Total CVEs

145,743

Critical Severity

4,268

High Severity

15,733

Last 7 Days

2,313
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,081 - 23,100 of 42,148 CVEs

MCPHub in versions belowย 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

Vendor: MCPHub
Product: MCPHub
Published: Apr 14, 2026
Source: NVD
CVE-2026-4109 MEDIUM - 4.3

The Eventin โ€“ Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the get_item_permissions_check() function in all versions up to, and including, 4.1.8. This makes it possible f...

Published: Apr 14, 2026
Source: NVD
CVE-2026-33929 MEDIUM - 4.3

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version...

Vendor: Apache Software Foundation
Product: Apache PDFBox Examples
Published: Apr 14, 2026
Source: NVD
CVE-2026-33892 HIGH - 7.1

A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do no...

Vendor: Siemens
Product: Industrial Edge Management Pro V1, Industrial Edge Management Pro V2, Industrial Edge Management Virtual
Published: Apr 14, 2026
Source: NVD
CVE-2026-31924 MEDIUM - 5.3

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. tencent-cloud-cls log export uses plaintext HTTP This issue affects Apache APISIX: from 2.99.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache APISIX
Published: Apr 14, 2026
Source: NVD
CVE-2026-31923 HIGH - 7.5

Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, wh...

Vendor: Apache Software Foundation
Product: Apache APISIX
Published: Apr 14, 2026
Source: NVD
CVE-2026-31908 CRITICAL - 9.1

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache APISIX
Published: Apr 14, 2026
Source: NVD
CVE-2026-27668 HIGH - 8.8

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves ac...

Vendor: Siemens
Product: RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P)
Published: Apr 14, 2026
Source: NVD
CVE-2026-25654 HIGH - 8.8

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the ability to reset the ...

Vendor: Siemens
Product: SINEC NMS
Published: Apr 14, 2026
Source: NVD
CVE-2026-24032 HIGH - 7.3

A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass authentication and...

Vendor: Siemens
Product: SINEC NMS
Published: Apr 14, 2026
Source: NVD

A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (All versions < V2602), Solid Edge SE2025 (All versions < V225.0 Update 13), Solid Edge ...

Vendor: Siemens
Product: Siemens Software Center, Simcenter 3D, Simcenter Femap, Simcenter STAR-CCM+, Solid Edge SE2025, Solid Edge SE2026, Tecnomatix Plant Simulation
Published: Apr 14, 2026
Source: NVD
CVE-2026-2582 MEDIUM - 6.5

The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before...

Published: Apr 14, 2026
Source: NVD
CVE-2026-3017 HIGH - 7.2

The Smart Post Show โ€“ Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the import_shortcodes() function. This makes it possible for authenti...

Published: Apr 14, 2026
Source: NVD
CVE-2026-4479 MEDIUM - 4.4

The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Published: Apr 14, 2026
Source: NVD
CVE-2026-4059 MEDIUM - 6.4

The ShopLentor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the woolentor_quickview_button shortcode's button_text attribute in all versions up to, and including, 3.3.5. This is due to insufficient input sanitization and missing output escaping on user-supplied shortcod...

Published: Apr 14, 2026
Source: NVD
CVE-2026-40315 CRITICAL - 9.8

PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the table_prefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers ca...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 14, 2026
Source: NVD
CVE-2026-40313 CRITICAL - 9.1

PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the GITHUB_TOKE...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 14, 2026
Source: NVD
CVE-2026-40289 CRITICAL - 9.1

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge (praisonai browser start) is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket endp...

Vendor: MervinPraison
Product: PraisonAI, praisonaiagents
Published: Apr 14, 2026
Source: NVD
CVE-2026-40288 CRITICAL - 9.8

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the workflow engine is vulnerable to arbitrary command and code execution through untrusted YAML files. When praisonai workflow run <file.yaml> loads a YAML file with type: job, the ...

Vendor: MervinPraison
Product: PraisonAI, praisonaiagents
Published: Apr 14, 2026
Source: NVD
CVE-2026-40287 HIGH - 8.4

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py (import_tools_from_file()), tool_resolver.py (_load_local_tools()),...

Vendor: MervinPraison
Product: PraisonAI, praisonaiagents
Published: Apr 14, 2026
Source: NVD