert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [swif ...2026. 04. 22.2026. 04. 22.358800
CVE-2026-4076The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ...2026. 04. 22.2026. 04. 22.358801
CVE-2026-4074The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via t ...2026. 04. 22.2026. 04. 22.358789
CVE-2026-3362The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' ...2026. 04. 22.2026. 04. 22.358797
CVE-2026-31433In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial OOB in get ...2026. 04. 22.2026. 04. 22.358788
CVE-2026-31432In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix OOB write in QUERY_I ...2026. 04. 22.2026. 04. 22.358787
CVE-2026-31431In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to ...2026. 04. 22.2026. 04. 22.358784
CVE-2026-2719The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exce ...2026. 04. 22.2026. 04. 22.358796
CVE-2026-2717The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and inc ...2026. 04. 22.2026. 04. 22.358782
CVE-2026-2714The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' ...2026. 04. 22.2026. 04. 22.358799
CVE-2026-1845The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin sett ...2026. 04. 22.2026. 04. 22.358793
CVE-2026-1379The HTTP Headers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setting ...2026. 04. 22.2026. 04. 22.358802
CVE-2026-6842A flaw was found in nano. In environments with permissive umask settings, a local attacker can explo ...2026. 04. 22.2026. 04. 22.358794
CVE-2026-6023In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control i ...2026. 04. 22.2026. 04. 22.358791
CVE-2026-6022In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled res ...2026. 04. 22.2026. 04. 22.358792
CVE-2026-40542Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the cli ...2026. 04. 22.2026. 04. 22.358786
CVE-2026-6840Missing bounds validation for operator could allow out of range operator-code lookup during model l ...2026. 04. 22.2026. 04. 22.358781
CVE-2026-6839Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out o ...2026. 04. 22.2026. 04. 22.358776
CVE-2026-41667Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause inc ...2026. 04. 22.2026. 04. 22.358775
CVE-2026-41666Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bou ...2026. 04. 22.2026. 04. 22.358774
CVE-2026-41665Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause ...2026. 04. 22.2026. 04. 22.358773
CVE-2026-41664Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid me ...2026. 04. 22.2026. 04. 22.358769
CVE-2026-40450Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incor ...2026. 04. 22.2026. 04. 22.358772
CVE-2026-40449Integer overflow in buffer size calculation could result in out of bounds memory access when handlin ...2026. 04. 22.2026. 04. 22.358771
CVE-2026-40448Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory a ...2026. 04. 22.2026. 04. 22.358770
CVE-2026-22754Vulnerability in Spring Spring Security. If an application uses  to define the servlet path for co ...2026. 04. 22.2026. 04. 22.358777
CVE-2026-22753Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a ...2026. 04. 22.2026. 04. 22.358768
CVE-2026-22748Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwt ...2026. 04. 22.2026. 04. 22.358780
CVE-2026-22747Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle c ...2026. 04. 22.2026. 04. 22.358779
CVE-2026-22746Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #is ...2026. 04. 22.2026. 04. 22.358778
CVE-2026-40451DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vuln ...2026. 04. 22.2026. 04. 22.358757
