Total CVEs

140,426

Critical Severity

3,747

High Severity

13,550

Last 7 Days

1,487
Quick preset (or use dates below)
Clear Filters
Showing 7,741 - 7,760 of 13,550 CVEs
CVE-2026-35099 HIGH - 7.4

Lakeside SysTrack Agent 11 before 11.5.0.15 has a race condition with resultant Local Privilege Escalation to SYSTEM. The fixed versions are 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15.

Vendor: Lakeside Software
Product: SysTrack Agent
Published: Apr 01, 2026
Source: NVD
CVE-2026-30573 HIGH - 7.5

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for...

Vendor: senior-walter
Product: web-based_pharmacy_product_management_system
Published: Apr 01, 2026
Source: NVD
CVE-2026-30292 HIGH - 8.4

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

Published: Apr 01, 2026
Source: NVD
CVE-2026-30291 HIGH - 8.4

An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

Published: Apr 01, 2026
Source: NVD
CVE-2026-5271 HIGH - 7.8

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command (e.g., pip, pytest) from an attacker-controlled directory, a malicious module in that directory ...

Vendor: python
Product: pymanager
Published: Apr 01, 2026
Source: NVD
CVE-2026-35093 HIGH - 8.8

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as ...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Apr 01, 2026
Source: NVD
CVE-2026-35092 HIGH - 7.5

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability sp...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat OpenShift Container Platform 4
Published: Apr 01, 2026
Source: NVD
CVE-2026-35091 HIGH - 8.2

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service ...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat OpenShift Container Platform 4
Published: Apr 01, 2026
Source: NVD
CVE-2026-34430 HIGH - 8.8

ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers ca...

Vendor: Bytedance Inc.
Product: DeerFlow
Published: Apr 01, 2026
Source: NVD
CVE-2026-30289 HIGH - 8.4

An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

Vendor: tinybeans
Product: private_family_album
Published: Apr 01, 2026
Source: NVD
CVE-2026-30287 HIGH - 8.4

An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

Vendor: deepthought.industries
Product: ace_scanner
Published: Apr 01, 2026
Source: NVD
CVE-2026-0522 HIGH - 8.8

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled p...

Vendor: vertigis
Product: fm
Published: Apr 01, 2026
Source: NVD
CVE-2026-22768 HIGH - 7.3

Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor: Dell
Product: AppSync
Published: Apr 01, 2026
Source: NVD
CVE-2026-22767 HIGH - 7.3

Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Vendor: Dell
Product: AppSync
Published: Apr 01, 2026
Source: NVD
CVE-2026-24096 HIGH - 8.8

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information

Vendor: Checkmk GmbH
Product: Checkmk
Published: Apr 01, 2026
Source: NVD
CVE-2026-0932 HIGH - 7.3

Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.

Vendor: m-files
Product: m-files_server
Published: Apr 01, 2026
Source: NVD
CVE-2026-5261 HIGH - 7.3

A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is p...

Published: Apr 01, 2026
Source: NVD
CVE-2026-23411 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that p...

Vendor: Linux
Product: Linux
Published: Apr 01, 2026
Source: NVD
CVE-2026-23410 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata dereference There is a race condition that leads to a use-after-free situation: because the rawdata inodes are not refcounted, an attacker can start open()ing one of the rawdata files, and at the same...

Vendor: Linux
Product: Linux
Published: Apr 01, 2026
Source: NVD
CVE-2026-23408 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of ns_name in aa_replace_profiles() if ns_name is NULL after 1071 error = aa_unpack(udata, &lh, &ns_name); and if ent->ns_name contains an ns_name in 1089 } else if (en...

Vendor: Linux
Product: Linux
Published: Apr 01, 2026
Source: NVD