Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,642
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 21,921 - 21,940 of 40,623 CVEs
CVE-2026-5053 HIGH - 7.1

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability. This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit...

Vendor: nomachine
Product: nomachine
Published: Apr 11, 2026
Source: NVD
CVE-2026-4158 HIGH - 7.3

KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target s...

Published: Apr 11, 2026
Source: NVD
CVE-2026-4157 HIGH - 7.5

ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability. The sp...

Published: Apr 11, 2026
Source: NVD
CVE-2026-4156 HIGH - 7.5

ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerabil...

Published: Apr 11, 2026
Source: NVD
CVE-2026-4155 HIGH - 7.5

ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit t...

Published: Apr 11, 2026
Source: NVD
CVE-2026-4154 HIGH - 7.8

GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...

Vendor: gimp
Product: gimp
Published: Apr 11, 2026
Source: NVD
CVE-2026-4153 HIGH - 7.8

GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o...

Vendor: gimp
Product: gimp
Published: Apr 11, 2026
Source: NVD
CVE-2026-4152 HIGH - 7.8

GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o...

Vendor: gimp
Product: gimp
Published: Apr 11, 2026
Source: NVD
CVE-2026-4151 HIGH - 7.8

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...

Vendor: gimp
Product: gimp
Published: Apr 11, 2026
Source: NVD
CVE-2026-4150 HIGH - 7.8

GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mali...

Vendor: gimp
Product: gimp
Published: Apr 11, 2026
Source: NVD
CVE-2026-4149 CRITICAL - 10.0

Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The specific flaw exists within the han...

Vendor: sonos
Product: era_300_firmware
Published: Apr 11, 2026
Source: NVD

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash.

Vendor: Flatpak
Product: xdg-desktop-portal
Published: Apr 11, 2026
Source: NVD
CVE-2026-3691 MEDIUM - 5.3

OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow...

Published: Apr 11, 2026
Source: NVD
CVE-2026-3690 HIGH - 7.4

OpenClaw Canvas Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the the authentication ...

Published: Apr 11, 2026
Source: NVD
CVE-2026-3689 MEDIUM - 6.5

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the path...

Published: Apr 11, 2026
Source: NVD
CVE-2026-40199 MEDIUM - 6.5

Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed representation of IPv4 mapped addresses like ::ffff:192.168.1.1. This produces an 18 byte value inst...

Vendor: STIGTSP
Product: Net::CIDR::Lite
Published: Apr 10, 2026
Source: NVD
CVE-2026-40198 HIGH - 7.5

Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly 8 hex groups. Inputs like "abcd", "1:2:3", or "1:2:3:4:5:6:7" are acc...

Vendor: STIGTSP
Product: Net::CIDR::Lite
Published: Apr 10, 2026
Source: NVD
CVE-2026-33119 MEDIUM - 5.4

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Vendor: microsoft
Product: edge
Published: Apr 10, 2026
Source: NVD
CVE-2026-33118 MEDIUM - 4.3

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Vendor: microsoft
Product: edge_chromium
Published: Apr 10, 2026
Source: NVD

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted request...

Vendor: go
Product: go.temporal.io/server
Published: Apr 10, 2026
Source: NVD