Total CVEs

145,845

Critical Severity

4,280

High Severity

15,756

Last 7 Days

2,243
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,321 - 23,340 of 42,250 CVEs
CVE-2026-35582 HIGH - 8.8

Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without any escaping or input validation. The IN_FILE_ENDING and OUT_FI...

Vendor: maven
Product: gov.nsa.emissary:emissary
Published: Apr 13, 2026
Source: GitHub

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template/v2/template.go where the v2 template engine removes env and expandenv from Sprig's TxtFuncMap()...

Vendor: go
Product: github.com/external-secrets/external-secrets
Published: Apr 13, 2026
Source: GitHub
CVE-2026-34069 MEDIUM - 5.3

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause the RequestMacroChain message handler task to panic. Sending a RequestMacroChain message where the firs...

Vendor: rust
Product: nimiq-consensus
Published: Apr 13, 2026
Source: GitHub
CVE-2026-6231 MEDIUM - 4.3

The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly. The issue may affect applications that rely...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6188 HIGH - 7.3

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and ma...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6187 HIGH - 7.3

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6186 HIGH - 8.8

A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit ha...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6184 LOW - 2.4

A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been made ...

Published: Apr 13, 2026
Source: NVD

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php.

Published: Apr 13, 2026
Source: NVD

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php.

Published: Apr 13, 2026
Source: NVD

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800

Vendor: Pandora FMS
Product: Pandora FMS
Published: Apr 13, 2026
Source: NVD

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800

Vendor: Pandora FMS
Product: Pandora FMS
Published: Apr 13, 2026
Source: NVD

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800

Vendor: Pandora FMS
Product: Pandora FMS
Published: Apr 13, 2026
Source: NVD

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800

Vendor: Pandora FMS
Product: Pandora FMS
Published: Apr 13, 2026
Source: NVD

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800

Vendor: Pandora FMS
Product: Pandora FMS
Published: Apr 13, 2026
Source: NVD

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800

Vendor: Pandora FMS
Product: Pandora FMS
Published: Apr 13, 2026
Source: NVD

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800

Vendor: Pandora FMS
Product: Pandora FMS
Published: Apr 13, 2026
Source: NVD

Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800

Vendor: Pandora FMS
Product: Pandora FMS
Published: Apr 13, 2026
Source: NVD
CVE-2025-69627 HIGH - 8.4

Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper f...

Published: Apr 13, 2026
Source: NVD
CVE-2025-69624 HIGH - 7.5

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is ...

Published: Apr 13, 2026
Source: NVD