CVE-2026-6416Tanium addressed an uncontrolled resource consumption vulnerability in Interact.2026. 04. 22.2026. 04. 22.358764
CVE-2026-6408Tanium addressed an information disclosure vulnerability in Tanium Server.2026. 04. 22.2026. 04. 22.358763
CVE-2026-6392Tanium addressed an information disclosure vulnerability in Threat Response.2026. 04. 22.2026. 04. 22.358767
CVE-2026-6386In order to apply a particular protection key to an address range, the kernel must update the corres ...2026. 04. 22.2026. 04. 22.358762
CVE-2026-5398The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the c ...2026. 04. 22.2026. 04. 22.358766
CVE-2026-41458OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login h ...2026. 04. 22.2026. 04. 22.358758
CVE-2026-41457OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and fi ...2026. 04. 22.2026. 04. 22.358761
CVE-2026-6835The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated ...2026. 04. 22.2026. 04. 22.358759
CVE-2026-6834The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated rem ...2026. 04. 22.2026. 04. 22.358760
CVE-2026-6833The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote atta ...2026. 04. 22.2026. 04. 22.358765
CVE-2026-41304WWBN AVideo is an open source video platform. In versions 29.0 and below, the `cloneServer.json.php` ...2026. 04. 22.2026. 04. 22.358619
CVE-2026-41064WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fi ...2026. 04. 22.2026. 04. 22.358618
CVE-2026-41059OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 ...2026. 04. 22.2026. 04. 22.358622
CVE-2026-40575OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 ...2026. 04. 22.2026. 04. 22.358624
CVE-2026-41130Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the ...2026. 04. 22.2026. 04. 22.358626
CVE-2026-41129Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5. ...2026. 04. 22.2026. 04. 22.358627
CVE-2026-41128Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePer ...2026. 04. 22.2026. 04. 22.358625
CVE-2026-41127BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authoriza ...2026. 04. 22.2026. 04. 22.358623
CVE-2026-41126BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect th ...2026. 04. 22.2026. 04. 22.358616
CVE-2026-41135free5GC UDR is the Policy Control Function (PCF) for free5GC, an an open-source project for 5th gene ...2026. 04. 22.2026. 04. 22.358612
CVE-2026-41133pyLoad is a free and open-source download manager written in Python. Versions up to and including 0. ...2026. 04. 22.2026. 04. 22.358608
CVE-2026-41131OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in spec ...2026. 04. 22.2026. 04. 22.358617
CVE-2026-40343free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generat ...2026. 04. 22.2026. 04. 22.358615
CVE-2026-41144F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedd ...2026. 04. 22.2026. 04. 22.358613
CVE-2026-41136free5GC AMF provides Access & Mobility Management Function (AMF) for free5GC, an an open-source proj ...2026. 04. 22.2026. 04. 22.358614
CVE-2026-41145MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio ...2026. 04. 22.2026. 04. 22.358610
CVE-2026-40344MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prio ...2026. 04. 22.2026. 04. 22.358609
CVE-2026-41146facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a9 ...2026. 04. 22.2026. 04. 22.358611
CVE-2026-5921A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that a ...2026. 04. 22.2026. 04. 22.358754
CVE-2026-5512An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an a ...2026. 04. 22.2026. 04. 22.358741
CVE-2026-4872Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.2026. 04. 22.2026. 04. 22.
 
