Total CVEs

145,743

Critical Severity

4,268

High Severity

15,733

Last 7 Days

2,276
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 24,461 - 24,480 of 42,148 CVEs
CVE-2026-34371 MEDIUM - 6.3

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences (fo...

Vendor: danny-avila
Product: LibreChat
Published: Apr 07, 2026
Source: NVD
CVE-2026-34079 HIGH - 7.5

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the...

Vendor: flatpak
Product: flatpak
Published: Apr 07, 2026
Source: NVD

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This gives apps access to ...

Vendor: flatpak
Product: flatpak
Published: Apr 07, 2026
Source: NVD
CVE-2026-31790 HIGH - 7.5

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which...

Vendor: OpenSSL
Product: OpenSSL
Published: Apr 07, 2026
Source: NVD

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker ca...

Vendor: OpenSSL
Product: OpenSSL
Published: Apr 07, 2026
Source: NVD
CVE-2026-28390 HIGH - 7.5

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial ...

Vendor: OpenSSL
Product: OpenSSL
Published: Apr 07, 2026
Source: NVD
CVE-2026-28389 HIGH - 7.5

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of S...

Vendor: OpenSSL
Product: OpenSSL
Published: Apr 07, 2026
Source: NVD
CVE-2026-28388 HIGH - 7.5

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application. ...

Vendor: OpenSSL
Product: OpenSSL
Published: Apr 07, 2026
Source: NVD

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequences...

Vendor: OpenSSL
Product: OpenSSL
Published: Apr 07, 2026
Source: NVD
CVE-2026-28386 CRITICAL - 9.1

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for ...

Vendor: OpenSSL
Product: OpenSSL
Published: Apr 07, 2026
Source: NVD

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an update_event key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-priv...

Vendor: jhuckaby
Product: Cronicle
Published: Apr 07, 2026
Source: NVD

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with create_events and run_events privileges can inject arbitrary JavaScript through job output fields (html.content, html.title, table.header, table.rows, table.caption). The serv...

Vendor: jhuckaby
Product: Cronicle
Published: Apr 07, 2026
Source: NVD
CVE-2026-39397 CRITICAL - 9.4

@delmaredigital/payload-puck is a PayloadCMS plugin for integrating Puck visual page builder. Prior to 0.6.23, all /api/puck/* CRUD endpoint handlers registered by createPuckPlugin() called Payload's local API with the default overrideAccess: true, bypassing all collection-level access control....

Vendor: delmaredigital
Product: payload-puck
Published: Apr 07, 2026
Source: NVD
CVE-2026-35533 HIGH - 7.7

mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted and ...

Vendor: jdx
Product: mise
Published: Apr 07, 2026
Source: NVD
CVE-2026-34080 MEDIUM - 5.5

xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' (with a space before the equals sign) and similar case...

Vendor: flatpak
Product: xdg-dbus-proxy
Published: Apr 07, 2026
Source: NVD
CVE-2026-34045 HIGH - 8.2

Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limi...

Vendor: podman-desktop
Product: podman-desktop
Published: Apr 07, 2026
Source: NVD
CVE-2026-32712 MEDIUM - 5.4

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Daily Sales management table. The customer_name column is configured with escape: false in the bootstrap-tabl...

Vendor: opensourcepos
Product: opensourcepos
Published: Apr 07, 2026
Source: NVD
CVE-2026-29181 HIGH - 7.5

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across values. This allows an attacker to amplify cpu and allocations by sending many baggage: header lines, e...

Vendor: open-telemetry
Product: opentelemetry-go
Published: Apr 07, 2026
Source: NVD

Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling (e.g., when an invalid magic code is submitted). Transmitting per...

Vendor: makeplane
Product: plane
Published: Apr 07, 2026
Source: NVD
CVE-2026-5741 HIGH - 7.3

A weakness has been identified in suvarchal docker-mcp-server up to 0.1.0. The impacted element is the function stop_container/remove_container/pull_image of the file src/index.ts of the component HTTP Interface. This manipulation causes os command injection. The attack is possible to be carried out...

Published: Apr 07, 2026
Source: NVD