Total CVEs

144,202

Critical Severity

4,148

High Severity

14,963

Last 7 Days

1,665
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 20,361 - 20,380 of 40,607 CVEs
CVE-2026-0972 HIGH - 7.3

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.

Vendor: fortra
Product: goanywhere_managed_file_transfer
Published: Apr 21, 2026
Source: NVD
CVE-2026-0971 MEDIUM - 4.3

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page.

Vendor: fortra
Product: goanywhere_managed_file_transfer
Published: Apr 21, 2026
Source: NVD
CVE-2025-31981 MEDIUM - 5.3

HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access.  An attacker with access to the network traffic can sniff packets from the connection and uncover the data.

Vendor: HCLSoftware
Product: BigFix Service Management (SM)
Published: Apr 21, 2026
Source: NVD

HCL BigFix Service Management is susceptible to HTTP Request Smuggling.  HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsistencies in request parsing between front-end and back-end server...

Vendor: HCLSoftware
Product: BigFix Service Management (SM)
Published: Apr 21, 2026
Source: NVD
CVE-2025-1241 MEDIUM - 5.8

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data.

Vendor: fortra
Product: goanywhere_agents
Published: Apr 21, 2026
Source: NVD
CVE-2025-14362 HIGH - 7.3

The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key vulnerable to being guessed via Brute Force.

Vendor: Fortra
Product: GoAnywhere MFT
Published: Apr 21, 2026
Source: NVD

Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability ...

Vendor: Semantic MediaWiki
Product: Semantic MediaWiki
Published: Apr 21, 2026
Source: NVD
CVE-2026-6786 HIGH - 8.1

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firef...

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6785 HIGH - 8.1

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit...

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6784 HIGH - 7.5

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6783 MEDIUM - 5.3

Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6782 HIGH - 7.5

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6781 HIGH - 7.5

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6780 HIGH - 7.5

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6779 MEDIUM - 5.3

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6778 MEDIUM - 5.3

Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6777 MEDIUM - 5.3

Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6776 HIGH - 7.8

Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6775 MEDIUM - 5.3

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD
CVE-2026-6774 MEDIUM - 5.4

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Vendor: mozilla
Product: firefox
Published: Apr 21, 2026
Source: NVD