CVE-2026-4821An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Ser ...2026. 04. 22.2026. 04. 22.358742
CVE-2026-4296An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowe ...2026. 04. 22.2026. 04. 22.358740
CVE-2026-41063WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete XSS fix in ...2026. 04. 22.2026. 04. 22.358751
CVE-2026-41062WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fi ...2026. 04. 22.2026. 04. 22.358621
CVE-2026-41061WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isValidDuration()` re ...2026. 04. 22.2026. 04. 22.358620
CVE-2026-41055WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in ...2026. 04. 22.2026. 04. 22.358732
CVE-2026-6832Hermes WebUI contains an arbitrary file deletion vulnerability in the /api/session/delete endpoint t ...2026. 04. 22.2026. 04. 22.358744
CVE-2026-6830nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching ...2026. 04. 22.2026. 04. 22.358747
CVE-2026-6829nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated atta ...2026. 04. 22.2026. 04. 22.358735
CVE-2026-6799A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unkno ...2026. 04. 22.2026. 04. 22.358492
CVE-2026-41527KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra u ...2026. 04. 22.2026. 04. 22.358755
CVE-2026-40946Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider ...2026. 04. 22.2026. 04. 22.358746
CVE-2026-40945Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, t ...2026. 04. 22.2026. 04. 22.358745
CVE-2026-40944Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in ...2026. 04. 22.2026. 04. 22.358734
CVE-2026-40943Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session ...2026. 04. 22.2026. 04. 22.358750
CVE-2026-40942The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and F ...2026. 04. 22.2026. 04. 22.358752
CVE-2026-40939The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and F ...2026. 04. 22.2026. 04. 22.358748
CVE-2026-40933Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. ...2026. 04. 22.2026. 04. 22.358753
CVE-2026-40931Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch fo ...2026. 04. 22.2026. 04. 22.344438
CVE-2026-40706In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix ...2026. 04. 22.2026. 04. 22.358544
CVE-2026-1354Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with t ...2026. 04. 22.2026. 04. 22.358733
CVE-2026-6823HKUDS OpenHarness prior to PR #147 remediation contains an insecure default configuration vulnerabil ...2026. 04. 22.2026. 04. 22.358731
CVE-2026-6797A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability ...2026. 04. 22.2026. 04. 22.358491
CVE-2026-40938Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0. ...2026. 04. 22.2026. 04. 22.358743
CVE-2026-40927Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving ...2026. 04. 22.2026. 04. 22.358739
CVE-2026-40924Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to ...2026. 04. 22.2026. 04. 22.358730
CVE-2026-40923Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to ...2026. 04. 22.2026. 04. 22.358737
CVE-2026-35252Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracl ...2026. 04. 22.2026. 04. 22.358689
CVE-2026-35251Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...2026. 04. 22.2026. 04. 22.358720
CVE-2026-35250Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...2026. 04. 22.2026. 04. 22.358728
CVE-2026-35249Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...2026. 04. 22.2026. 04. 22.358725
CVE-2026-35248Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...2026. 04. 22.2026. 04. 22.358722
CVE-2026-35247Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...2026. 04. 22.2026. 04. 22.358721
CVE-2026-35246Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...2026. 04. 22.2026. 04. 22.358719
CVE-2026-35245Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...2026. 04. 22.2026. 04. 22.358703
CVE-2026-35244Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component ...2026. 04. 22.2026. 04. 22.358723
CVE-2026-35243Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middlew ...2026. 04. 22.2026. 04. 22.358718
CVE-2026-35242Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...2026. 04. 22.2026. 04. 22.358717
CVE-2026-35241Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (componen ...2026. 04. 22.2026. 04. 22.358691
CVE-2026-35240Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...2026. 04. 22.2026. 04. 22.358702
CVE-2026-35239Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versi ...2026. 04. 22.2026. 04. 22.358699
CVE-2026-35238Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t ...2026. 04. 22.2026. 04. 22.358701
CVE-2026-35237Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t ...2026. 04. 22.2026. 04. 22.358700
CVE-2026-35236Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t ...2026. 04. 22.2026. 04. 22.358698
CVE-2026-35235Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versi ...2026. 04. 22.2026. 04. 22.358706
CVE-2026-35234Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported ...2026. 04. 22.2026. 04. 22.358697
