Total CVEs

144,269

Critical Severity

4,162

High Severity

14,979

Last 7 Days

1,663
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 22,121 - 22,140 of 40,674 CVEs
CVE-2026-6068 MEDIUM - 6.5

NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior...

Vendor: nasm
Product: netwide_assembler
Published: Apr 10, 2026
Source: NVD
CVE-2026-6067 HIGH - 7.5

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and ...

Vendor: nasm
Product: netwide_assembler
Published: Apr 10, 2026
Source: NVD
CVE-2026-40217 HIGH - 8.8

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

Vendor: BerriAI
Product: LiteLLM
Published: Apr 10, 2026
Source: NVD
CVE-2026-33092 HIGH - 7.8

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.

Vendor: Acronis
Product: Acronis True Image OEM, Acronis True Image
Published: Apr 10, 2026
Source: NVD
CVE-2025-5804 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.

Published: Apr 10, 2026
Source: NVD
CVE-2025-58920 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato allows Reflected XSS.This issue affects Cerato: from n/a through 2.2.18.

Vendor: Zootemplate
Product: Cerato
Published: Apr 10, 2026
Source: NVD
CVE-2025-58913 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1.

Vendor: CactusThemes
Product: VideoPro
Published: Apr 10, 2026
Source: NVD

Improper synchronization of the userTokens map in the API server in Canonical Jujuย 4.0.5,ย 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.

Vendor: go
Product: github.com/juju/juju
Published: Apr 10, 2026
Source: NVD
CVE-2026-5412 CRITICAL - 9.9

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issu...

Vendor: go
Product: github.com/juju/juju
Published: Apr 10, 2026
Source: NVD

This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading ...

Published: Apr 10, 2026
Source: NVD
CVE-2026-39304 HIGH - 7.5

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes th...

Vendor: Apache Software Foundation
Product: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ
Published: Apr 10, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()` function calculates the data size in bytes by left shifting `common->data_size_from_cmnd` by the...

Vendor: Linux
Product: Linux
Published: Apr 10, 2026
Source: NVD
CVE-2026-6057 CRITICAL - 9.8

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.

Published: Apr 10, 2026
Source: NVD
CVE-2026-4162 HIGH - 7.1

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and ...

Published: Apr 10, 2026
Source: NVD
CVE-2021-47961 HIGH - 8.1

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when comb...

Vendor: Synology
Product: Synology SSL VPN Client
Published: Apr 10, 2026
Source: NVD
CVE-2021-47960 MEDIUM - 6.5

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, ...

Vendor: Synology
Product: Synology SSL VPN Client
Published: Apr 10, 2026
Source: NVD
CVE-2026-6042 LOW - 3.3

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix thi...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6038 HIGH - 7.3

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCH_ID leads to sql injection. The attack may be performed from remote. The exploit is publicl...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6037 HIGH - 7.3

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6036 HIGH - 7.3

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. The exploit has been...

Published: Apr 10, 2026
Source: NVD