Total CVEs

144,278

Critical Severity

4,164

High Severity

14,985

Last 7 Days

1,599
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 20,361 - 20,380 of 40,683 CVEs
CVE-2026-40871 HIGH - 7.2

mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantine_category field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantine_category without validation or sanitization...

Vendor: mailcow
Product: mailcow-dockerized
Published: Apr 21, 2026
Source: NVD
CVE-2026-40372 CRITICAL - 9.1

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

Vendor: nuget
Product: Microsoft.AspNetCore.DataProtection
Published: Apr 21, 2026
Source: NVD
CVE-2026-33813 HIGH - 7.5

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms.

Vendor: golang.org/x/image
Product: golang.org/x/image/webp
Published: Apr 21, 2026
Source: NVD
CVE-2026-33812 MEDIUM - 6.1

Parsing a malicious font file can cause excessive memory allocation.

Vendor: golang.org/x/image
Product: golang.org/x/image/font/sfnt
Published: Apr 21, 2026
Source: NVD

Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructi...

Vendor: rust
Product: brillig
Published: Apr 21, 2026
Source: GitHub
CVE-2026-6745 LOW - 3.5

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

Published: Apr 21, 2026
Source: NVD
CVE-2026-6744 MEDIUM - 6.3

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted earl...

Published: Apr 21, 2026
Source: NVD

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit crafte...

Vendor: bludit
Product: bludit
Published: Apr 21, 2026
Source: NVD

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files and...

Vendor: horilla-opensource
Product: horilla
Published: Apr 21, 2026
Source: NVD

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload req...

Vendor: horilla-opensource
Product: horilla
Published: Apr 21, 2026
Source: NVD

Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR f...

Vendor: horilla-opensource
Product: horilla
Published: Apr 21, 2026
Source: NVD
CVE-2026-40614 HIGH - 8.8

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers (dec_frame[].buf) were allocated based on a ...

Vendor: pjsip
Product: pjproject
Published: Apr 21, 2026
Source: NVD
CVE-2026-40613 HIGH - 7.5

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries, ...

Vendor: coturn
Product: coturn
Published: Apr 21, 2026
Source: NVD
CVE-2026-22751 MEDIUM - 4.8

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0.0...

Vendor: Spring
Product: Spring Security
Published: Apr 21, 2026
Source: NVD
CVE-2026-40343 MEDIUM - 5.8

free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.2, a fail-open request handling flaw in the UDR service causes the `/nudr-dr/v2/policy-data/subs-to-notify` POST handler to continue ...

Vendor: go
Product: github.com/free5gc/udr
Published: Apr 21, 2026
Source: GitHub
CVE-2026-41194 MEDIUM - 5.4

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as `GET /mailbox/oauth-disconnect/{id}/{in_out}/{provider}`. It removes stored OAuth metadata from the mailbox and then redirects. Because it is a GET route, no ...

Vendor: freescout-help-desk
Product: freescout
Published: Apr 21, 2026
Source: NVD
CVE-2026-41193 CRITICAL - 9.1

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating file paths, allowing an authenticated admin to write files arbitrarily on the server filesystem via a specially crafted ZIP. V...

Vendor: freescout-help-desk
Product: freescout
Published: Apr 21, 2026
Source: NVD
CVE-2026-41192 HIGH - 7.1

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment IDs. Any IDs present in `attachments_all[]` but omitted from retained lists are decrypted and passed directly to `Attachment::deleteByIds()`. B...

Vendor: freescout-help-desk
Product: freescout
Published: Apr 21, 2026
Source: NVD
CVE-2026-40608 MEDIUM - 6.2

Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (/api/state, /api/restore, and /api/history-svg) that process incoming requests by accumulating the entire request body into a J...

Vendor: DayuanJiang
Product: next-ai-draw-io
Published: Apr 21, 2026
Source: NVD
CVE-2026-40606 MEDIUM - 4.8

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the builtin LDAP proxy authentication does not correctly sanitize the username when querying the LDAP serv...

Vendor: mitmproxy
Product: mitmproxy
Published: Apr 21, 2026
Source: NVD