Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,527
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 20,421 - 20,440 of 40,154 CVEs
CVE-2026-33083 HIGH - 8.8

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLObj c...

Vendor: dataease
Product: dataease
Published: Apr 16, 2026
Source: NVD
CVE-2026-33082 CRITICAL - 9.8

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to WhereTree2St...

Vendor: dataease
Product: dataease
Published: Apr 16, 2026
Source: NVD

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.

Published: Apr 16, 2026
Source: NVD

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but ...

Vendor: ruby
Product: zlib
Published: Apr 16, 2026
Source: NVD
CVE-2026-24749 MEDIUM - 5.3

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL() or DBFile::getSourceURL() incorrectly add an access grant to the current session, which by...

Vendor: silverstripe
Product: silverstripe-assets
Published: Apr 16, 2026
Source: NVD
CVE-2025-43883 MEDIUM - 4.1

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

Vendor: Dell
Product: PowerScale OneFS
Published: Apr 16, 2026
Source: NVD

libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Vendor: libexpat project
Product: libexpat
Published: Apr 16, 2026
Source: NVD
CVE-2025-36579 MEDIUM - 5.1

Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.

Published: Apr 16, 2026
Source: NVD
CVE-2026-5426 HIGH - 7.5

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

Published: Apr 16, 2026
Source: NVD
CVE-2026-37100 MEDIUM - 6.5

An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol

Published: Apr 16, 2026
Source: NVD

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.

Published: Apr 16, 2026
Source: NVD
CVE-2026-3324 HIGH - 8.2

Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37347 CRITICAL - 9.1

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37346 MEDIUM - 4.7

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37345 CRITICAL - 9.8

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37344 HIGH - 7.2

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37343 HIGH - 7.2

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37342 HIGH - 7.2

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37341 HIGH - 7.2

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37340 CRITICAL - 9.8

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php.

Published: Apr 16, 2026
Source: NVD