Total CVEs

145,438

Critical Severity

4,245

High Severity

15,631

Last 7 Days

2,408
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 23,301 - 23,320 of 41,843 CVEs

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()` function calculates the data size in bytes by left shifting `common->data_size_from_cmnd` by the...

Vendor: Linux
Product: Linux
Published: Apr 10, 2026
Source: NVD
CVE-2026-6057 CRITICAL - 9.8

FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.

Published: Apr 10, 2026
Source: NVD
CVE-2026-4162 HIGH - 7.1

The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and ...

Published: Apr 10, 2026
Source: NVD
CVE-2021-47961 HIGH - 8.1

A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when comb...

Vendor: Synology
Product: Synology SSL VPN Client
Published: Apr 10, 2026
Source: NVD
CVE-2021-47960 MEDIUM - 6.5

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, ...

Vendor: Synology
Product: Synology SSL VPN Client
Published: Apr 10, 2026
Source: NVD
CVE-2026-6042 LOW - 3.3

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix thi...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6038 HIGH - 7.3

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCH_ID leads to sql injection. The attack may be performed from remote. The exploit is publicl...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6037 HIGH - 7.3

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6036 HIGH - 7.3

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. The exploit has been...

Published: Apr 10, 2026
Source: NVD

Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name parameter due to insufficient sanitization of the service description value.

Vendor: Checkmk GmbH
Product: Checkmk
Published: Apr 10, 2026
Source: NVD

Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via a crafted service description.

Vendor: Checkmk GmbH
Product: Checkmk
Published: Apr 10, 2026
Source: NVD

Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in search filter plugins.

Vendor: Checkmk GmbH
Product: Checkmk
Published: Apr 10, 2026
Source: NVD
CVE-2026-6035 MEDIUM - 4.3

A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation of the argument BRANCH_ID leads to cross site scripting. Remote exploitation of the attack is ...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6034 MEDIUM - 4.3

A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCH_ID can lead to cross site scripting. The attack may be launched remotely. The exploit ...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6033 MEDIUM - 6.3

A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly ...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6032 MEDIUM - 4.3

A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made pub...

Published: Apr 10, 2026
Source: NVD
CVE-2026-6031 HIGH - 7.3

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publi...

Published: Apr 10, 2026
Source: NVD
CVE-2026-5525 MEDIUM - 6.0

A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trailing backslash, the application appends a backslash and null terminator without proper bounds checkin...

Published: Apr 10, 2026
Source: NVD
CVE-2026-40212 MEDIUM - 5.4

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

Vendor: OpenStack
Product: Skyline
Published: Apr 10, 2026
Source: NVD
CVE-2026-22750 HIGH - 7.5

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway ...

Vendor: VMware
Product: Spring Cloud Gateway
Published: Apr 10, 2026
Source: NVD