Total CVEs

145,743

Critical Severity

4,268

High Severity

15,733

Last 7 Days

2,276
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,101 - 23,120 of 42,148 CVEs
CVE-2026-1607 MEDIUM - 6.4

The Surbma | Booking.com Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `surbma-bookingcom` shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it pos...

Published: Apr 14, 2026
Source: NVD
CVE-2026-6264 CRITICAL - 9.8

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client auth...

Published: Apr 14, 2026
Source: NVD
CVE-2026-6227 HIGH - 7.2

The BackWPup plugin for WordPress is vulnerable to Local File Inclusion via the `block_name` parameter of the `/wp-json/backwpup/v1/getblock` REST endpoint in all versions up to, and including, 5.6.6 due to a non-recursive `str_replace()` sanitization of path traversal sequences. This makes it possi...

Published: Apr 14, 2026
Source: NVD
CVE-2026-4388 HIGH - 7.2

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Matrix field (Text Box input type) in form submissions in all versions up to, and including, 1.15.40. This is due to insufficient input sanitization (`sanitize_text_field` strips tags but not quotes) an...

Published: Apr 14, 2026
Source: NVD
CVE-2026-4365 CRITICAL - 9.1

The LearnPress plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the `delete_question_answer()` function in all versions up to, and including, 4.3.2.8. The plugin exposes a `wp_rest` nonce in public frontend HTML (`lpData`) to unauthenticated visit...

Published: Apr 14, 2026
Source: NVD
CVE-2026-4352 HIGH - 7.5

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type (CCT) REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the `_cct_search` parameter being interpolated directly into a SQL query string via `sprintf()` without sanitizat...

Published: Apr 14, 2026
Source: NVD
CVE-2026-39426 MEDIUM - 5.4

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability where the frontend's MdRenderer.vue component parses custom <iframe_render> tags from LLM responses or Application Prologue configurations, bypassing sta...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39425 MEDIUM - 5.4

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue (Opening Remarks) field by wrapping malicious payloads in <...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged re...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-34225 MEDIUM - 4.3

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allows editing an image via a prompt. The affected function performs a GET request to a user-provided URL ...

Vendor: open-webui
Product: open-webui
Published: Apr 14, 2026
Source: NVD
CVE-2026-39424 MEDIUM - 4.7

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file (.xlsx) via the /admin/api/workspace/{work...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39423 MEDIUM - 5.4

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with the AI chat interface to execute arbitrary JavaScript in the browsers of other users, including admi...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39422 MEDIUM - 5.4

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability through the application name or icon fields when creating an application. When a victim visits the public chat interface (/ui/chat/{access_token}), the ChatHeadersM...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39421 MEDIUM - 6.3

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LD_PRELOAD-ba...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39420 MEDIUM - 6.3

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LD_PRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop th...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-39418 MEDIUM - 5.0

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by the...

Vendor: 1Panel-dev
Product: MaxKB
Published: Apr 14, 2026
Source: NVD
CVE-2026-34264 MEDIUM - 6.5

During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information caus...

Vendor: SAP_SE
Product: SAP Human Capital Management for SAP S/4HANA
Published: Apr 14, 2026
Source: NVD
CVE-2026-34262 MEDIUM - 5.0

Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer

Vendor: SAP_SE
Product: SAP HANA Cockpit and HANA Database Explorer
Published: Apr 14, 2026
Source: NVD
CVE-2026-34261 MEDIUM - 6.5

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality...

Vendor: SAP_SE
Product: SAP Business Analytics and SAP Content Management
Published: Apr 14, 2026
Source: NVD
CVE-2026-34257 MEDIUM - 6.1

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the applica...

Vendor: SAP_SE
Product: SAP NetWeaver Application Server ABAP
Published: Apr 14, 2026
Source: NVD