Total CVEs

143,746

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,538
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 20,321 - 20,340 of 40,151 CVEs
CVE-2026-6491 MEDIUM - 5.3

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached l...

Published: Apr 17, 2026
Source: NVD
CVE-2026-6490 HIGH - 7.3

A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated re...

Published: Apr 17, 2026
Source: NVD
CVE-2026-40459 HIGH - 8.8

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10 an...

Vendor: PAC4J
Product: PAC4J
Published: Apr 17, 2026
Source: NVD
CVE-2026-40458 HIGH - 6.5

PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the a...

Vendor: PAC4J
Product: PAC4J
Published: Apr 17, 2026
Source: NVD
CVE-2026-31317 MEDIUM - 7.5

Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php file

Vendor: composer
Product: markhuot/craftql
Published: Apr 17, 2026
Source: NVD
CVE-2025-70795 MEDIUM - 5.5

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enab...

Published: Apr 17, 2026
Source: NVD
CVE-2026-6507 HIGH - 7.5

A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq da...

Published: Apr 17, 2026
Source: NVD
CVE-2026-6489 MEDIUM - 6.3

A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload. The att...

Published: Apr 17, 2026
Source: NVD
CVE-2026-6488 MEDIUM - 6.3

A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initi...

Published: Apr 17, 2026
Source: NVD
CVE-2026-6487 MEDIUM - 4.3

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been pub...

Published: Apr 17, 2026
Source: NVD
CVE-2026-6486 LOW - 3.5

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed remot...

Published: Apr 17, 2026
Source: NVD
CVE-2026-28263 MEDIUM - 5.9

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a cross-site Scripting vulnerability. A high privileged attacker wit...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2026-23777 MEDIUM - 4.3

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an exposure of sensitive information to an unauthorized actor vulner...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2025-46641 MEDIUM - 6.6

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2025-46607 MEDIUM - 6.6

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2025-46606 MEDIUM - 6.2

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading ...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2025-46605 MEDIUM - 6.2

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access.

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD
CVE-2026-6483 HIGH - 7.2

A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. Upg...

Published: Apr 17, 2026
Source: NVD

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the named p...

Published: Apr 17, 2026
Source: NVD
CVE-2026-35153 MEDIUM - 6.7

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command ('argument injection') vulnerability. A high privil...

Vendor: Dell
Product: PowerProtect Data Domain
Published: Apr 17, 2026
Source: NVD