Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,307
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 7,881 - 7,900 of 13,819 CVEs
CVE-2026-3877 MEDIUM - 6.1

A reflected cross-site scripting (XSS) vulnerability in the dashboard search functionality of the VertiGIS FM solution allows attackers to craft a malicious URL, that if visited by an authenticated victim, will execute arbitrary JavaScript in the victim's context. Such a URL could be delivered ...

Vendor: vertigis
Product: fm
Published: Apr 01, 2026
Source: NVD
CVE-2026-34999 MEDIUM - 5.3

OpenViking versions 0.2.5 prior to 0.2.14 contain a missing authentication vulnerability in the bot proxy router that allows remote unauthenticated attackers to access protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints. Attackers can...

Vendor: Volcengine
Product: OpenViking
Published: Apr 01, 2026
Source: NVD
CVE-2026-30522 MEDIUM - 6.5

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from enteri...

Vendor: oretnom23
Product: loan_management_system
Published: Apr 01, 2026
Source: NVD
CVE-2026-25601 MEDIUM - 6.4

A vulnerability was identified in MEPIS RM, an industrial software product developed by Metronik. The application contained a hardcoded cryptographic key within the Mx.Web.ComponentModel.dll component. When the option to store domain passwords was enabled, this key was used to encrypt user passwords...

Vendor: Metronik d.o.o.
Product: MEPIS RM
Published: Apr 01, 2026
Source: NVD
CVE-2026-1879 MEDIUM - 6.3

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the attac...

Published: Apr 01, 2026
Source: NVD
CVE-2024-53828 MEDIUM - 5.3

Ericsson Packet Core Controller (PCC) versions prior to 1.38 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation.

Vendor: Ericsson
Product: Packet Core Controller (PCC)
Published: Apr 01, 2026
Source: NVD
CVE-2026-34889 MEDIUM - 6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4.

Vendor: Brainstorm Force
Product: Ultimate Addons for WPBakery Page Builder
Published: Apr 01, 2026
Source: NVD
CVE-2026-5259 MEDIUM - 6.3

A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/controller/AlarmController.java of the component Alarm Preview. Executing a manipulation can lead to server...

Published: Apr 01, 2026
Source: NVD
CVE-2026-28265 MEDIUM - 4.4

PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files.

Vendor: Dell
Product: PowerStore, PowerStore 500T, PowerStore 1000T, PowerStore 1200T, PowerStore 3000T, PowerStore 3200Q, PowerStore 3200T, PowerStore 5000T, PowerStore 5200Q, PowerStore 5200T, PowerStore 7000T, PowerStore 9000T, PowerStore 9200T
Published: Apr 01, 2026
Source: NVD
CVE-2026-27101 MEDIUM - 4.7

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application version(s) 5.28.00.xx to 5.32.00.xx, contain(s) an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker within the management network could potentially exploi...

Vendor: Dell
Product: Secure Connect Gateway
Published: Apr 01, 2026
Source: NVD
CVE-2026-5255 MEDIUM - 4.3

A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in cross site scripting. The attack may be launched remotely. The exploit is now pub...

Vendor: code-projects
Product: simple_laundry_system
Published: Apr 01, 2026
Source: NVD
CVE-2026-2696 MEDIUM - 5.3

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can b...

Published: Apr 01, 2026
Source: NVD
CVE-2026-5291 MEDIUM - 4.3

Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5287 MEDIUM - 6.3

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5285 MEDIUM - 6.3

Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5280 MEDIUM - 6.3

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5279 MEDIUM - 6.3

Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5276 MEDIUM - 6.5

Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5273 MEDIUM - 6.3

Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5251 MEDIUM - 6.3

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch th...

Published: Apr 01, 2026
Source: NVD