Total CVEs

140,426

Critical Severity

3,747

High Severity

13,550

Last 7 Days

1,487
Quick preset (or use dates below)
Clear Filters
Showing 7,761 - 7,780 of 13,550 CVEs
CVE-2026-23407 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verify_dfa() The verify_dfa() function only checks DEFAULT_TABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential en...

Vendor: Linux
Product: Linux
Published: Apr 01, 2026
Source: NVD
CVE-2026-23406 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with *str++, the string pointer advances ...

Vendor: Linux
Product: Linux
Published: Apr 01, 2026
Source: NVD
CVE-2026-5258 HIGH - 7.3

A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the function _get_file of the file iopaint/file_manager/file_manager.py of the component File Manager. Performing a manipulation of the argument filename results in path traversal. The attack is possible to be carried out remotely. The ...

Published: Apr 01, 2026
Source: NVD
CVE-2026-4748 HIGH - 7.5

A regression in the way hashes were calculated caused rules containing the address range syntax (x.x.x.x - y.y.y.y) that only differ in the address range(s) involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed using the address[/m...

Vendor: freebsd
Product: freebsd
Published: Apr 01, 2026
Source: NVD
CVE-2026-5257 HIGH - 7.3

A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit ha...

Vendor: code-projects
Product: simple_laundry_system
Published: Apr 01, 2026
Source: NVD
CVE-2026-5256 HIGH - 7.3

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has been ...

Vendor: code-projects
Product: simple_laundry_system
Published: Apr 01, 2026
Source: NVD
CVE-2026-5292 HIGH - 8.8

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5286 HIGH - 8.8

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5284 HIGH - 7.5

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5283 HIGH - 7.4

Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5282 HIGH - 8.1

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5281 HIGH - 8.8

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5278 HIGH - 8.8

Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5277 HIGH - 7.5

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5275 HIGH - 8.8

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5274 HIGH - 8.8

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5272 HIGH - 8.8

Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-4947 HIGH - 7.1

Addressed a potential insecure direct object reference (IDOR) vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially leadi...

Published: Apr 01, 2026
Source: NVD
CVE-2026-3780 HIGH - 7.3

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the l...

Published: Apr 01, 2026
Source: NVD
CVE-2026-3779 HIGH - 7.8

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution.

Published: Apr 01, 2026
Source: NVD