Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,659
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 20,481 - 20,500 of 40,623 CVEs
CVE-2026-34082 MEDIUM - 4.3

Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 p...

Vendor: langgenius
Product: dify
Published: Apr 20, 2026
Source: NVD
CVE-2026-6729 MEDIUM - 6.3

HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exploiting a shared ohmo session key that lacks sender identity verification. Attackers can reuse a...

Vendor: hkuds
Product: openharness
Published: Apr 20, 2026
Source: NVD
CVE-2026-29643 HIGH - 7.1

XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (NewCSR). On affected versions, certain sequences of CSR operations targeting non-existent/custom CSR a...

Published: Apr 20, 2026
Source: NVD

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker with low privileges to run arbitrary metrics queries, revealing metric results that they do not hav...

Vendor: NETAPP
Product: StorageGRID (formerly StorageGRID Webscale)
Published: Apr 20, 2026
Source: NVD
CVE-2026-0930 MEDIUM - 4.3

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.

Vendor: wolfssh
Product: wolfssh
Published: Apr 20, 2026
Source: NVD
CVE-2026-5928 HIGH - 7.5

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially res...

Vendor: gnu
Product: glibc
Published: Apr 20, 2026
Source: NVD
CVE-2026-5450 CRITICAL - 9.8

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

Vendor: gnu
Product: glibc
Published: Apr 20, 2026
Source: NVD
CVE-2026-5358 CRITICAL - 9.1

Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold start c...

Published: Apr 20, 2026
Source: NVD
CVE-2026-4852 MEDIUM - 6.4

The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it po...

Published: Apr 20, 2026
Source: NVD
CVE-2026-34403 HIGH - 8.1

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking (CSWSH). Combined with the fact that authentication tokens ...

Vendor: 0xJacky
Product: nginx-ui
Published: Apr 20, 2026
Source: NVD
CVE-2026-33626 HIGH - 7.5

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without valida...

Vendor: InternLM
Product: lmdeploy
Published: Apr 20, 2026
Source: NVD
CVE-2026-33432 CRITICAL - 9.1

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without esca...

Vendor: roxy-wi
Product: roxy-wi
Published: Apr 20, 2026
Source: NVD
CVE-2026-33431 MEDIUM - 6.5

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config/<service>/show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently o...

Vendor: roxy-wi
Product: roxy-wi
Published: Apr 20, 2026
Source: NVD
CVE-2026-33031 HIGH - 8.1

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an attacke...

Vendor: 0xJacky
Product: nginx-ui
Published: Apr 20, 2026
Source: NVD
CVE-2026-32613 CRITICAL - 9.9

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT restr...

Vendor: spinnaker
Product: spinnaker
Published: Apr 20, 2026
Source: NVD
CVE-2026-32604 CRITICAL - 9.9

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions 2026...

Vendor: spinnaker
Product: spinnaker
Published: Apr 20, 2026
Source: NVD
CVE-2026-29648 HIGH - 8.8

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation controls i...

Published: Apr 20, 2026
Source: NVD
CVE-2026-29647 MEDIUM - 6.5

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.

Published: Apr 20, 2026
Source: NVD
CVE-2026-29646 CRITICAL - 9.8

In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks privilege/virtualization isolation and...

Published: Apr 20, 2026
Source: NVD
CVE-2026-29642 HIGH - 7.8

A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg accesses can unexpected...

Published: Apr 20, 2026
Source: NVD