CVE-2026-35232Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versio ...2026. 04. 22.2026. 04. 22.358692
CVE-2026-35231Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Ser ...2026. 04. 22.2026. 04. 22.358695
CVE-2026-35230Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The ...2026. 04. 22.2026. 04. 22.358716
CVE-2026-35229Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec ...2026. 04. 22.2026. 04. 22.358688
CVE-2026-34325Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...2026. 04. 22.2026. 04. 22.358729
CVE-2026-34324Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (compon ...2026. 04. 22.2026. 04. 22.358714
CVE-2026-34323Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (compon ...2026. 04. 22.2026. 04. 22.358715
CVE-2026-34321Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...2026. 04. 22.2026. 04. 22.358713
CVE-2026-34320Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Servic ...2026. 04. 22.2026. 04. 22.358696
CVE-2026-34319Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported ...2026. 04. 22.2026. 04. 22.358727
CVE-2026-34318Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported ...2026. 04. 22.2026. 04. 22.358694
CVE-2026-34317Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported ...2026. 04. 22.2026. 04. 22.358724
CVE-2026-34315Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv ...2026. 04. 22.2026. 04. 22.358653
CVE-2026-34314Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...2026. 04. 22.2026. 04. 22.358693
CVE-2026-34313Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...2026. 04. 22.2026. 04. 22.358690
CVE-2026-34312Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affecte ...2026. 04. 22.2026. 04. 22.358726
CVE-2026-34310Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...2026. 04. 22.2026. 04. 22.358687
CVE-2026-34309Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Secu ...2026. 04. 22.2026. 04. 22.358646
CVE-2026-34308Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported vers ...2026. 04. 22.2026. 04. 22.358685
CVE-2026-34307Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Work ...2026. 04. 22.2026. 04. 22.358652
CVE-2026-34306Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (compone ...2026. 04. 22.2026. 04. 22.358645
CVE-2026-34305Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Serv ...2026. 04. 22.2026. 04. 22.358644
CVE-2026-34304Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t ...2026. 04. 22.2026. 04. 22.358684
CVE-2026-34303Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...2026. 04. 22.2026. 04. 22.358686
CVE-2026-34302Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader) ...2026. 04. 22.2026. 04. 22.358665
CVE-2026-34301Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft ( ...2026. 04. 22.2026. 04. 22.358642
CVE-2026-34300Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Co ...2026. 04. 22.2026. 04. 22.358641
CVE-2026-34299Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft ( ...2026. 04. 22.2026. 04. 22.358643
CVE-2026-34298Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Pe ...2026. 04. 22.2026. 04. 22.358664
CVE-2026-34297Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: K ...2026. 04. 22.2026. 04. 22.358662
CVE-2026-34296Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply ...2026. 04. 22.2026. 04. 22.358712
CVE-2026-34295Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: P ...2026. 04. 22.2026. 04. 22.358639
CVE-2026-34294Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...2026. 04. 22.2026. 04. 22.358649
CVE-2026-34293Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versi ...2026. 04. 22.2026. 04. 22.358682
CVE-2026-34292Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). ...2026. 04. 22.2026. 04. 22.358637
CVE-2026-34291Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supp ...2026. 04. 22.2026. 04. 22.358663
CVE-2026-34290Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...2026. 04. 22.2026. 04. 22.358681
CVE-2026-34289Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...2026. 04. 22.2026. 04. 22.358659
CVE-2026-34288Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...2026. 04. 22.2026. 04. 22.358660
CVE-2026-34287Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...2026. 04. 22.2026. 04. 22.358661
CVE-2026-34286Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...2026. 04. 22.2026. 04. 22.358658
CVE-2026-34285Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (componen ...2026. 04. 22.2026. 04. 22.358657
CVE-2026-34284Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (c ...2026. 04. 22.2026. 04. 22.358670
CVE-2026-34283Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identit ...2026. 04. 22.2026. 04. 22.358669
CVE-2026-34282Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...2026. 04. 22.2026. 04. 22.358632
CVE-2026-34281Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported v ...2026. 04. 22.2026. 04. 22.358710
CVE-2026-34280Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (compone ...2026. 04. 22.2026. 04. 22.358636
CVE-2026-34279Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (c ...2026. 04. 22.2026. 04. 22.358655
