Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,645
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 20,581 - 20,600 of 40,623 CVEs
CVE-2026-6625 HIGH - 7.3

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storag...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6624 LOW - 2.4

A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\_route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been ...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6623 LOW - 2.4

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out rem...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6622 LOW - 2.4

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\_route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly availa...

Published: Apr 20, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty Basic Constraints or Key Usage extension because the first byte of the extension is read before chec...

Vendor: Linux
Product: Linux
Published: Apr 20, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2 value (e.g. 704 on x86_64) to avoid collisions with generic kmalloc bucket sizes. This ensures that skb...

Vendor: Linux
Product: Linux
Published: Apr 20, 2026
Source: NVD

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been fixe...

Vendor: Fudo Security
Product: Fudo Enterprise
Published: Apr 20, 2026
Source: NVD
CVE-2026-6621 HIGH - 7.3

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. Th...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6620 MEDIUM - 6.3

A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of the argument Type results in path traversal. The attack may be launched remotely. The exploit has been...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6619 LOW - 3.5

A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be initiat...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6618 MEDIUM - 6.3

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. T...

Published: Apr 20, 2026
Source: NVD
CVE-2026-5967 HIGH - 8.8

ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges.

Published: Apr 20, 2026
Source: NVD
CVE-2026-39454 HIGH - 7.8

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be e...

Vendor: Sky Co.,LTD.
Product: SKYSEA Client View, SKYMEC IT Manager
Published: Apr 20, 2026
Source: NVD
CVE-2026-6617 MEDIUM - 6.3

A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-s...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6616 MEDIUM - 6.3

A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpage_extractor.py of the component WebScraperTool. Such manipulation leads to server-side request forger...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6615 HIGH - 7.3

A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Upload Handler. This manipulation of the argument Name causes path traversal. It is possible to initiate ...

Published: Apr 20, 2026
Source: NVD
CVE-2026-5966 HIGH - 8.1

ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system.

Published: Apr 20, 2026
Source: NVD
CVE-2026-5964 CRITICAL - 9.8

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Published: Apr 20, 2026
Source: NVD
CVE-2026-5963 CRITICAL - 9.8

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

Published: Apr 20, 2026
Source: NVD
CVE-2026-41282 MEDIUM - 4.0

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).

Vendor: ProjectDiscovery
Product: Nuclei
Published: Apr 20, 2026
Source: NVD