Total CVEs

144,278

Critical Severity

4,164

High Severity

14,985

Last 7 Days

1,626
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 20,941 - 20,960 of 40,683 CVEs

Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution.

Published: Apr 16, 2026
Source: NVD
CVE-2026-6442 HIGH - 8.3

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to...

Published: Apr 16, 2026
Source: NVD
CVE-2026-33121 HIGH - 8.8

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple string r...

Vendor: dataease
Product: dataease
Published: Apr 16, 2026
Source: NVD
CVE-2026-33084 HIGH - 8.8

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the so...

Vendor: dataease
Product: dataease
Published: Apr 16, 2026
Source: NVD

A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity.

Published: Apr 16, 2026
Source: NVD
CVE-2025-43937 MEDIUM - 6.6

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to ...

Vendor: Dell
Product: PowerScale OneFS
Published: Apr 16, 2026
Source: NVD
CVE-2025-43935 MEDIUM - 4.4

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

Vendor: Dell
Product: PowerScale OneFS
Published: Apr 16, 2026
Source: NVD

Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity.

Vendor: AMD
Product: AMD EPYC™ 7003 Series Processors, AMD EPYC™ 9004 Series Processors, AMD EPYC™ Embedded 7003 Series Processors, AMD EPYC™ Embedded 9004 Series Processors
Published: Apr 16, 2026
Source: NVD
CVE-2026-41082 HIGH - 7.3

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

Vendor: OCaml
Product: opam
Published: Apr 16, 2026
Source: NVD
CVE-2026-33083 HIGH - 8.8

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLObj c...

Vendor: dataease
Product: dataease
Published: Apr 16, 2026
Source: NVD
CVE-2026-33082 CRITICAL - 9.8

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to WhereTree2St...

Vendor: dataease
Product: dataease
Published: Apr 16, 2026
Source: NVD

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.

Published: Apr 16, 2026
Source: NVD

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but ...

Vendor: ruby
Product: zlib
Published: Apr 16, 2026
Source: NVD
CVE-2026-24749 MEDIUM - 5.3

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL() or DBFile::getSourceURL() incorrectly add an access grant to the current session, which by...

Vendor: silverstripe
Product: silverstripe-assets
Published: Apr 16, 2026
Source: NVD
CVE-2025-43883 MEDIUM - 4.1

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service.

Vendor: Dell
Product: PowerScale OneFS
Published: Apr 16, 2026
Source: NVD

libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

Vendor: libexpat project
Product: libexpat
Published: Apr 16, 2026
Source: NVD
CVE-2025-36579 MEDIUM - 5.1

Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access.

Published: Apr 16, 2026
Source: NVD
CVE-2026-5426 HIGH - 7.5

Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote code execution via malicious ViewState deserialization attacks

Published: Apr 16, 2026
Source: NVD
CVE-2026-37100 MEDIUM - 6.5

An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol

Published: Apr 16, 2026
Source: NVD

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.

Published: Apr 16, 2026
Source: NVD