CVE-2026-34278Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...2026. 04. 22.2026. 04. 22.358683
CVE-2026-34277Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Flui ...2026. 04. 22.2026. 04. 22.358640
CVE-2026-34276Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug ...2026. 04. 22.2026. 04. 22.358709
CVE-2026-34275Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component ...2026. 04. 22.2026. 04. 22.358654
CVE-2026-34274Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: User Interfa ...2026. 04. 22.2026. 04. 22.358668
CVE-2026-34273Vulnerability in Oracle GoldenGate (component: Libraries). Supported versions that are affected are ...2026. 04. 22.2026. 04. 22.358711
CVE-2026-34272Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...2026. 04. 22.2026. 04. 22.358679
CVE-2026-34271Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug ...2026. 04. 22.2026. 04. 22.358708
CVE-2026-34270Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug ...2026. 04. 22.2026. 04. 22.358704
CVE-2026-34269Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Port ...2026. 04. 22.2026. 04. 22.358651
CVE-2026-34268Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...2026. 04. 22.2026. 04. 22.358634
CVE-2026-34267Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...2026. 04. 22.2026. 04. 22.358680
CVE-2026-34266Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (comp ...2026. 04. 22.2026. 04. 22.358638
CVE-2026-33519An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Win ...2026. 04. 22.2026. 04. 22.358738
CVE-2026-33518An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and ...2026. 04. 22.2026. 04. 22.358736
CVE-2026-22021Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...2026. 04. 22.2026. 04. 22.358628
CVE-2026-22019Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (compo ...2026. 04. 22.2026. 04. 22.358650
CVE-2026-22018Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...2026. 04. 22.2026. 04. 22.358630
CVE-2026-22017Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...2026. 04. 22.2026. 04. 22.358678
CVE-2026-22016Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...2026. 04. 22.2026. 04. 22.358629
CVE-2026-22015Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). ...2026. 04. 22.2026. 04. 22.358705
CVE-2026-22014Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow ...2026. 04. 22.2026. 04. 22.358656
CVE-2026-22013Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...2026. 04. 22.2026. 04. 22.358631
CVE-2026-22011Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch) ...2026. 04. 22.2026. 04. 22.358666
CVE-2026-22010Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora ...2026. 04. 22.2026. 04. 22.358677
CVE-2026-22009Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...2026. 04. 22.2026. 04. 22.358676
CVE-2026-22008Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is ...2026. 04. 22.2026. 04. 22.358647
CVE-2026-22007Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition produ ...2026. 04. 22.2026. 04. 22.358633
CVE-2026-22006Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (compone ...2026. 04. 22.2026. 04. 22.358648
CVE-2026-22005Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...2026. 04. 22.2026. 04. 22.358675
CVE-2026-22004Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t ...2026. 04. 22.2026. 04. 22.358674
CVE-2026-22003Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (co ...2026. 04. 22.2026. 04. 22.358635
CVE-2026-22002Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...2026. 04. 22.2026. 04. 22.358671
CVE-2026-22001Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). ...2026. 04. 22.2026. 04. 22.358707
CVE-2026-21999Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are ...2026. 04. 22.2026. 04. 22.358667
CVE-2026-21998Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ...2026. 04. 22.2026. 04. 22.358673
CVE-2026-21997Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Application ...2026. 04. 22.2026. 04. 22.358672
CVE-2026-40935WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` a ...2026. 04. 22.2026. 04. 22.358601
CVE-2026-40929WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.jso ...2026. 04. 22.2026. 04. 22.358603
CVE-2026-40928WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpo ...2026. 04. 22.2026. 04. 22.358602
CVE-2026-40926WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endp ...2026. 04. 22.2026. 04. 22.358604
CVE-2026-3307An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an att ...2026. 04. 22.2026. 04. 22.358607
CVE-2026-5845An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHu ...2026. 04. 22.2026. 04. 22.358606
CVE-2026-41060WWBN AVideo is an open source video platform. In versions 29.0 and below, the `isSSRFSafeURL()` func ...2026. 04. 22.2026. 04. 22.358599
CVE-2026-41058WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVi ...2026. 04. 22.2026. 04. 22.358605
CVE-2026-41057WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation ...2026. 04. 22.2026. 04. 22.358600
CVE-2026-41056WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll ...2026. 04. 22.2026. 04. 22.358598
