Total CVEs

144,294

Critical Severity

4,165

High Severity

14,995

Last 7 Days

1,607
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 22,341 - 22,360 of 40,699 CVEs
CVE-2026-5187 CRITICAL - 9.8

Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte out-of-bounds write when outSz equals 1. Second, multiple callers pass...

Vendor: wolfssl
Product: wolfssl
Published: Apr 09, 2026
Source: NVD
CVE-2026-4436 HIGH - 8.6

A low-privileged remote attacker can send Modbus packets to manipulate register values that are inputs to the odorant injection logic such that too much or too little odorant is injected into a gas line.

Published: Apr 09, 2026
Source: NVD
CVE-2026-40089 CRITICAL - 9.9

Sonicverse is a Self-hosted Docker Compose stack for live radio streaming. The Sonicverse Radio Audio Streaming Stack dashboard contains a Server-Side Request Forgery (SSRF) vulnerability in its API client (apps/dashboard/lib/api.ts). Installations created using the provided install.sh script (inclu...

Vendor: sonicverse-eu
Product: audiostreaming-stack
Published: Apr 09, 2026
Source: NVD

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know t...

Vendor: henrygd
Product: beszel
Published: Apr 09, 2026
Source: NVD
CVE-2026-39977 MEDIUM - 6.3

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using g_file_resolve_relative_path() and va...

Vendor: flatpak
Product: flatpak-builder
Published: Apr 09, 2026
Source: NVD
CVE-2026-35577 MEDIUM - 6.8

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run on ...

Vendor: apollographql
Product: apollo-mcp-server
Published: Apr 09, 2026
Source: NVD
CVE-2026-35063 HIGH - 8.8

OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator acc...

Vendor: OpenPLC_V3
Product: OpenPLC_V3
Published: Apr 09, 2026
Source: NVD
CVE-2026-34734 HIGH - 7.8

HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was...

Vendor: HDFGroup
Product: hdf5
Published: Apr 09, 2026
Source: NVD
CVE-2026-34500 MEDIUM - 6.5

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to ver...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: Apr 09, 2026
Source: NVD
CVE-2026-34487 HIGH - 7.5

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. Users...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: Apr 09, 2026
Source: NVD
CVE-2026-34486 HIGH - 7.5

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to theΒ fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the i...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: Apr 09, 2026
Source: NVD
CVE-2026-34483 HIGH - 7.5

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: Apr 09, 2026
Source: NVD
CVE-2026-32990 MEDIUM - 5.3

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, ...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: Apr 09, 2026
Source: NVD
CVE-2026-29923 HIGH - 7.8

The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures.

Published: Apr 09, 2026
Source: NVD
CVE-2026-29146 HIGH - 7.5

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are rec...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: Apr 09, 2026
Source: NVD
CVE-2026-29145 CRITICAL - 9.1

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Nativ...

Vendor: Apache Software Foundation
Product: Apache Tomcat, Apache Tomcat Native
Published: Apr 09, 2026
Source: NVD
CVE-2026-29129 HIGH - 7.5

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: Apr 09, 2026
Source: NVD
CVE-2026-25854 MEDIUM - 6.1

Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. O...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: Apr 09, 2026
Source: NVD
CVE-2026-24880 HIGH - 7.5

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through ...

Vendor: Apache Software Foundation
Product: Apache Tomcat
Published: Apr 09, 2026
Source: NVD
CVE-2025-13926 CRITICAL - 9.8

An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T.

Vendor: Contemporary Controls
Product: BASControl20
Published: Apr 09, 2026
Source: NVD