Total CVEs

126,186

Critical Severity

2,292

High Severity

7,951

Last 7 Days

1,204
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,681 - 2,700 of 22,591 CVEs
CVE-2026-40338 MEDIUM - 5.2

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 856). The function reads a 2-byte enumeration count N via `dtoh16o(data, *poffset)` without...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-40337 MEDIUM - 5.1

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the __sys_int_* syscall familly. Prior to version 0.4.7, this can lead to Do...

Vendor: camelot-os
Product: sentry-kernel
Published: Apr 18, 2026
Source: NVD
CVE-2026-40336 LOW - 2.4

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884โ€“885). When processing a secondary enumeration list (introduced in 2024+ Sony cameras), the function overwrites dpd->FORM.Enu...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-40335 MEDIUM - 5.2

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622โ€“629). The UINT128 and INT128 cases advance `*offset += 16` without verifying that 16 bytes remain in the buffer. The entry c...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-40334 LOW - 3.5

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the resu...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-40333 MEDIUM - 6.1

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptp_unpack_EOS_events() have xsize available but never pass it, leaving both...

Vendor: gphoto
Product: libgphoto2
Published: Apr 18, 2026
Source: NVD
CVE-2026-2262 HIGH - 7.5

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API endpoint. This is due to the endpoint being registered with `'permission_callback' => ...

Published: Apr 18, 2026
Source: NVD
CVE-2026-5250

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: Apr 17, 2026
Source: NVD
CVE-2026-40481 HIGH - 7.5

monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe signature. A remote unauthenticated attacker can send oversized POST payloads to cause uncontrolled memo...

Vendor: monetr
Product: monetr
Published: Apr 17, 2026
Source: NVD
CVE-2026-2434 MEDIUM - 6.4

The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contr...

Published: Apr 17, 2026
Source: NVD
CVE-2026-5720

miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improp...

Published: Apr 17, 2026
Source: NVD
CVE-2026-40476

graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(nยฒ) pairwise comparisons of fields sharing the same response name. An attacker can send a query with thousands of repeated identical fields, causing excessive CPU ...

Vendor: webonyx
Product: graphql-php
Published: Apr 17, 2026
Source: NVD
CVE-2026-40352 HIGH - 8.8

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-pr...

Vendor: labring
Product: FastGPT
Published: Apr 17, 2026
Source: NVD
CVE-2026-40351 CRITICAL - 9.8

FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object (e.g., {"$ne": ""}) as the password f...

Vendor: labring
Product: FastGPT
Published: Apr 17, 2026
Source: NVD
CVE-2026-40321 HIGH - 8.0

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could include scripts that can target both authenticated and unauthenticated DNN users. The impact is increased...

Vendor: dnnsoftware
Product: Dnn.Platform
Published: Apr 17, 2026
Source: NVD
CVE-2026-40306 MEDIUM - 6.5

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue.

Vendor: dnnsoftware
Product: Dnn.Platform
Published: Apr 17, 2026
Source: NVD
CVE-2026-40305 MEDIUM - 4.3

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2....

Vendor: dnnsoftware
Product: Dnn.Platform
Published: Apr 17, 2026
Source: NVD
CVE-2026-29013

libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malfo...

Vendor: libcoap
Product: libcoap
Published: Apr 17, 2026
Source: NVD
CVE-2026-40931 HIGH - 8.4

Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility. This check verifies if a resolved path string starts with the destination directory string but fail...

Vendor: npm
Product: compressing
Published: Apr 17, 2026
Source: GitHub
CVE-2026-40527 HIGH - 7.8

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

Vendor: radareorg
Product: radare2
Published: Apr 17, 2026
Source: NVD