Total CVEs

145,438

Critical Severity

4,245

High Severity

15,631

Last 7 Days

2,408
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,281 - 23,300 of 41,843 CVEs
CVE-2026-36234 CRITICAL - 9.8

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.

Vendor: itsourcecode
Product: online_student_enrollment_system
Published: Apr 10, 2026
Source: NVD
CVE-2026-36233 CRITICAL - 9.8

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

Vendor: itsourcecode
Product: online_student_enrollment_system
Published: Apr 10, 2026
Source: NVD
CVE-2026-36232 CRITICAL - 9.8

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization or...

Vendor: itsourcecode
Product: online_student_enrollment_system
Published: Apr 10, 2026
Source: NVD
CVE-2026-31262 MEDIUM - 6.1

Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter

Vendor: altenar
Product: sportsbook
Published: Apr 10, 2026
Source: NVD
CVE-2026-29861 CRITICAL - 9.8

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php.

Published: Apr 10, 2026
Source: NVD
CVE-2026-23782 HIGH - 7.5

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With these exposed secrets, an attacker could invoke privileged API operations, potentially leading to unau...

Published: Apr 10, 2026
Source: NVD
CVE-2026-23780 HIGH - 8.8

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable ar...

Published: Apr 10, 2026
Source: NVD
CVE-2025-44560 CRITICAL - 9.8

owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.

Published: Apr 10, 2026
Source: NVD
CVE-2026-6069 HIGH - 7.5

NASMโ€™s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.

Vendor: nasm
Product: netwide_assembler
Published: Apr 10, 2026
Source: NVD
CVE-2026-6068 MEDIUM - 6.5

NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior...

Vendor: nasm
Product: netwide_assembler
Published: Apr 10, 2026
Source: NVD
CVE-2026-6067 HIGH - 7.5

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and ...

Vendor: nasm
Product: netwide_assembler
Published: Apr 10, 2026
Source: NVD
CVE-2026-40217 HIGH - 8.8

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

Vendor: BerriAI
Product: LiteLLM
Published: Apr 10, 2026
Source: NVD
CVE-2026-33092 HIGH - 7.8

Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before build 42902.

Vendor: Acronis
Product: Acronis True Image OEM, Acronis True Image
Published: Apr 10, 2026
Source: NVD
CVE-2025-5804 HIGH - 7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4.

Published: Apr 10, 2026
Source: NVD
CVE-2025-58920 HIGH - 7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato allows Reflected XSS.This issue affects Cerato: from n/a through 2.2.18.

Vendor: Zootemplate
Product: Cerato
Published: Apr 10, 2026
Source: NVD
CVE-2025-58913 HIGH - 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1.

Vendor: CactusThemes
Product: VideoPro
Published: Apr 10, 2026
Source: NVD

Improper synchronization of the userTokens map in the API server in Canonical Jujuย 4.0.5,ย 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or possibly reuse a single-use discharge token.

Vendor: go
Product: github.com/juju/juju
Published: Apr 10, 2026
Source: NVD
CVE-2026-5412 CRITICAL - 9.9

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This issu...

Vendor: go
Product: github.com/juju/juju
Published: Apr 10, 2026
Source: NVD

This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading ...

Published: Apr 10, 2026
Source: NVD
CVE-2026-39304 HIGH - 7.5

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes th...

Vendor: Apache Software Foundation
Product: Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ
Published: Apr 10, 2026
Source: NVD