Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,297
Quick preset (or use dates below)
Clear Filters
Showing 7,901 - 7,920 of 13,708 CVEs
CVE-2026-30292 HIGH - 8.4

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

Published: Apr 01, 2026
Source: NVD
CVE-2026-30291 HIGH - 8.4

An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

Published: Apr 01, 2026
Source: NVD
CVE-2026-5271 HIGH - 7.8

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command (e.g., pip, pytest) from an attacker-controlled directory, a malicious module in that directory ...

Vendor: python
Product: pymanager
Published: Apr 01, 2026
Source: NVD
CVE-2026-35093 HIGH - 8.8

A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as ...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Apr 01, 2026
Source: NVD
CVE-2026-35092 HIGH - 7.5

A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability sp...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat OpenShift Container Platform 4
Published: Apr 01, 2026
Source: NVD
CVE-2026-35091 HIGH - 8.2

A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service ...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat OpenShift Container Platform 4
Published: Apr 01, 2026
Source: NVD
CVE-2026-34430 HIGH - 8.8

ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers ca...

Vendor: Bytedance Inc.
Product: DeerFlow
Published: Apr 01, 2026
Source: NVD
CVE-2026-30289 HIGH - 8.4

An arbitrary file overwrite vulnerability in Tinybeans Private Family Album App v5.9.5-prod allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

Vendor: tinybeans
Product: private_family_album
Published: Apr 01, 2026
Source: NVD
CVE-2026-30287 HIGH - 8.4

An arbitrary file overwrite vulnerability in Deep Thought Industries ACE Scanner PDF Scanner v1.4.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.

Vendor: deepthought.industries
Product: ace_scanner
Published: Apr 01, 2026
Source: NVD
CVE-2026-0522 HIGH - 8.8

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled p...

Vendor: vertigis
Product: fm
Published: Apr 01, 2026
Source: NVD
CVE-2026-22768 HIGH - 7.3

Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.

Vendor: Dell
Product: AppSync
Published: Apr 01, 2026
Source: NVD
CVE-2026-22767 HIGH - 7.3

Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering.

Vendor: Dell
Product: AppSync
Published: Apr 01, 2026
Source: NVD
CVE-2026-24096 HIGH - 8.8

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information

Vendor: Checkmk GmbH
Product: Checkmk
Published: Apr 01, 2026
Source: NVD
CVE-2026-0932 HIGH - 7.3

Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the server to send HTTP GET requests to arbitrary URLs.

Vendor: m-files
Product: m-files_server
Published: Apr 01, 2026
Source: NVD
CVE-2026-5261 HIGH - 7.3

A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is p...

Published: Apr 01, 2026
Source: NVD
CVE-2026-23411 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to i_private data on its end after removing the original entry from the file system. However the inode can aand does live beyond that p...

Vendor: Linux
Product: Linux
Published: Apr 01, 2026
Source: NVD
CVE-2026-23410 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race on rawdata dereference There is a race condition that leads to a use-after-free situation: because the rawdata inodes are not refcounted, an attacker can start open()ing one of the rawdata files, and at the same...

Vendor: Linux
Product: Linux
Published: Apr 01, 2026
Source: NVD
CVE-2026-23408 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix double free of ns_name in aa_replace_profiles() if ns_name is NULL after 1071 error = aa_unpack(udata, &lh, &ns_name); and if ent->ns_name contains an ns_name in 1089 } else if (en...

Vendor: Linux
Product: Linux
Published: Apr 01, 2026
Source: NVD
CVE-2026-23407 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix missing bounds check on DEFAULT table in verify_dfa() The verify_dfa() function only checks DEFAULT_TABLE bounds when the state is not differentially encoded. When the verification loop traverses the differential en...

Vendor: Linux
Product: Linux
Published: Apr 01, 2026
Source: NVD
CVE-2026-23406 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix side-effect bug in match_char() macro usage The match_char() macro evaluates its character parameter multiple times when traversing differential encoding chains. When invoked with *str++, the string pointer advances ...

Vendor: Linux
Product: Linux
Published: Apr 01, 2026
Source: NVD