Total CVEs

143,835

Critical Severity

4,094

High Severity

14,788

Last 7 Days

1,523
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 21,201 - 21,220 of 40,240 CVEs

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged re...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-34225 MEDIUM - 4.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided URL ...

Vendor: open-webui
Product: open-webui
Published: Apr 14, 2026
Source: NVD
CVE-2026-39424 MEDIUM - 4.7

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file (.xlsx) via the /admin/api/workspace/{work...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39423 MEDIUM - 5.4

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including admi...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39422 MEDIUM - 5.4

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface (/ui/chat/{access_token}), the ChatHeadersM...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39421 MEDIUM - 6.3

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LD_PRELOAD-ba...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39420 MEDIUM - 6.3

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LD_PRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop th...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39418 MEDIUM - 5.0

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by the...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-34264 MEDIUM - 6.5

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information caus...

Vendor: SAP_SE
Product: SAP Human Capital Management for SAP S/4HANA
Published: Apr 14, 2026
Source: NVD
CVE-2026-34262 MEDIUM - 5.0

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

Vendor: SAP_SE
Product: SAP HANA Cockpit and HANA Database Explorer
Published: Apr 14, 2026
Source: NVD
CVE-2026-34261 MEDIUM - 6.5

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality...

Vendor: SAP_SE
Product: SAP Business Analytics and SAP Content Management
Published: Apr 14, 2026
Source: NVD
CVE-2026-34257 MEDIUM - 6.1

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the applica...

Vendor: SAP_SE
Product: SAP NetWeaver Application Server ABAP
Published: Apr 14, 2026
Source: NVD
CVE-2026-34256 HIGH - 7.1

Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed,...

Vendor: SAP_SE
Product: SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)
Published: Apr 14, 2026
Source: NVD
CVE-2026-39984 MEDIUM - 5.5

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint check...

Vendor: go
Product: github.com/sigstore/timestamp-authority/v2
Published: Apr 14, 2026
Source: GitHub
CVE-2026-40164 HIGH - 7.5

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSON...

Vendor: jqlang
Product: jq
Published: Apr 14, 2026
Source: NVD
CVE-2026-39417 MEDIUM - 4.6

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path (loading MCP config from the dat...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen() to determine buffer length instead of the actual byte ...

Vendor: jqlang
Product: jq
Published: Apr 14, 2026
Source: NVD
CVE-2026-27683 MEDIUM - 4.1

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the userοΏ½s browser, potentially exposing restricted information. This results in a low impact on...

Vendor: SAP_SE
Product: SAP BusinessObjects Business Intelligence Platform
Published: Apr 14, 2026
Source: NVD
CVE-2026-27681 CRITICAL - 9.9

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the s...

Vendor: SAP_SE
Product: SAP Business Planning and Consolidation and SAP Business Warehouse
Published: Apr 14, 2026
Source: NVD
CVE-2026-27679 MEDIUM - 6.5

Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availa...

Vendor: SAP_SE
Product: SAP S/4HANA Frontend OData Service (Manage Reference Structures)
Published: Apr 14, 2026
Source: NVD