Total CVEs

140,426

Critical Severity

3,747

High Severity

13,550

Last 7 Days

1,486
Quick preset (or use dates below)
Clear Filters
Showing 6,861 - 6,880 of 13,550 CVEs
CVE-2026-6188 HIGH - 7.3

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and ma...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6187 HIGH - 7.3

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6186 HIGH - 8.8

A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit ha...

Published: Apr 13, 2026
Source: NVD
CVE-2025-69627 HIGH - 8.4

Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated and then freed prematurely, after which the freed pointer is still passed into UI and logging helper f...

Published: Apr 13, 2026
Source: NVD
CVE-2025-69624 HIGH - 7.5

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert(). When app.alert() is called with more than one argument and the first argument evaluates to null (for example, app.alert(app.activeDocs, true) when app.activeDocs is ...

Published: Apr 13, 2026
Source: NVD
CVE-2025-66769 HIGH - 7.5

A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet.

Published: Apr 13, 2026
Source: NVD
CVE-2026-6183 HIGH - 7.3

A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploi...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6182 HIGH - 7.3

A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is public...

Published: Apr 13, 2026
Source: NVD
CVE-2026-33858 HIGH - 8.8

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, whi...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Apr 13, 2026
Source: NVD
CVE-2026-31281 HIGH - 8.0

Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser.

Published: Apr 13, 2026
Source: NVD
CVE-2026-30999 HIGH - 7.5

A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Published: Apr 13, 2026
Source: NVD
CVE-2026-30998 HIGH - 7.5

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file.

Published: Apr 13, 2026
Source: NVD
CVE-2026-30997 HIGH - 7.5

An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Published: Apr 13, 2026
Source: NVD
CVE-2026-1462 HIGH - 8.8

A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables arbitrary attacker-c...

Published: Apr 13, 2026
Source: NVD
CVE-2025-66236 HIGH - 7.5

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airfl...

Vendor: Apache Software Foundation
Product: Apache Airflow
Published: Apr 13, 2026
Source: NVD
CVE-2026-34476 HIGH - 7.1

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue.

Vendor: Apache Software Foundation
Product: Apache SkyWalking MCP
Published: Apr 13, 2026
Source: NVD
CVE-2026-35337 HIGH - 8.8

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject() without any class filtering ...

Vendor: Apache Software Foundation
Product: Apache Storm Client
Published: Apr 13, 2026
Source: NVD
CVE-2026-6168 HIGH - 8.8

A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publ...

Published: Apr 13, 2026
Source: NVD
CVE-2026-6167 HIGH - 7.3

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

Published: Apr 13, 2026
Source: NVD
CVE-2026-6166 HIGH - 7.3

A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE_ID leads to sql injection. The attack may be initiated remotely. The ex...

Published: Apr 13, 2026
Source: NVD