Total CVEs

145,595

Critical Severity

4,259

High Severity

15,683

Last 7 Days

2,271
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,981 - 24,000 of 42,000 CVEs
CVE-2025-50649 HIGH - 7.5

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint.

Vendor: dlink
Product: di-8003_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2025-50648 HIGH - 7.5

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint.

Vendor: dlink
Product: di-8003_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2025-50647 HIGH - 7.5

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint.

Vendor: dlink
Product: di-8003_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2025-50646 HIGH - 7.5

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint.

Vendor: dlink
Product: di-8003_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2025-50645 HIGH - 7.5

A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow co...

Vendor: dlink
Product: di-8003_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2025-50644 HIGH - 7.5

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint.

Vendor: dlink
Product: di-8003_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2025-30650 MEDIUM - 6.7

Aย Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved as root. This issue affects systems running Junos OS using Linux-based line cards. Affected line...

Vendor: Juniper Networks
Product: Junos OS
Published: Apr 08, 2026
Source: NVD
CVE-2026-33756 HIGH - 7.5

Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a JSON array but wasn't enforcing any upper limit on the number of operations. This allowed an un...

Vendor: saleor
Product: saleor
Published: Apr 08, 2026
Source: NVD
CVE-2026-33466 HIGH - 8.1

Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed arc...

Vendor: Elastic
Product: Logstash
Published: Apr 08, 2026
Source: NVD
CVE-2026-33459 MEDIUM - 6.5

Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent ...

Vendor: Elastic
Product: Kibana
Published: Apr 08, 2026
Source: NVD
CVE-2026-33458 MEDIUM - 6.3

Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restrictions in the Workflows Execution Engine, potentially exposing sensitive internal endpoints and data.

Vendor: Elastic
Product: Kibana
Published: Apr 08, 2026
Source: NVD
CVE-2026-32591 MEDIUM - 5.2

A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An at...

Vendor: Red Hat
Product: mirror registry for Red Hat OpenShift, mirror registry for Red Hat OpenShift 2, Red Hat Quay 3
Published: Apr 08, 2026
Source: NVD
CVE-2026-32590 HIGH - 7.1

A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.

Vendor: Red Hat
Product: mirror registry for Red Hat OpenShift, mirror registry for Red Hat OpenShift 2, Red Hat Quay 3
Published: Apr 08, 2026
Source: NVD
CVE-2026-32589 HIGH - 7.1

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to r...

Vendor: Red Hat
Product: mirror registry for Red Hat OpenShift, mirror registry for Red Hat OpenShift 2, Red Hat Quay 3
Published: Apr 08, 2026
Source: NVD
CVE-2025-52222 HIGH - 7.5

D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_h...

Vendor: dlink
Product: di-8100_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2025-52221 HIGH - 7.5

Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters.

Vendor: tenda
Product: ac6_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2025-45059 HIGH - 7.5

D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Vendor: dlink
Product: di-8300_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2025-45058 HIGH - 7.5

D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Vendor: dlink
Product: di-8300_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2025-45057 HIGH - 7.5

D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Vendor: dlink
Product: di-8300_firmware
Published: Apr 08, 2026
Source: NVD
CVE-2026-27806 HIGH - 7.8

Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it directly into a Tcl/expect script executed via exec.Command("expect", "-c&...

Vendor: go
Product: github.com/fleetdm/fleet/v4
Published: Apr 08, 2026
Source: GitHub