Total CVEs

145,521

Critical Severity

4,252

High Severity

15,657

Last 7 Days

2,299
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,721 - 23,740 of 41,926 CVEs
CVE-2026-5824 HIGH - 7.3

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly ...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5823 MEDIUM - 6.3

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has ...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5815 HIGH - 8.8

A vulnerability was detected in D-Link DIR-645 1.01/1.02/1.03. Impacted is the function hedwigcgi_main of the file /cgi-bin/hedwig.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. This vulnerability only aff...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5814 HIGH - 7.3

A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been dis...

Published: Apr 09, 2026
Source: NVD
CVE-2026-5813 HIGH - 7.3

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made av...

Published: Apr 08, 2026
Source: NVD
CVE-2026-5812 MEDIUM - 5.4

A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate ...

Published: Apr 08, 2026
Source: NVD
CVE-2026-5811 MEDIUM - 5.4

A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed ...

Published: Apr 08, 2026
Source: NVD
CVE-2026-5173 HIGH - 8.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke unintended server-side methods through websocket connections due to improper access control.

Published: Apr 08, 2026
Source: NVD
CVE-2026-4916 LOW - 2.7

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization che...

Published: Apr 08, 2026
Source: NVD

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Apr 08, 2026
Source: NVD
CVE-2026-4332 MEDIUM - 5.4

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers d...

Published: Apr 08, 2026
Source: NVD

A reflected cross-site scripting vulnerability exists in Sonatype Nexus Repository versions 3.0.0 through 3.90.2 that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted URL. Exploitation requires user interaction.

Published: Apr 08, 2026
Source: NVD

A vulnerability in the task management component of Sonatype Nexus Repository versions 3.22.1 through 3.90.2 allows an authenticated attacker with task creation permissions to execute arbitrary code, bypassing the nexus.scripts.allowCreation security control.

Published: Apr 08, 2026
Source: NVD
CVE-2026-2619 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to inco...

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2026-2104 MEDIUM - 4.3

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks.

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2026-1752 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in the ...

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2026-1516 MEDIUM - 5.7

GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content.

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2026-1101 MEDIUM - 6.5

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries.

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2026-1092 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads.

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD
CVE-2025-9484 MEDIUM - 4.3

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries.

Vendor: gitlab
Product: gitlab
Published: Apr 08, 2026
Source: NVD