CVE-2026-6796A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_l ...2026. 04. 21.2026. 04. 21.358490
CVE-2026-40925WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpda ...2026. 04. 21.2026. 04. 21.358575
CVE-2026-40911WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's Web ...2026. 04. 21.2026. 04. 21.358592
CVE-2026-40910frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTT ...2026. 04. 21.2026. 04. 21.358588
CVE-2026-40906Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the Elect ...2026. 04. 21.2026. 04. 21.358576
CVE-2026-40905LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisonin ...2026. 04. 21.2026. 04. 21.358580
CVE-2026-40895follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that a ...2026. 04. 21.2026. 04. 21.358584
CVE-2026-40892PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, ...2026. 04. 21.2026. 04. 21.358583
CVE-2026-6819HKUDS OpenHarness prior to PR #156 remediation exposes plugin lifecycle commands including /plugin i ...2026. 04. 21.2026. 04. 21.358593
CVE-2026-41320Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 an ...2026. 04. 21.2026. 04. 21.358577
CVE-2026-40888Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 an ...2026. 04. 21.2026. 04. 21.358590
CVE-2026-40887Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to version ...2026. 04. 21.2026. 04. 21.358581
CVE-2026-40881ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-network vers ...2026. 04. 21.2026. 04. 21.358191
CVE-2026-40880ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus ve ...2026. 04. 21.2026. 04. 21.358192
CVE-2026-40879Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when a ...2026. 04. 21.2026. 04. 21.358591
CVE-2026-40878mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20 ...2026. 04. 21.2026. 04. 21.358586
CVE-2026-40875mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20 ...2026. 04. 21.2026. 04. 21.358594
CVE-2026-40874mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20 ...2026. 04. 21.2026. 04. 21.358589
CVE-2026-40873mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20 ...2026. 04. 21.2026. 04. 21.358587
CVE-2026-40872mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 20 ...2026. 04. 21.2026. 04. 21.358579
CVE-2026-40871mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026- ...2026. 04. 21.2026. 04. 21.358585
CVE-2026-40870Decidim is a participatory democracy framework. Starting in version 0.0.1 and prior to versions 0.30 ...2026. 04. 21.2026. 04. 21.358578
CVE-2026-40869Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.3 ...2026. 04. 21.2026. 04. 21.358582
CVE-2026-40372Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to ...2026. 04. 21.2026. 04. 21.358597
CVE-2026-33813Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.2026. 04. 21.2026. 04. 21.358596
CVE-2026-33812Parsing a malicious font file can cause excessive memory allocation.2026. 04. 21.2026. 04. 21.358595
CVE-2026-40909WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint ( ...2026. 04. 21.2026. 04. 21.358567
CVE-2026-40908WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at ...2026. 04. 21.2026. 04. 21.358565
CVE-2026-40907WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/ ...2026. 04. 21.2026. 04. 21.358566
CVE-2026-40903goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs has an ArtiPACKED vulnerabil ...2026. 04. 21.2026. 04. 21.358572
CVE-2026-40890The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering ...2026. 04. 21.2026. 04. 21.358570
CVE-2026-40889Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 an ...2026. 04. 21.2026. 04. 21.358568
CVE-2026-40885goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ...2026. 04. 21.2026. 04. 21.358571
CVE-2026-40884goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP authenticat ...2026. 04. 21.2026. 04. 21.358573
CVE-2026-40883goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross ...2026. 04. 21.2026. 04. 21.358574
CVE-2026-40876goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape ...2026. 04. 21.2026. 04. 21.358569
CVE-2026-6745A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown ...2026. 04. 21.2026. 04. 21.358436
CVE-2026-6744A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Do ...2026. 04. 21.2026. 04. 21.358435
CVE-2026-41456Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the se ...2026. 04. 21.2026. 04. 21.358564
CVE-2026-40868Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, ky ...2026. 04. 21.2026. 04. 21.358561
CVE-2026-40867Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access ...2026. 04. 21.2026. 04. 21.358558
CVE-2026-40866Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure dir ...2026. 04. 21.2026. 04. 21.358557
CVE-2026-40865Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure dir ...2026. 04. 21.2026. 04. 21.358556
CVE-2026-40614PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, ...2026. 04. 21.2026. 04. 21.358555
CVE-2026-40613Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN ...2026. 04. 21.2026. 04. 21.358551
CVE-2026-22751Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login ...2026. 04. 21.2026. 04. 21.358560
