Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,623
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 22,041 - 22,060 of 40,623 CVEs

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set.

Vendor: systemd
Product: systemd
Published: Apr 10, 2026
Source: NVD
CVE-2026-40227 MEDIUM - 6.2

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element.

Vendor: systemd
Product: systemd
Published: Apr 10, 2026
Source: NVD
CVE-2026-40226 MEDIUM - 6.4

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Vendor: systemd
Product: systemd
Published: Apr 10, 2026
Source: NVD
CVE-2026-40225 MEDIUM - 6.4

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.

Vendor: systemd
Product: systemd
Published: Apr 10, 2026
Source: NVD
CVE-2026-40224 MEDIUM - 6.7

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace.

Vendor: systemd
Product: systemd
Published: Apr 10, 2026
Source: NVD
CVE-2026-40223 MEDIUM - 4.7

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running.

Vendor: systemd
Product: systemd
Published: Apr 10, 2026
Source: NVD

Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets in log messages, NDC, and MDC property keys and values...

Vendor: Apache Software Foundation
Product: Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew)
Published: Apr 10, 2026
Source: NVD

Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list , in versions before 3.3.0, fail to sanitize characters forbidden by the XML ...

Vendor: Apache Software Foundation
Product: Apache Log4net
Published: Apr 10, 2026
Source: NVD
CVE-2026-35594 MEDIUM - 6.5

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication (GetLinkShareFromClaims in pkg/models/link_sharing.go) constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner ...

Vendor: go-vikunja
Product: vikunja
Published: Apr 10, 2026
Source: NVD
CVE-2026-34727 HIGH - 7.4

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authentication enabled. When a local user with TOTP enrolled is matched via the OIDC email fallback mechanis...

Vendor: go-vikunja
Product: vikunja
Published: Apr 10, 2026
Source: NVD

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohibited by RFC 825...

Vendor: Apache Software Foundation
Product: Apache Log4j JSON Template Layout
Published: Apr 10, 2026
Source: NVD

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whenever a log messa...

Vendor: Apache Software Foundation
Product: Apache Log4j Core
Published: Apr 10, 2026
Source: NVD

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log processing...

Vendor: Apache Software Foundation
Product: Apache Log4j 1 to Log4j 2 bridge
Published: Apr 10, 2026
Source: NVD

Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to undocumented renames of security-relevant configuration attributes. Two distinct issues affect...

Vendor: Apache Software Foundation
Product: Apache Log4j Core
Published: Apr 10, 2026
Source: NVD

The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property, but...

Vendor: Apache Software Foundation
Product: Apache Log4j Core
Published: Apr 10, 2026
Source: NVD
CVE-2026-29043 MEDIUM - 5.5

HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remot...

Vendor: HDFGroup
Product: hdf5
Published: Apr 10, 2026
Source: NVD
CVE-2026-29002 HIGH - 7.2

CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass authori...

Vendor: CouchCMS
Product: CouchCMS
Published: Apr 10, 2026
Source: NVD
CVE-2026-23781 CRITICAL - 9.8

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface.

Published: Apr 10, 2026
Source: NVD
CVE-2026-36236 CRITICAL - 9.8

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter.

Vendor: janobe
Product: engineers_online_portal
Published: Apr 10, 2026
Source: NVD
CVE-2026-36235 CRITICAL - 9.8

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.

Vendor: itsourcecode
Product: online_student_enrollment_system
Published: Apr 10, 2026
Source: NVD