Total CVEs

143,768

Critical Severity

4,091

High Severity

14,768

Last 7 Days

1,523
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 20,621 - 20,640 of 40,173 CVEs
CVE-2026-33220 MEDIUM - 6.8

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fixed in version 5.17. If developers are unable to update immediately, they can disable this feat...

Vendor: WeblateOrg
Product: weblate
Published: Apr 15, 2026
Source: NVD
CVE-2026-6290 HIGH - 8.0

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query() plugin, in a notebook cell, to run VQL queries on other orgs wh...

Published: Apr 15, 2026
Source: NVD
CVE-2026-5758 MEDIUM - 6.5

JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution.

Published: Apr 15, 2026
Source: NVD
CVE-2026-33214 MEDIUM - 4.3

Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been fixed in version 5.17. If users are unable to update immediately, they can work around this issue...

Vendor: WeblateOrg
Product: weblate
Published: Apr 15, 2026
Source: NVD

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so ...

Vendor: WeblateOrg
Product: weblate
Published: Apr 15, 2026
Source: NVD
CVE-2026-32631 HIGH - 7.4

Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious branch, that accesses...

Vendor: git-for-windows
Product: git
Published: Apr 15, 2026
Source: NVD
CVE-2026-30993 CRITICAL - 9.8

Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input.

Published: Apr 15, 2026
Source: NVD
CVE-2026-6372 HIGH - 7.5

Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.

Published: Apr 15, 2026
Source: NVD
CVE-2026-6370 MEDIUM - 5.9

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax Cart for WooCommerce: from n/a through 1.3.4.

Published: Apr 15, 2026
Source: NVD
CVE-2026-30996 HIGH - 7.5

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request.

Published: Apr 15, 2026
Source: NVD
CVE-2026-30995 HIGH - 8.6

Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint.

Published: Apr 15, 2026
Source: NVD
CVE-2026-30994 HIGH - 7.5

Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.

Published: Apr 15, 2026
Source: NVD
CVE-2026-20186 CRITICAL - 9.9

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabil...

Vendor: Cisco
Product: Cisco Identity Services Engine Software
Published: Apr 15, 2026
Source: NVD
CVE-2026-20184 CRITICAL - 9.8

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability...

Vendor: Cisco
Product: Cisco Webex Meetings
Published: Apr 15, 2026
Source: NVD
CVE-2026-20180 CRITICAL - 9.9

A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabil...

Vendor: Cisco
Product: Cisco Identity Services Engine Software
Published: Apr 15, 2026
Source: NVD
CVE-2026-20170 MEDIUM - 6.1

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...

Vendor: Cisco
Product: Cisco Webex Contact Center
Published: Apr 15, 2026
Source: NVD
CVE-2026-20161 MEDIUM - 5.5

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...

Vendor: Cisco
Product: Cisco ThousandEyes Enterprise Agent
Published: Apr 15, 2026
Source: NVD
CVE-2026-20152 MEDIUM - 5.3

A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This vulnerability is due to improper validation of user-supplied authentication input in HT...

Vendor: Cisco
Product: Cisco Secure Web Appliance
Published: Apr 15, 2026
Source: NVD
CVE-2026-20148 MEDIUM - 4.9

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is...

Vendor: Cisco
Product: Cisco Identity Services Engine Software, Cisco ISE Passive Identity Connector
Published: Apr 15, 2026
Source: NVD
CVE-2026-20147 CRITICAL - 9.9

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

Vendor: Cisco
Product: Cisco Identity Services Engine Software, Cisco ISE Passive Identity Connector
Published: Apr 15, 2026
Source: NVD