CVE-2026-40611Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 cha ...2026. 04. 21.2026. 04. 21.358553
CVE-2026-40608Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. ...2026. 04. 21.2026. 04. 21.358552
CVE-2026-40606mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software ...2026. 04. 21.2026. 04. 21.358549
CVE-2026-40604ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. ...2026. 04. 21.2026. 04. 21.358548
CVE-2026-40602The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up t ...2026. 04. 21.2026. 04. 21.358547
CVE-2026-40599ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. ...2026. 04. 21.2026. 04. 21.358545
CVE-2026-41194FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox ...2026. 04. 21.2026. 04. 21.358562
CVE-2026-41193FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's ...2026. 04. 21.2026. 04. 21.358559
CVE-2026-41192FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply an ...2026. 04. 21.2026. 04. 21.358554
CVE-2026-40594pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set ...2026. 04. 21.2026. 04. 21.358546
CVE-2026-40588blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the password change form at ...2026. 04. 21.2026. 04. 21.358563
CVE-2026-40587blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a user changes their pa ...2026. 04. 21.2026. 04. 21.358550
CVE-2026-41191FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, `MailboxesCo ...2026. 04. 21.2026. 04. 21.358543
CVE-2026-41190FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, when `APP_SH ...2026. 04. 21.2026. 04. 21.358542
CVE-2026-41189FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, customer-thr ...2026. 04. 21.2026. 04. 21.358540
CVE-2026-41183FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the assigned ...2026. 04. 21.2026. 04. 21.358539
CVE-2026-40592FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the undo-sen ...2026. 04. 21.2026. 04. 21.358541
CVE-2026-40591FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-co ...2026. 04. 21.2026. 04. 21.358537
CVE-2026-40590FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change C ...2026. 04. 21.2026. 04. 21.358538
CVE-2026-40589FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, a low-privil ...2026. 04. 21.2026. 04. 21.358536
CVE-2026-40586blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler perfo ...2026. 04. 21.2026. 04. 21.358531
CVE-2026-40585blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is ini ...2026. 04. 21.2026. 04. 21.358535
CVE-2026-40584RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1. ...2026. 04. 21.2026. 04. 21.358530
CVE-2026-40583UltraDAG is a minimal DAG-BFT blockchain in Rust. In version 0.1, a non-council attacker can submit ...2026. 04. 21.2026. 04. 21.358529
CVE-2026-40570FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the `load_cu ...2026. 04. 21.2026. 04. 21.358534
CVE-2026-40569FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass ...2026. 04. 21.2026. 04. 21.358526
CVE-2026-40050CrowdStrike has released security updates to address a critical unauthenticated path traversal vulne ...2026. 04. 21.2026. 04. 21.358528
CVE-2026-38835Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSB ...2026. 04. 21.2026. 04. 21.358533
CVE-2026-38834Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_ac ...2026. 04. 21.2026. 04. 21.358532
CVE-2026-21571This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, ...2026. 04. 21.2026. 04. 21.358527
CVE-2026-40568FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a store ...2026. 04. 21.2026. 04. 21.358517
CVE-2026-40567FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthent ...2026. 04. 21.2026. 04. 21.358524
CVE-2026-6743A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the ...2026. 04. 21.2026. 04. 21.358434
CVE-2026-5652An insecure direct object reference vulnerability in the Users API component of Crafty Controller al ...2026. 04. 21.2026. 04. 21.358523
CVE-2026-40576excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vu ...2026. 04. 21.2026. 04. 21.358521
CVE-2026-40574OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2 ...2026. 04. 21.2026. 04. 21.358522
CVE-2026-40279BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, ...2026. 04. 21.2026. 04. 21.358520
CVE-2026-40161Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0. ...2026. 04. 21.2026. 04. 21.358519
CVE-2026-35451Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exi ...2026. 04. 21.2026. 04. 21.358525
CVE-2026-30452Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management syste ...2026. 04. 21.2026. 04. 21.358518
CVE-2026-40566FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Serve ...2026. 04. 21.2026. 04. 21.358507
CVE-2026-29179October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, fine-grai ...2026. 04. 21.2026. 04. 21.358508
CVE-2026-27937October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflect ...2026. 04. 21.2026. 04. 21.358516
CVE-2026-26274October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnera ...2026. 04. 21.2026. 04. 21.358509

