Total CVEs

145,845

Critical Severity

4,280

High Severity

15,756

Last 7 Days

2,243
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,341 - 23,360 of 42,250 CVEs
CVE-2025-66769 HIGH - 7.5

A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet.

Published: Apr 13, 2026
Source: NVD
CVE-2025-63743 MEDIUM - 5.4

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScri...

Published: Apr 13, 2026
Source: NVD
CVE-2025-31991 MEDIUM - 6.8

Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit.ย  This vulnerability is fixed in 5.1.7.

Vendor: HCLSoftware
Product: Velocity
Published: Apr 13, 2026
Source: NVD
CVE-2026-6183 HIGH - 7.3

A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploi...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6182 HIGH - 7.3

A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is public...

Published: Apr 13, 2026
Source: NVD

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php

Published: Apr 13, 2026
Source: NVD

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.

Published: Apr 13, 2026
Source: NVD

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.

Published: Apr 13, 2026
Source: NVD

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php.

Published: Apr 13, 2026
Source: NVD

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.

Published: Apr 13, 2026
Source: NVD
CVE-2026-33858 HIGH - 8.8

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, whi...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Apr 13, 2026
Source: NVD
CVE-2026-31283 CRITICAL - 9.8

In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack.

Published: Apr 13, 2026
Source: NVD
CVE-2026-31282 CRITICAL - 9.8

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack.

Published: Apr 13, 2026
Source: NVD
CVE-2026-31281 HIGH - 8.0

Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser.

Published: Apr 13, 2026
Source: NVD
CVE-2026-30999 HIGH - 7.5

A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Published: Apr 13, 2026
Source: NVD
CVE-2026-30998 HIGH - 7.5

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.

Published: Apr 13, 2026
Source: NVD
CVE-2026-30997 HIGH - 7.5

An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Published: Apr 13, 2026
Source: NVD
CVE-2026-29628 MEDIUM - 6.2

A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service (DoS) via supplying a crafted .mtl file.

Published: Apr 13, 2026
Source: NVD
CVE-2026-1462 HIGH - 8.8

A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables arbitrary attacker-c...

Published: Apr 13, 2026
Source: NVD
CVE-2025-66236 HIGH - 7.5

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airfl...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Apr 13, 2026
Source: NVD