Total CVEs

144,278

Critical Severity

4,164

High Severity

14,985

Last 7 Days

1,626
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 20,961 - 20,980 of 40,683 CVEs
CVE-2026-3324 HIGH - 8.2

Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37347 CRITICAL - 9.1

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37346 MEDIUM - 4.7

SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37345 CRITICAL - 9.8

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37344 HIGH - 7.2

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37343 HIGH - 7.2

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37342 HIGH - 7.2

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37341 HIGH - 7.2

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37340 CRITICAL - 9.8

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37339 CRITICAL - 9.8

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37338 CRITICAL - 9.4

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37337 HIGH - 7.3

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-37336 HIGH - 7.3

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php.

Published: Apr 16, 2026
Source: NVD
CVE-2026-33804 HIGH - 7.4

@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account for duplicate slash normalization performed by Fastify's router, allowing requests with duplic...

Vendor: @fastify/middie
Product: @fastify/middie
Published: Apr 16, 2026
Source: NVD
CVE-2026-30656 HIGH - 7.5

A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the input pointer and calls strdup() on a NULL value when the option is specified without an argument. Thi...

Published: Apr 16, 2026
Source: NVD
CVE-2026-30459 HIGH - 7.1

An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message.

Vendor: thedaylightstudio
Product: fuel_cms
Published: Apr 16, 2026
Source: NVD
CVE-2026-2840 MEDIUM - 6.4

The Email Encoder โ€“ Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for ...

Published: Apr 16, 2026
Source: NVD
CVE-2026-6410 MEDIUM - 5.3

@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured static root using path.join() without a containment check. A remote unauthenticated attacker can obtain dir...

Vendor: npm
Product: @fastify/static
Published: Apr 16, 2026
Source: NVD
CVE-2026-6270 CRITICAL - 9.1

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the pare...

Vendor: npm
Product: @fastify/middie
Published: Apr 16, 2026
Source: NVD
CVE-2026-5785 HIGH - 8.1

Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.

Published: Apr 16, 2026
Source: NVD