2025

CVE설명제출모더레이션항목
CVE-2025-67259A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privi ...2026. 04. 24.
 
CVE-2025-59308In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support ...2026. 04. 24.
 
CVE-2025-61872Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a m ...2026. 04. 24.2026. 04. 24.359347
CVE-2025-62233Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue a ...2026. 04. 24.2026. 04. 24.359320
CVE-2025-11762The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Se ...2026. 04. 24.2026. 04. 24.359327
CVE-2025-62373Pipecat is an open-source Python framework for building real-time voice and multimodal conversationa ...2026. 04. 23.2026. 04. 23.359147
CVE-2025-50229Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module.2026. 04. 23.2026. 04. 23.359157
CVE-2025-70994Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism ...2026. 04. 23.2026. 04. 23.359146
CVE-2025-66286An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform ...2026. 04. 23.2026. 04. 23.359142
CVE-2025-13763Multiple uses of uninitialized variables were found in libopensc that may lead to information disclo ...2026. 04. 23.2026. 04. 23.359140
CVE-2025-62110Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i ...2026. 04. 23.2026. 04. 23.359139
CVE-2025-62104Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly C ...2026. 04. 23.2026. 04. 23.359137
CVE-2025-10549EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder p ...2026. 04. 23.2026. 04. 23.359126
CVE-2025-36074IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM Security Verify Directory coul ...2026. 04. 23.2026. 04. 23.359071
CVE-2025-9957GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 ...2026. 04. 22.2026. 04. 22.359020
CVE-2025-6016GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.9.6, 18.10 ...2026. 04. 22.2026. 04. 22.359001
CVE-2025-3922GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.4 before 18.9.6, 18.10 ...2026. 04. 22.2026. 04. 22.359000
CVE-2025-0186GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.9.6, 18.10 ...2026. 04. 22.2026. 04. 22.358999
CVE-2025-58922Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forge ...2026. 04. 22.2026. 04. 22.359036
CVE-2025-70420A SQL injection vulnerability exists in Genesys Latitude v25.1.0.420 that allows an authenticated at ...2026. 04. 22.2026. 04. 22.358749

2024

CVE설명제출모더레이션항목
CVE-2024-58344Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticate ...2026. 04. 22.2026. 04. 22.358980

2018

CVE설명제출모더레이션항목
CVE-2018-25272ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database ...2026. 04. 22.2026. 04. 22.358969
CVE-2018-25271Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the ap ...2026. 04. 22.2026. 04. 22.358979
CVE-2018-25270ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers ...2026. 04. 22.2026. 04. 22.358968
CVE-2018-25269ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malic ...2026. 04. 22.2026. 04. 22.358978
CVE-2018-25268LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite t ...2026. 04. 22.2026. 04. 22.358974
CVE-2018-25267UltraISO 9.7.1.3519 contains a local buffer overflow vulnerability in the Output FileName field of t ...2026. 04. 22.2026. 04. 22.358977
CVE-2018-25266Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allow ...2026. 04. 22.2026. 04. 22.358976
CVE-2018-25265LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows loca ...2026. 04. 22.2026. 04. 22.358973
CVE-2018-25262Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attack ...2026. 04. 22.2026. 04. 22.358972
CVE-2018-25261Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception hand ...2026. 04. 22.2026. 04. 22.358971
CVE-2018-25260MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog t ...2026. 04. 22.2026. 04. 22.358970
CVE-2018-25259Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer n ...2026. 04. 22.2026. 04. 22.358975

2014

CVE설명제출모더레이션항목
CVE-2014-125120Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 

2013

CVE설명제출모더레이션항목
CVE-2013-10056Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 
CVE-2013-10045Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 
CVE-2013-10041Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 

2011

CVE설명제출모더레이션항목
CVE-2011-10031Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 

2010

CVE설명제출모더레이션항목
CVE-2010-20124Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 
CVE-2010-20118Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 
CVE-2010-20117Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 
CVE-2010-20116Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 
CVE-2010-20110Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 

2009

CVE설명제출모더레이션항목
CVE-2009-20012Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 

2008

CVE설명제출모더레이션항목
CVE-2008-20003Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 
CVE-2008-20002Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 

2005

CVE설명제출모더레이션항목
CVE-2005-20001Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 

2000

CVE설명제출모더레이션항목
CVE-2000-5001Rejected reason: This CVE has the been REJECTED and will not be published by the CNA.2026. 04. 22.2026. 04. 22.
 

이전개요다음

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!